Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
Modifies Installed Components in the registry
Sets file execution options in registry
Registers COM server for autorun
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Installs/modifies Browser Helper Object
Drops desktop.ini file(s)
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Opens file in notepad (likely ransom note)
Modifies registry class
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-04 03:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 03:43
Reported
2024-06-04 04:00
Platform
win10v2004-20240508-en
Max time kernel
695s
Max time network
771s
Command Line
Signatures
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6EADE66-0000-0000-484E-7E8A45000000} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrServicesUpdater.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zD06E12EC\Uninst.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| N/A | N/A | C:\Windows\Installer\MSIE722.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | N/A |
| N/A | N/A | C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe | N/A |
| N/A | N/A | C:\Windows\Temp\ose00000.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E178-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D8-1B13-11D0-887F-00A0C90F2744}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EC04D82C-AA59-4ba4-96B1-27BE3FF05E00}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E101-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E169-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A1EB89D6-0A9C-4575-A0AE-654A990A454C}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02373-B5BC-11CF-810F-00A0C9030074}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475F}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F1-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00024500-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E174-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E185-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E187-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{64654B35-A024-4807-89D3-C6FDB5A260C7}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A2-0366-4F5C-9434-25CF162E475E}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D8-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020818-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02375-B5BC-11CF-810F-00A0C9030074}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8A683C92-BA84-11CF-8110-00A0C9030074}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209FF-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00024500-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\7zD06E12EC\Uninst.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E119-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D7-1B13-11D0-887F-00A0C90F2744}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020820-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5CEF5610-713D-11CE-80C9-00AA00611080}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC67E480-C3CB-49F8-8232-60B0C2056C8E}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F0-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F4-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BE39F3D6-1B13-11D0-887F-00A0C90F2744}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA936B63-AC8B-11D1-B6E5-00A0C90F2744}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8D4F994C-EBBE-4F8D-BA4B-AE20CD36E72D}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F2-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F5-0000-0000-C000-000000000046}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE}\InProcServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59191DA1-EA47-11CE-A51F-00AA0061507F}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\windows\explorer.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Elevation.tmp | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | \??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-focus_32.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef-win.css | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\duplicate.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\it-it\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\selector.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-tw\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\open_original_form.gif | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\Close2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\core_icons_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\wa\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\bell_empty.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\desktop.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\bn\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PPKLite.api | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-2x.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sv-se\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ko\ | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\chrome_elf.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ko-kr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_nl_135x40.svg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag_retina.png | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\combine_poster.jpg | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nb-no\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\selector.js | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ui-strings.js | C:\Windows\syswow64\MsiExec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\pubpol28.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\9HUVEQYVN7\Microsoft.Office.Tools.Excel.Implementation.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CP1250.TXT2 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDA03.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\Updater.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_d.x3d | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\reflow.api_NON_OPT | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\JFNXWSMNQI\Microsoft.Office.interop.access.dao.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6DD0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\HDKTKTMTWZ\Microsoft.Office.Interop.Word.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\2NE8M8XS83\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\displaylanguagenames.en_ca.t | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\V9HLBKIZCQ\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrocef.exe.15EE1C08_ED51_465D_B6F3_FB152B1CC435 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\eBook.api | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\IBW1PJFOGY\Policy.12.0.Microsoft.Vbe.Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\IA32.api | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\a3dutils.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\pubpol46.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI99D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\AdobePDF417.pmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\logsession.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly\temp\NY5GU1ERAN\Policy.11.0.Microsoft.Office.Interop.PowerPoint.config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\pubpol43.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngennicupdatelock.dat | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE0F0.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BD57A9B2-4E7D-4892-9107-9F4106472DA4} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Windows\System32\Taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\552_Status = "started" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|0" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|7" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.7 = 696e675365727669636548656c706572456e64476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572436865636b5065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e67496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572426567696e5365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e6756657273696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e4261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b737461676550616765436f6e74726f6c55736572437265617465436f6e74726f6c557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224e617669676174696f6e5461736b496e766f6b655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b496e766f6b654f6e52656164466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f7053686172696e675c22203a207b205c224576656e74735c22203a207b205c22436f6c6c616250616e6555736572536574436f6c6c616250616e654d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572436c69636b53686172696e674c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572497343757272656e74446f63456e746572707269736550726f7465637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7473536861726564576974684d6552657175657374446f63756d656e7473536861726564576974684d654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d654964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473466f724661696c757265735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486973746f727955585c22203a207b205c224576656e74735c22203a207b205c224163746976697479506167654d616e6167657252656769737465725669736962696c697479436f6e74726f6c6c65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224275734261724f70656e4c6f63616c56657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f72496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f7252657475726e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243437369446f63756d656e74537461746545787465726e616c556e7265676973746572446f63756d656e744c697374656e65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243486973746f727941637469766974696573466163746f727952656672657368416674657252656e616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f62616c744163746976697469657346696c6556657273696f6e4c697374557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243536f61704461746150726f7669646572496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f7279506167654372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765526573746f726556657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f72795061676553656c65637456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616e654e6f6e436c69636b61626c654974656d53656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c41637469766974696573426567696e526566726573685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6666696365436f6c6c61624163746976697479436f6d6d616e644d534f446f63756d656e7450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74436865636b4f757446696c65546f4c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c65486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c6553686f775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225759574143616c6c6f757453686f7743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f757450726573656e7443616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e41637469766974794765744c6173745669657754696d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747946696e6443757272656e74557365724c6f67696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f7574436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f77536d616c6c53637265656e435759574143616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275416461707465725c22203a207b205c224576656e74735c22203a207b205c224872416464446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e745061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22487252656d6f7665506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22417070446f63735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745c22203a207b205c225375624e616d657370616365735c22203a207b205c2241637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6173744f70656e6564446f63756d656e744d657461646174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e446f6354656d706c617465536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225361766550726f6d707448656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e74436861745c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e63496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e6352657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e745374617465496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e74537461746552657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655265747279496e6e65724c6f6f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f61646361737465725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e6755495c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f6c6c616250616e65557365725c22203a207b205c224576656e74735c22203a207b205c22536861726550616e65436f6d706c657465446973706c61795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253686172654469616c6f675c22203a207b205c224576656e74735c22203a207b205c224e61766967617465546f5765624469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e6441734174746163686d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c224544505c22203a207b205c224576656e74735c22203a207b205c22506f6c6963794d657461646174615c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c225369746573536572766963654170695c22203a207b205c224576656e74735c22203a207b205c22526571756573744173796e635c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265616446726f6d43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e44796e616d696343616e766173222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224f7574537061636543616e7661735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2250726f677265737355695c22203a207b205c224576656e74735c22203a207b205c22556e6578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2243616e7661735c22203a207b205c225375624e616d657370616365735c22203a207b205c225765624469616c6f675c22203a207b205c225375624e616d657370616365735c22203a207b205c2242726f777365724576656e7448616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4c6f616465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224e617669676174696f6e48616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4e61766967617465645c22203a207b205c224576656e74466c61675c2220 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "0018400E3FB4E05F" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65645461626c654d616e616765722e536561726368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e536f72744f626a4d616e6167656d656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e57696e333244657669636543616e617279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.4 = 5622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4372634261736564556964222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e44697361626c65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c6a612c7a6822207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e43726974697175652e4c6f67496e7465726e616c4e616d65416e645072696f72697479222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e456469746f72536572766963652e557365496e737472756d656e746174696f6e417069222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4765726d616e456e744469736162696c69747942696173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4e6f7277656769616e426f6b6d61616c456e746572707269736547726f757031222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f72744865647769675558222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772617068496d706f7274496e73657274416c6c4f626a6563747356696577222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e47726170686963732e4368616e6765476174652e5570646174655461626c65426f756e6473466f72547970696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4967782e456e7375726545326f4d6f6e696b65724166746572456e7375726545326f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4e6577456e737572655549444c6f676963222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4f6666696365496e7369646572526567697374726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e416c6c6f7746696e6450656f706c655573616765496e41744d656e74696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4175746f436f6d706c6574652e46696e6450656f706c65537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5043582e4669784e6f6e526566436f756e7465644d736f506572736f6e6173222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e4261636b67726f756e64576f726b436f6e74726f6c6c6572427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e427567466978466f7241744d656e74696f6e734d6f6e69746f72696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e427567466978466f7250686f746f41637469766974794c6f6767696e6752656d6f76616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e436f6e746163744361726456324f766572666c6f774d656e7573506861736532222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e46696e6450656f706c655573616765456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e497350656f706c655365617263684578656375746f72456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e506378417072696c323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784665627275617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a616e75617279323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784a756e65323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063782e557365506378436f6e74616374496e666f4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378417072696c323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6d6d6f6e436f6d70617265427567466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e746163744361726444706941776172656e6573734275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e506378436f6e7461637443617264466f6e74486569676874444450494275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784a756e65323031374275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784d61726368323031384275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5063784f63746f626572323031364275676669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e436f6e7461637453656172636849676e6f72657353796d626f6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e50637848616e646c65734175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50656f706c655365617263682e526563697069656e744175746f436f6d706c657465537570706f7274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e50726f6f66696e672e4175746f4d616e616765722e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e536d6172744c696e6b732e416c6c6f775265636f676e697a65536d6172744c696e6b73496e7369646550617261677261706873222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e54686573617572757350616e652e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e456e61626c65466c6f6f6467617465537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e5472616e736c61746f722e466c6f6f646761746553757276657944656c6179222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e46574153686f756c64426c6f636b53656c4368616e67656446616c73654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e53656e6445646974466c6167546f4e6f4572726f724576656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e576f72642e57726974696e67417373697374616e63654372697469717565466f724347415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e57726974696e67417373697374616e636555492e50616e652e46697857726f6e67436c6f73654c6f676963222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e436f6c6f72466f6e74537570706f7274456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e46696c6556657273696f6e696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e48696464656e466f6e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e4f4172745465787456616c696461746552616e6765564544222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e416c6c6f774475706c696361746555696d557064617465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e52696368456469742e436f7079506173746548544d4c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e536861726564546578742e5472616e7363726962652e436f6e666967436865636b44697361626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e417269614d617854656172646f776e55706c6f616454696d65496e536563222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d657472792e566f6c756d65547261636b696e674d61784576656e7473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4169725370616365222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224261636b656e645c22203a207b205c224576656e74735c22203a207b205c224c61796572486f7374496e697469616c697a6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706f7369746f7253657373696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2257696e33325c22203a207b205c225375624e616d657370616365735c22203a207b205c224c65676163795c22203a207b205c224576656e74735c22203a207b205c22416e696d6174696f6e50657263656e74556e64657233304650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416e696d6174696f6e4176674650535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726f737357696e54496d654f6646697273744672616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224176657261676550726573656e74735065725365636f6e645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4368617274696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436861727445326f4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436861727445326f536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617274696e67456e644c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e436c69636b546f52756e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225363656e6172696f5c22203a207b205c224576656e74735c22203a207b205c22446f72695461736b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225570646174655461736b557064617465646574656374696f6e325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b557064617465636c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b46756c6c7265706169725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265706169725461736b52656d6f7665696e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b436f6e6669677572656c696768745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c69656e747570646174655461736b436c69656e74646f776e6c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b53747265616d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c5461736b437265617465776f726b696e67636f6e66696775726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174655461736b55706461746566696e616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74735c22203a207b205c225461736b4c61737452756e4865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e6976657273616c426f6f7473747261707065725c22203a207b205c224576656e74735c22203a207b205c224170706c69636174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c656374456d6265646465645369676e61747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616c63756c617465506172616d65746572735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436c69656e744361624d616e616765725c22203a207b205c224576656e74735c22203a207b205c225461736b557064617465436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b436c69656e74446f776e6c6f6164446f457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253747265616d4361625c22203a207b205c224576656e74735c22203a207b205c22446f776e6c6f616453747265616d4361625c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225472616e73706f72745c22203a207b205c225375624e616d657370616365735c22203a207b205c224578706572696d656e74616c5472616e73706f72745c22203a207b205c224576656e74735c22203a207b205c22436162735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c224576656e74466c61675c22203a20323536207d207d207d2c205c225472616e73616374696f6e616c46696c654f7065726174696f6e735c22203a207b205c224576656e74735c22203a207b205c224170706c794368616e6765735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457865637574655472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225472616e73706f72745c | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|12" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1717516553" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\552_ExitCode = "0" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|8" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 4d736f536572766572496e666f476574536572766572496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794872476574447270436f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794d736f4872426567696e4d6f646966794472705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c2253 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0 = 4d736f3a3a436865636b73756d52656769737472793a3a446174617c75696e7436345f747c2d3534353432353134393237353538393736353b456373436f6e666967526573706f6e7365446174617c7b202256657222203a2022696e7433325f747c30222c2022436f6e6649647322203a20227374643a3a77737472696e677c502d522d313039383135382d312d352c502d522d37363735372d312d322c502d522d35343930332d312d332c502d522d32363134362d372d31372c502d442d32393633352d312d312c502d442d32373038372d312d392c502d522d37393638382d312d332c502d522d35333533322d312d352c502d522d35313433362d312d362c502d522d35313432372d31382d31322c502d522d34303436342d31382d392c502d582d39383531382d362d392c502d522d33383339302d31382d32312c626c6f636b6564677261706869637361646170746572353a3437353839392c502d522d33353039392d322d342c502d522d36313430382d31382d332c502d522d35353734362d322d352c502d522d35333531322d312d342c502d522d34363937342d31382d31382c502d522d33383935332d312d31312c502d522d33363535312d31382d31382c502d522d37313431342d312d362c502d522d34303235332d362d31392c502d522d34303235342d362d31382c502d522d33353430312d362d372c502d522d33323130372d32322d32322c502d522d33393134362d31342d31352c502d522d33393134372d31342d32302c502d522d32383534362d362d31312c502d522d32383136352d362d32382c502d522d32343938302d382d34382c502d522d32343339302d352d31322c502d522d31383237392d322d36352c502d442d33343230302d342d352c502d522d35313134352d322d372c502d522d32393932382d322d32302c502d522d36373933322d312d342c502d522d36373230312d312d342c502d522d36343534352d312d342c502d522d36343033352d312d342c502d522d35333531352d31382d392c502d522d35333238302d312d362c502d522d35323234372d312d352c502d522d35313935382d312d352c502d522d35313834322d312d352c502d522d35313237372d322d362c502d522d34373435312d31382d32302c502d522d34353931392d31382d31392c502d522d34353038352d31382d31322c502d522d34313434322d31382d31382c502d522d33383038352d31322d392c502d522d31383734342d362d32322c502d442d33343233392d312d362c502d522d313033343136392d31302d372c502d452d32383637372d322d332c502d522d35353132322d382d382c502d522d35303235352d31302d392c502d522d34343930372d312d392c502d522d34353331342d31302d31362c502d522d34343936352d322d362c502d582d313234303832332d312d332c502d452d33383233312d322d342c502d522d313234353636322d31352d342c502d522d39343536302d31342d31322c502d522d39343138392d31342d31332c502d522d39333838322d31342d32362c502d522d35343732382d31362d32332c502d522d35343639382d31362d31362c502d522d35343635382d31382d31392c502d522d33383330362d31382d332c502d522d33353731372d352d33302c502d522d33343031392d342d332c77696e333264657669636563616e6172793a3534313438332c77696e333264657669636563616e6172793a3534313438332c502d582d35333834352d312d392c502d582d35333737322d312d332c502d582d35313739302d312d332c502d452d34323730302d322d342c502d522d313032353233322d32342d392c502d522d37313335382d312d342c502d522d37303934312d312d342c502d522d36393036352d312d332c502d522d36373136302d312d372c502d522d35393738312d312d342c502d522d35353633312d312d342c502d522d35343231352d312d342c502d522d35333735312d312d342c502d522d35333735322d312d342c502d522d35333532362d312d342c502d522d35323131302d312d342c502d522d34393736352d31352d33322c502d522d34383831382d31372d32352c502d522d35303637392d312d342c502d522d35303438362d31382d31322c502d522d34343833302d31382d31332c502d522d34393431362d342d31342c502d522d34383435372d322d362c502d522d34373937342d31362d31382c502d522d34363534342d31382d31312c502d522d34353630392d31342d362c502d522d34353139372d322d362c502d522d34343034362d31382d31312c502d522d34343031352d31382d32302c502d522d34333732332d322d362c502d522d34313734322d31382d33322c502d522d34303938302d31382d31362c502d522d34303335392d322d31302c502d522d33393032392d352d31382c502d522d33383833352d31382d34382c502d522d33373637362d31382d34362c502d522d33363331302d342d352c502d522d33353934352d31302d352c502d522d33353136352d322d372c502d522d33353134332d342d342c502d522d33333535332d342d362c502d522d33333533362d31322d31332c502d522d32393830392d312d372c502d522d32363936382d332d392c66697365723139303a3337373730342c686170707930333137323032302d313a36313937372c686170707930323036323032302d303a32383432382c502d522d35333534352d342d352c502d522d35303731312d31382d31312c502d522d34393733362d362d32322c502d522d34383436372d31382d31382c502d522d33323130362d372d33332c502d522d33303038352d312d392c502d522d32393133382d33382d38332c502d522d32393331352d33362d36392c502d522d32353030392d312d382c502d522d32343336332d312d31332c502d522d32313633312d31302d36342c502d522d31393839382d312d32322c502d522d31393831342d312d36322c502d522d31393031322d312d35372c502d582d313031353535342d322d352c502d582d35303232302d312d332c502d582d34393733302d312d332c502d522d36393334372d312d352c502d522d36343537342d312d342c502d522d35343131362d312d342c502d522d35333538352d31382d31382c502d522d35323539342d31382d352c502d522d35323338362d312d342c502d522d35303938302d322d342c502d522d35303933382d312d342c502d522d35303135322d31382d32302c502d522d34393137352d31382d32322c502d522d34373236302d31382d32332c502d522d34343135362d31382d32362c502d522d34333238342d31382d31392c502d522d34333238352d31322d32322c502d522d34323438322d312d342c502d522d34303939302d31322d31352c502d522d33393333332d31382d32382c502d522d33353433392d31322d32312c502d522d33333231352d31382d31392c502d522d33313335322d31322d32352c502d442d33343236392d322d352c6772736b6934353563663a3537383535342c67727573653438383a3537303335382c677269636f3430363a31393737372c502d522d34393833302d31382d31352c502d522d34303538362d31382d32372c502d522d33323939362d31382d32342c502d442d34303331362d392d352c502d522d35303432392d31382d382c502d522d36353239352d31382d33302c502d522d36313836312d312d342c502d522d36313733372d312d342c502d522d35313737372d31382d382c502d522d35303932302d312d362c502d522d35303336362d31382d31392c502d522d33353938352d31342d32332c502d522d33353839312d31382d352c502d522d33323030342d322d352c502d522d36383333362d322d342c502d522d36373238362d322d362c502d522d35313531332d322d342c502d522d37393936332d312d322c502d522d35323034332d312d332c502d522d35313736342d312d342c502d522d34393338382d322d362c502d522d34383333352d342d31362c502d522d34373330382d332d392c502d522d34323339322d322d342c502d522d33393037332d312d352c502d522d313132333337362d31302d31302c502d522d313030393835352d31322d31342c502d522d39383835362d31382d34382c502d522d34333438392d33302d31332c502d522d33383431302d31322d32332c502d582d313031393538312d312d332c502d582d313030363137342d312d352c502d522d36363433362d312d342c502d522d36323837332d312d342c502d522d35313039372d312d352c502d522d35303730362d31382d372c502d522d35303035352d31382d372c502d522d34393331352d31382d352c502d522d34323636302d31382d33352c502d522d33363634392d382d392c6f656d69633633393a3339373735332c6f65616c6c3834333a3337353838372c502d522d34323337392d322d332c502d522d34323337382d322d332c502d522d36363533392d312d342c502d522d36363533382d312d342c502d522d36353237382d312d342c502d522d36353237392d312d342c502d522d35393138302d312d342c502d522d34383037302d312d352c502d522d34373338362d312d342c502d522d35353334322d322d322c502d522d35333337372d322d362c502d522d35323438312d322d352c502d522d34393735392d322d382c502d522d34363130302d32302d392c502d522d33383531302d322d31302c502d522d33373535302d32302d31332c502d522d33323138362d4332372d32392c502d522d35383133352d322d342c502d522d35363631382d312d332c502d522d35363032372d312d342c502d522d36313731382d31382d332c502d522d34363134352d31382d31382c502d522d33333839322d312d382c502d522d33333639362d312d352c502d522d35353734392d312d342c502d522d35333636322d312d342c502d522d35323234362d312d342c502d522d35323234352d312d342c502d522d35323233382d312d352c502d522d34333634342d362d31332c502d522d33393931322d312d322c502d522d33393238332d342d31302c502d522d35303338302d31382d31382c502d522d35303337392d31382d31372c502d522d36383134362d312d352c502d522d36333430392d312d352c502d522d35303534322d31382d31342c502d522d35303530302d31382d31362c502d522d34383336352d31382d32342c502d522d34383136312d31382d33322c502d522d34363539372d312d342c502d522d33333733372d312d342c502d452d32393636322d43312d332c502d522d32393330332d322d32302c502d522d35363635342d322d342c502d522d35333235362d322d31312c502d522d35313730332d312d352c502d522d35303133332d322d392c502d522d34373234322d31382d31312c502d522d34363431302d312d352c502d522d34353535302d4331372d34362c502d522d34353439302d31362d392c502d522d34343838352d31382d32302c502d522d34323531322d312d332c502d522d34303136392d382d31332c502d522d33393730302d322d372c502d522d33323134332d352d31382c502d522d33373331332d31382d32322c502d522d33363636342d342d342c502d522d33353437362d322d352c502d522d33353430372d342d332c502d522d33353233372d31342d31312c502d522d33353135302d322d342c502d522d33353132392d322d342c502d522d33353035362d342d352c502d522d33343838392d382d342c502d522d33343034342d322d342c502d522d33333731382d362d352c502d522d33333435392d312d352c502d522d33303239322d342d372c502d522d32383634342d312d342c502d522d32343033372d312d372c502d522d32333434352d332d372c502d522d32333433342d332d372c502d522d32333430332d332d382c502d522d31383531332d312d33302c502d442d33343639392d342d342c502d442d33343639372d322d342c502d442d33343637352d312d342c502d442d33343637332d312d342c502d442d33343635342d312d342c502d442d33343538372d332d352c502d442d33343236362d312d342c502d442d33343236322d312d352c502d442d33343236302d312d352c502d442d33343235382d322d352c502d442d33323436352d312d352c502d442d33323435392d322d342c502d442d33323435382d352d342c502d582d313038333432372d322d352c502d522d36393532392d312d352c502d522d36353031312d312d332c502d522d35333632322d31382d342c502d522d35303534312d322d372c502d522d34393839332d32322d392c502d522d33363933322d322d31332c6a683861623434373a3338303633332c502d522d36393233322d31382d31332c502d522d32333638312d322d372c502d442d33323530322d322d332c502d442d33323530312d322d332c502d442d33323431352d322d332c502d522d36343531332d31382d31312c502d522d35313931362d38342d33312c502d522d313236373038342d322d352c502d522d313235383738342d312d332c502d522d313234353239362d342d362c502d522d313233363935332d322d342c502d522d313137353739332d312d332c502d522d313135373537302d322d342c502d522d313133323832312d322d342c502d522d313131393031332d312d332c502d522d313039383739362d312d332c502d522d313039343434352d312d332c502d522d313038303431322d312d332c502d522d313036393736392d322d342c502d522d313036383131352d312d332c502d522d313034353131382d322d342c502d522d32353236392d31342d32312c502d522d313034343430382d312d332c502d522d313034343134312d372d392c502d522d313033373838372d312d332c502d522d313033373837392d312d332c502d522d313033363239332d312d332c502d522d313033363239322d312d332c502d522d313033363238392d322d342c502d522d313033363238382d312d332c502d522d313033363036382d322d342c502d522d313033353933332d322d342c502d522d313033353134392d322d342c502d522d313033333831372d312d332c502d522d313032383136382d312d332c502d522d313030393731372d332d352c502d522d313030303036312d322d342c502d522d3131373534382d322d342c502d522d3131313638322d312d332c502d522d3130353733312d33362d33382c502d522d3130343433352d31332d31352c502d522d3130303239342d312d332c502d522d39393633332d312d332c502d522d39383932392d322d342c502d522d39383235302d312d332c502d522d39343239392d312d332c502d522d39333037372d312d332c502d522d38363131382d312d332c502d522d38303531372d372d392c502d522d37383131322d342d362c502d522d37373134302d322d342c502d522d37363931382d322d342c502d522d37363732312d312d332c502d522d37353434302d322d342c502d522d37333637362d312d332c502d522d37323434392d372d31302c502d522d37323033302d342d362c502d522d36383036392d322d342c502d522d36363937352d312d332c502d522d36353536372d312d332c502d522d36323231322d322d342c502d522d36303630322d332d352c502d522d35323633332d312d332c502d522d35323137312d322d342c502d522d35323031312d322d342c502d522d35313932312d382d31302c502d522d35313235382d382d31302c502d522d35303735322d322d342c502d522d35303638312d322d342c502d522d35303539392d342d362c502d522d35303539362d342d382c502d522d35303535332d312d332c502d522d34393539372d332d352c502d522d34393435382d322d342c502d522d34383533302d372d392c502d522d34373934382d312d342c502d522d34363538302d332d352c502d522d34363438342d31302d31322c502d522d34363132322d312d332c502d522d34353835382d322d342c502d522d34333936362d322d342c502d522d34333530322d31392d32312c502d522d33383234382d31392d32332c502d522d34313433302d312d332c502d522d34303735312d382d31302c502d522d34303237332d342d362c502d522d33393233382d352d372c502d522d33383638322d332d352c502d522d33373538382d322d342c502d522d33343335352d382d31302c502d522d32363236362d342d392c502d522d32363833342d332d382c502d522d32343636322d31362d32322c502d522d32373437392d362d31312c502d522d32363035362d372d31352c502d522d32373030362d372d31322c502d522d33303333382d332d372c502d522d33303137382d37392d38312c502d522d33303035332d382d31302c502d522d32373435382d312d352c502d522d32353832322d31362d31392c502d522d32353038332d362d392c502d522d32343639302d34322d34362c502d522d32343638392d322d352c502d522d32343636362d322d352c502d522d32343636332d362d31312c502d522d32343635392d372d31302c502d522d32333734342d372d392c502d522d32333733392d372d392c502d522d32333733362d31342d31372c502d522d32333733342d372d392c502d522d32333733302d32312d32342c502d522d32333732332d31302d31322c502d442d33323538382d312d332c502d442d33323533342d312d332c502d442d33323532342d312d332c502d442d33323531382d312d332c502d442d33323531322d312d332c502d442d33323530392d312d332c502d442d33323438352d312d342c502d442d33323438342d312d342c502d442d33323430352d312d332c502d522d313038373134312d342d372c502d522d34393136302d31322d31322c502d522d34373630312d31382d31332c502d522d34363833342d31322d31342c502d522d34363230322d31382d31312c502d522d34343031382d31382d31332c502d522d34333335352d31382d31322c502d522d33353333372d31362d372c502d522d33333931362d312d352c502d522d33333538302d382d392c502d582d3131373430302d312d332c502d522d35393137352d31382d342c502d522d35333239322d31342d31302c502d522d34393133302d31382d32332c502d522d34363931332d31382d382c502d522d33373434392d31382d31352c75786d656469756d69636f6e6c756d696e616e63653a3335333435352c502d522d34383534392d31382d31312c502d522d31393236322d312d31322c502d452d34343737342d322d392c502d522d34343836392d31362d31362c502d522d33333931382d312d31312c502d522d313132383633302d312d372c502d522d313039383431322d312d352c502d522d313039313236372d312d35302c502d522d38313732302d312d322c502d522d35383430362d312d352c502d442d35303639372d322d342c502d442d32393731392d312d312c502d442d32393731382d312d312c502d442d32393539332d312d36222c2022434322203a20227374643a3a77737472696e677c4742222c2022446566436f6e667322203a20227374643a3a77737472696e677c6f6673683663326231746c61316133312c6f666372756934797664756c626633312c6f6668706578336a7a6e65706f6f3331222c202245787054696d6522203a2022696e7436345f747c31373137353136353533222c20224554616722203a20227374643a3a77737472696e677c5c226731516f736e77716d484853492b48483555507a45664351767766334b372f5a4d4d51652b7850786a71383d5c22222c202246434d617022203a205b207b | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.8 = 3a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457863656c222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f617574685c22203a207b205c224576656e74735c22203a207b205c224f70656e46696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d2c205c22457865637574654d65726765496e7374616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224b69636b4f6666517569636b536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22586c53796e6353746174654368616e67654c697374656e65724f6e53796e6353746174654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f63734765744f70496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f7365576f726b626f6f6b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224261636b67726f756e6451756575655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e526573706f6e736552656365697665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f70464275696c644765745265766973696f6e526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536b697070656443686743656c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243717532674872446f456e74657243656c6c466d6c61584c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d207d207d2c205c22496e6672615c22203a207b205c224576656e74735c22203a207b205c224164644c6f63616c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6d6d616e645c22203a207b205c224576656e74735c22203a207b205c2252656672657368416c6c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526566457874446174615c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2243616c635c22203a207b205c224576656e74735c22203a207b205c224669784d616e75616c43616c634f6e4c6f61645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4578706572696d656e746174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224564676546657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164696e67466972737453657373696f6e43616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744665617475726573466f72534458556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224142436f6e66696754726561746d656e7454797065556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457874656e736962696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22446973636f7665725472794275795c22203a207b205c225375624e616d657370616365735c22203a207b205c2250795c22203a207b205c224576656e74735c22203a207b205c2253657276657244726976656e4e6f74696669636174696f6e55736572416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c224f66666963654a735c22203a207b205c224576656e74735c22203a207b205c22417070436f6d6d616e64446566696e6974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070496e697469616c697a6174696f6e585c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225363726970744c6f6164585c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436174616c6f675c22203a207b205c224576656e74735c22203a207b205c2245786368616e67654765744c617374557064617465325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547279446973636f76657245777355726c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e67654765744c6173745570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254727948616e646c6541757468656e7469636174696f6e526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e6765476574456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e67654765744d616e6966657374735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e676552656672657368457874656e73696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241757468656e7469636174696f6e526963684170695c22203a207b205c224576656e74735c22203a207b205c22476574416363657373546f6b656e56324261636b67726f756e645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e56324d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22496e7374616c6c65725c22203a207b205c225375624e616d657370616365735c22203a207b205c225461736b456e67696e655c22203a207b205c224576656e74735c22203a207b205c224765744368616e676564536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744368616e676564536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5363686564756c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b526567697374726174696f6e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b537563636573735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b496e46696e616c697a655374617465457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b536574496e7374616c6c5374617475734572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676541707078457874726163746f725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b53657276696365526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b446573747275637465644265666f7265436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b436f6d706c6574656446657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b496e7374616c6c6564417070735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b4170704665746368446f6e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676553617665725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578705061636b616765526567697374726174696f6e496e666f5461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b616765536f6c7574696f6e49445570646174655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578747261637446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245787472616374466f6f747072696e7446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b52756e4e657874457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f73664d616e696665737456616c696461746f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c476574436f6e66696755726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b4c6f63616c65556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b5061636b616765556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253636176656e6765725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e4661696c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d61696e5c22203a207b205c224576656e74735c22203a207b205c225344584261636b67726f756e645461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c65725374617274436f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744e6f74434f4d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c5363686564756c655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c53687574646f776e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737454696d656f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737453657276696365556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225061636b61676541707078457874726163746f725461736b5061636b616765496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253616e64626f785c22203a207b205c224576656e74735c22203a207b205c22506f73744f7366436f6e74726f6c4d6573736167655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445041637469766174696f6e48616e67696e675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253616e64626f784372656174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225365744f4d546f6b656e4f6e54726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657454726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445053686f775461736b70616e65436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654f7366436f6e74726f6c56325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656c6f6164416c6c4f7366436f6e74726f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727452656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727453616e64626f7865735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746172744f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22417070436f6d6d616e64735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5847656e657261746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070436d6450726f6a656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865446573657269616c697a6546726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436163686553657269616c697a65546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22457773526566726573685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786563757465416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e4f454d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e7374616c6c4d616e696665737452656164795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d696e43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224d69734d61746368696e67526962626f6e4964656e74697479496e666f5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072657061726553686f775461736b7061 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018400E3FB4E05F = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000006593b1f73f4ea9459072eed77602f22d00000000020000000000106600000001000020000000d883ba1dd03d2d5afbdd357b7fc6ec99bc50d9f29611292ed9a34ff6c03cba31000000000e8000000002000020000000828d88b9e3e3907fc24d8e5bd5a80ab158318d8508a2f97616814de585736fab80000000c6df80d7d3ec91d1679ac3ca5168262942da8100c63ae26fd753190e9a653cf7fd4fbe0151619a59007876718b11c8ef6b41fd77bba898f33d36f573f6296c2180f118ab03dd3d502d807914a31f857850764982475e1169792c0c7d65849c72899feaf9b863a0ba204195917f5a3c90052dffda7eb75f79fd28c89c7a050cef400000004658dac643e688ad39272baf6ba8cdf410293e84d37de7be123dc04da3288c3cd331514816c609484b8a7f62bb19a134abdd270f7b9b8aefe5eb02b4570b47ab | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAEIZPmYLMPXDj/QaxDwVkAZXgANvG96iH4M6rSIqKrMTlTLxdiNYTjrnAvUjTpgYLURfwCE30VyMJTkZJRiy+44JqMXdOUlYMlnPk1SeiPAco0ngwvAWyVZU/A0WtU2eXLzmCRtxgamiBRVSKyV5WqjfSCSy9Arkpot/5piNCsZ5J0oSHZ1UHviI/PAkyGHAWIFa6gahi136B18HfkHgLZwjN0285FhOt8f0mlG/KYD92NtPVV6oDyPGVO5weGPGvFkkMFLJFRMDFgkRaSWzxPC04aFTZgB316VQWYPgwKXH5qqslajzNQGsUvnzVQCjML7XgHwE=&p=" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|3" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619464270107972" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|10" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|11" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.13 = 726b506172616d65746572697a6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e5a65726f417373697374616e6365526573756c7473456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e4973506572736f6e6150726f66696c65504358456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e52656d6f76654d53414148616e646c6572466f7254657874426f78222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5465616368696e6743616c6c6f757454696d654f6e53637265656e54656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5468656d696e672e5573654d656469756d4c756d696e616e63655468726573686f6c64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f72427573426172456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f725465616368696e6743616c6c6f7574456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e566973696f2e484f50657266496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e57686174734e65772e454353446174614c6f61646564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d31304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314742416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d35304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d354d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d5265616c6c79426967416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e456e61626c655061747465726e73496e41746e74786e64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e52616973655569614175746f436f72726563744576656e7457697468456e74697265576f7264222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d617022203a207b2022464347726f75704d61705f3122203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657231222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333230323b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657232222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838323936373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657233222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333231313b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657234222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373934313932373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657235222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383732353732343238343635343239363b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b6564477261706869637341646170746572436f756e74222c20225622203a2022696e7433325f747c3522207d205d2c2022464347726f75704d61705f3222203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e476c6f62616c5265736f75726365496e666f4361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c644d69677261746546726f6d4f72617069222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d61705f3322203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e437a656368456e746572707269736547726f757032222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4f7074696f6e4f766572726964652e6373222c20225622203a20227374643a3a77737472696e677c4772616d6d617220616e6420726566696e656d656e74733a3a53657875616c206f7269656e746174696f6e20626961733d3022207d205d2c2022464347726f75704d61705f3422203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e42697a426172222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173426f6f742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173446f63756d656e7452656164792d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173466c6f6f64676174652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6963656e73696e674469616c6f6752656e65772d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c4f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c53617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f444253617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e6544726976654f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e65447269766553617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163654f70656e2d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163655361766541732d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d466c6f6f6447617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d496e41707050757263686173652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f75745370616365222c20225622203a2022626f6f6c7c3022207d205d207d207d | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|2" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Printers\DevModes2 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb010000006593b1f73f4ea9459072eed77602f22d00000000020000000000106600000001000020000000cfb36b6976bbaa579357bd49457cdaeb989dee9b05aa67360b703f1fa53302e8000000000e8000000002000020000000174e16110cad0afa80251f178f6b3dd8250fdfe074cf7c5665a8f1e3538c3858f00300004d51cb0d720908f8c3e54dde5a52b9c4a3dbd944c0ac1611d48fffa169d2a7fc5519b44e00aa037055ad631668234975ffe4adc0b13835f9a4e2991b513f62e7b477f14415ad9280a6bb8312290f30a6dab7e79a047ae4b2f57ff1fdebd1a1e20920eed0c1a9f2dc18667f609dc79638385393dfda9857de87313a96134580e1528cb51189ece03df5332a8de98e245d522f655b07a47749f13b3fe5e4e6a1c0456b45d08435e7a8d2bee1ba8d30654623ec76afac8b8b8cc4f67ee674162113ea1ace18affbaf4696975bb9fee4bf867c6feb314da945ec2238a166657925393f7a6906b1d4d61c0536d2184180d04848f01185f9d9691c8187d37a2bf898e180a2bfd04b9c82bc64b955a3d9dfcfc05bc87a9bf94bf93708d3d99e281f966fb580edc324a4cd39351e26650a70a309ec4d0b885d03ca84cbbdf6b119b5fa44d77a17803908e3629a1ddb4da578e7112d3c1ff0c03bc7d9335a0376161137b61f1e92498a62a1c89d589406d3315b62450dc5955ae615290056c4039f30d8ee7509aa801859d9e8950b974271b03901b255c0ad57e7f8878e14dd2065da764ccce376d80bcc6f5366af6bbc40c5a326831e3d44d17a4fd5f82558a69121a6317fa3e8797738b3652a424eaf747e84e8241dff22922c1eadc4d6787cbdb83d60118dea0d3faff0a332d08962b7b4e0a198e38c913fd4f639ff0ca5c7670d32a00aaff29c7ec41d3ad897f113e20a4bffab862a9be99b386942fde1e382e3e74b3fd7e2a8edd5371e6c0c78448064b81b14b9e6e4ea4869684689657c73ff348941accebcfdc76fa4f0876cc2b858e73eb0e6729a0d8bda6a48b4c7ba073090ce715b2ba79ad3e0c2ae5588d7c61ec51aeca7fe774a03ca94ccea8407794c5e778928b0ad1c3c94d6edb5110293f1e894ee87863cad267e1b6ca2496436904fe1fef90a401e8b060c2c023810816453c831fc7fb0371f76cb117ae915d6c29de2daead941abce1f0164aa34bc782037bfbb016ce3a011933aee7796be2c2b0b008c11eb40e88e5e0085a9563d5174536524d048a8c9807b82971b19766451a57dcd76a80bea1e33fb95e549e811e6240559f1f6f15b708383e1c7e6149b6fb85b7ccf767ccd6a08c44725847bf4e5dd8cc0cbfde344fce8f71ea907f3603772e0655ee9f3c3fcf5bb4d4aff08a1fe1d8fe3aa5005b0de0d78d489926b42ec2dd43c676c7b46d4204fd61806dca8efbb8d9ae49c7cb91941a2b3101ee0d6ad7b7add2e91ebf50d3f9bc188872fd9dd7ae8fc835099baa27f37873df7ff0f9746eb6bfef8555ceb2b832904cc2f019e2e1402f86fb9a5327f60eab464814bf4bc42dd10fcd2adde1ef20bb0d4329b1761443edc9c1c134622942b62f565739a129aa43143a939afe85dbae65cd26d1eb8cb400000009451a4ed5c2542db27d6db7270b5950b8080bdd43350fb65f847e877a5f32a44093fc73743807e84923222cafc0eed8eae4cc5381e62f8ec9ff846da58e4b1b7 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor\ULSTagIds0 = "18679566,5804129,7202269,23978014,39965824,7692557,5850525,34198423,41484365,17962391,17962392" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.wpl\shell\PlayWithVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mkv | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.xesc\shell\Open\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B5DEF5A1-FFB6-4E68-B3D8-A12AC60FDA54} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\MiscStatus | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.FDFDoc\shell\Open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE\shell\edit\command | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SharePoint.DragUploadCtl.1 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.vsx\shellex\{00021500-0000-0000-C000-000000000046} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D6BC5A8F-AC32-33AB-BB5B-3182853280EA}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}\InprocServer32\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91493448-5A91-11CF-8700-00AA0060263B}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mov\shell\Open | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AcroExch.acrobatsecuritysettings.1\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{769ADDEF-E3D4-3EEF-B2B4-8F5B21BD06C6} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EFC9437E-3A57-487C-8471-9151D2FC1832} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{A2F09029-B553-4824-91EA-DBB749E79B16} | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Search.OneIndexHandler.2\CLSID | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D5662DFD-B471-3E11-865D-F0177E687E3D}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{5C417FBE-DCBA-3E9B-811D-42D0C974E938}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F1-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.asf\shell\PlayWithVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\PDXFileType\shell\Read | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F}\Version | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{42523715-E8FE-3006-AF59-C32B6923D696}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8625CD1C-B19C-3ECB-8A29-2E12449FE6CA}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.evo\shell\AddToPlaylistVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.flv | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.thp\shell | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\EnableFullPage\.vstx | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\Programmable | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{AAE363E2-3D91-4B0C-9021-EFDA0ACBD858} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B65AD801-ABAF-11D0-BB8B-00A0C90F2744}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\InprocServer32 | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DD79733B-5E46-49C9-8400-6BCF316EC79E}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0A4D5556-FEDB-329E-8EEE-04AB37C53B94}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A37BBB42-E8C1-4E09-B9CA-F009CE620C08}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mod | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2D719729-5333-406C-BF12-8DE787FD65E3}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3BE786A0-0366-4F5C-9434-25CF162E475E}\ExtendedErrors | C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{00983AAB-CA07-437D-9415-154DAD6918F0} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6840CE86-6CE5-3724-8961-31802690E713}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{ADCCC866-851D-3A05-84DA-CF5B18A4658E}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.adts\shell\Open | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.wvx\ = "WMP11.AssocFile.WVX" | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.Bluray\shell\Open | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{02DFD4F0-EA2B-11CE-8043-00AA006009FA}\11.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{28F0103E-1D08-431E-8CDD-5554D008BBC3}\15.0.0.0 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F281-98B5-11CF-BB82-00AA00BDCE0B} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{367E582C-F71C-4BF9-AA1B-9F62B793E9C5}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mid\shell\AddToPlaylistVLC\command | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mkv\shell\AddToPlaylistVLC | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.m3u\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205CA31A0E45600\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.DVDMovie | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\System32\osk.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad38ab58,0x7ff8ad38ab68,0x7ff8ad38ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2768 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2776 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1932,i,15659333658566299455,13163396751208347246,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {4fc57b9a-85e0-4650-971581cab57c5ce6}
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\7zD06E12EC\Uninst.exe
C:\Users\Admin\AppData\Local\Temp\7zD06E12EC\Uninst.exe /N /D="C:\Program Files\7-Zip\"
C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files (x86)\Mozilla Maintenance Service\
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall
C:\Program Files\VideoLAN\VLC\uninstall.exe
"C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Windows\system32\regsvr32.exe
/s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E73C7AF146C64EBEDD157F0CDE2CCE5E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding F7783A839997DE423FFCC50C49444453 E Global\MSI0000
C:\Windows\Installer\MSIE722.tmp
"C:\Windows\Installer\MSIE722.tmp" /b 3 120 0
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" ClearToasts
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"
\??\c:\Windows\syswow64\MsiExec.exe
c:\Windows\syswow64\MsiExec.exe -Embedding 8B62258C692EBFFDDF44958326A9DF61 E Global\MSI0000
\??\c:\Windows\System32\MsiExec.exe
c:\Windows\System32\MsiExec.exe -Embedding 9C1D832758FE2597C4CE713051BDA780 E Global\MSI0000
C:\Windows\System32\osk.exe
"C:\Windows\System32\osk.exe"
C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe
"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp
C:\Windows\Temp\ose00000.exe
"C:\Windows\Temp\ose00000.exe" -standalone
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x3dc
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild
\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
\??\c:\Windows\System32\MsiExec.exe
c:\Windows\System32\MsiExec.exe -Embedding 47A73A9969F4B4FB9EF0554722D6DD6B E Global\MSI0000
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"
C:\Windows\system32\schtasks.exe
schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"
C:\windows\explorer.exe
"C:\windows\explorer.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3ef9055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3de9db3558d223f50fc503553ea3657 |
| SHA1 | c44b5a9dc294122015cefe9a02ec64e11d4289f5 |
| SHA256 | e20018c7484342931d58d6661e3a1fde68cf87e7f09e8a0dbed273785ed9a598 |
| SHA512 | 2967122df3a4cc347cae3d5776338217a19e3e7c593046a6b4e619d49bae2d9ad2787344111708bd0bab5a41ae780333a4cc650f05da8c153131d86c8c0e2073 |
\??\pipe\crashpad_1384_SDUTWIIBOMMCALBN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1cd14fe13b9b4e2fcbc030c7a95e577f |
| SHA1 | 8ca57c4072c146529d86afc8bb4d17040e41558e |
| SHA256 | f5f2e0b9783995ebf8c47f42a91b518bcfa37dc6abac927f6aecc5674689bad3 |
| SHA512 | ae802076259b5a9f1264c2b5135e15223019bca8872c65fd42895dcfb7c990cc2240fc99fd76ee6f8e91c4f736e598dadad9c9207f956701f07236a8f1ee563e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97f2ed168c1e9cc7e0dab4614704c78d |
| SHA1 | 322bfa3afe44938e1e49b97c82bb90518d35653c |
| SHA256 | 9e74d5cacd9bb345664069cf2b8ab96b342128607243b1b37c38783f79ec89b7 |
| SHA512 | 4c841dd029f9bae0f16b2b53e4792685a9d7e6178744d0f6634fc9dde7950b279cf67b66e24234f4ec07e06966cc4346029263c28398fe3ce31fcf91dbb00d5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7bec9d90ada0cca95618a9d0f703ca80 |
| SHA1 | cddefa132ec3d0f9de1a8b2d431246dace2bd8e2 |
| SHA256 | 88004efd418fd7f3a4599e47f4d224edbfc8fe37a6fb8704013ca8ef1819b2f0 |
| SHA512 | 1573b45da2bb3c46064d0bb5dfe2bb293b9672ecf975842fe2b2a993b7656f5a78fd445d0eb1d5bc01e71d50eaa27f619c79d5921184ad809b7a20cade2e8569 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4e54ecf9caf0bb02f1e3801318a988b |
| SHA1 | 0a043c11410c9db7032932c28c05a66ad903f804 |
| SHA256 | fafccba272d3102bfb388d913ba9747d057366f30f2ba9d97ab40d4899b0f8d9 |
| SHA512 | 0a592da6363625a4be2500967afb8a49ffff7af221b34c59542306f3669ad37d7076a379a3b0d2a3b20a9883ef8965052c7e04bf7f05e09286e78ffbe5e2d2b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 122d96c158e5a5fda7c951e9912e9cbb |
| SHA1 | 43c30a30f573ed4afaa4a25922af22838c5f2980 |
| SHA256 | 735110683f032d09fdbe994f281c6a71997cf28390e3debd5ef36a18fa439861 |
| SHA512 | 2d5ef99a7e839dd5c9f5d3dd4ee98094fd3525ac26eed75d91f88fa840413e5b200250a2c7ef3e9532e3d4c20511b6520b1a3610a04d9184efccc317cdd2a2a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | defded1d7de63d946ef66859ca9d8ef2 |
| SHA1 | 3bdcd0c041cbbbd70f6f5e44c67f2ad5b8950a0f |
| SHA256 | 4e9ca52d329919de10ff1589ccd1d34467b9bcafe5287f81e8611df44d05f5e3 |
| SHA512 | a70912fb13c609bb4e8c85a58d70af2b21b64995f5d63cb0e0a1317094eab09be8c7e77fd1fd2a201fe924c72fafef71a93c25485640befa19d00489eb5674aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ddfda1e3634b5e60b7b04460af560417 |
| SHA1 | 73d1d98b4a4cc097797283a691b183b50db95abd |
| SHA256 | beb068bec9794aea05e346702bf261ff7b4539deb765c51f91f28f4007f92860 |
| SHA512 | d26a2a7dac42e740e7f1844579a22ec28a395d8b84f34ff36665a04f58bdbe67b09117dfed559568a112d5ea888765486bfd9b072bc37e2a9cecbe001ae51872 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\Desktop\BlockDeny.ttc
| MD5 | bd9d7a71ef6a66dbe8e1c41b855eda29 |
| SHA1 | aa048d03358f167e00af30bc4b2df3ba1f37ca4b |
| SHA256 | 5a8f2a47eac924cde4467ea71317a4e1e9ed07f193f9ccf573e5880ca300eeb8 |
| SHA512 | 4d270bf82f453c78bc13e217fd1854803291c0ba76099ff568b9ae2b0f7709c920a4663d5d399f4a02c5f7f637fec30fd09aae3dd27b1c74b7eec9a7cb3cb0f9 |
C:\Users\Admin\Desktop\CloseAssert.vbs
| MD5 | e0c3aa9a8653614407e85e6ad2af280f |
| SHA1 | 3729968c4fadaf44510b4a2989a5c646446c0fea |
| SHA256 | a2508a0a36e29449a3ad22c4d75e9942cc0d08aa1b2b941a68272d62ea7ffa4a |
| SHA512 | 14f937141862fb1597c1ca0f08db7bf05315c748ab18209ea8f226256e1ce34ee26af6e226642bdc84d33f34eec7c58fecd4fbbf6bbb8e40c1a7f05539ed0f97 |
C:\Users\Admin\Desktop\DisableExpand.lnk
| MD5 | 7f88593dbaa465d17eb98c6370969566 |
| SHA1 | 3ac3f92457a416ee5879df92fe001b0d6cf09aec |
| SHA256 | 536e621947b6002ccbb5f116f7e9394c04135c4a8e120905a464ff5dde3093d3 |
| SHA512 | 2cb793b4440725edfa7770e203424a5d91c90b2b09a6e03ec21550cdd53792847c37e234f68599f6589e593b8318c3e54fcfffdf2a5231130c1a961f87737b20 |
C:\Users\Admin\Desktop\DisconnectResolve.mp3
| MD5 | 371b1766f3b36ee93f25bdc55a570c18 |
| SHA1 | f797a31afb61341db453a666eea4b1434c3c8e95 |
| SHA256 | f30c4b63ffec288b50ffa8b1f6d52cd617c549d3f9433c7340b6b79441400b4e |
| SHA512 | 02a2c23a50a45e5feaa85a7acbc63d58fbf222844dd7012030582caf90d8db258cdae2be0ad44729fbd0035053f199b22e5397bdac48b5e253ab50d84844581b |
C:\Users\Admin\Desktop\DisconnectUninstall.shtml
| MD5 | f51dc1f36aa64f18c0873cb748b033b8 |
| SHA1 | e31269448404c1e82c04361d576f993a37af7c5c |
| SHA256 | 191f8eb6d484b2be7e2b26ab3eacbb5e68770f805e02a6d7e1b2ef78eb78a6e5 |
| SHA512 | 51bdd3bb1dd5ed2af601e9aa399e785833217d572fd9d814945139313471ac3853a7b7c21da75aff2286fe412d6c047069af72d87bd4732c1cd8d08c43b2dca8 |
C:\Users\Admin\Desktop\EditConfirm.vdx
| MD5 | 4ced8a45caaa2abcc5d943601d22843e |
| SHA1 | 8cc1b74978f48826155eb37b0817103b600fa6f9 |
| SHA256 | 2d28f9849801de357821d91bf49a27311d153047fbb8820693d3a4135e1e7234 |
| SHA512 | 49a19932e604e546cacf9bc06ad375092e4858b735a721bd2c8865077789fdbdf403511459a7201bd8c38693b2e76f02a1f0c6b6e7e9f298005aa2027074675d |
C:\Users\Admin\Desktop\EditWrite.ico
| MD5 | 26453635719364263cbdcb8842c92ae1 |
| SHA1 | 27e6c811b5e87abca101bd1442436c8e9c910bb5 |
| SHA256 | 7f3e700e3eab385cae09bd65bad880879f5ff6279659ea8e2005e8b1fbf9e2cd |
| SHA512 | 8db4fc0891285f14142f3f186bcbfc717340886a9a1527ab5152f1073476a65423d0cb160f5bfe68cf07be63de48b9204807c94d9cbb4db7ea966fd1f6f4ee5c |
C:\Users\Admin\Desktop\OutUndo.vsdx
| MD5 | 71ca61c829c1fd6bb946d609a0bf42c9 |
| SHA1 | ad283d60df2504c480af28e981e40bd2bbbd1288 |
| SHA256 | ca4241b71ac2fb5d245a1c159aa6f85a8af73446dc1857bd1c4540594f9ea3e3 |
| SHA512 | 43ce3b1e8d86b38ab0fec923472fae8f315c79eba2d859c243b848817f4e9ad8d48ff3359fbfa5b601281ab89e7523b00947b8f206b45d8065b5741cdddefc03 |
C:\Users\Admin\Desktop\OutProtect.pptm
| MD5 | ac7f34926cbc47ce8b03021ea9d3f149 |
| SHA1 | a47cd0bc7ff6e832c8d0d41d844e837253d512bb |
| SHA256 | fa66a9b77f3107dcecc7e1f015ccecdd931ebd3c6b33bc9ebdadf0be95706612 |
| SHA512 | bf10bedeefa033b587246b138bcf821f83b86f40f3765afd77a368672057db83826fe0552ba6465ecbd39b965d6acd02c1adee57bb5a553bdbaa032ee091dc0e |
C:\Users\Admin\Desktop\ImportSet.rtf
| MD5 | dc5971f15b78c0aacdff8906046d9875 |
| SHA1 | 7d07264462c0105cda6f001d4835943a3f45e325 |
| SHA256 | 71820166b01cd7d37bb05844adccb3d02d9e5cb133412cdad625d789e60b344a |
| SHA512 | 0b4835bd9bd039e2ec102d312eb12e2f9e4cece44255d6057c9896e8e003f0195856c8b3e813ca61bcebe1869c02115de40880825e297ac9d1a8d261e7f5fb88 |
C:\Users\Admin\Desktop\PublishMerge.eps
| MD5 | edf78b9989f9c20c7460472daadac97d |
| SHA1 | 17fd460dc61127d7352b8e2d452105bc2a339da8 |
| SHA256 | 3247a315045c84f9a73fad5348f3fb80007ff312254cf943f93bbd6361d796bf |
| SHA512 | 9deb6eafcda90f85ddc6a729d1f487eeb3ad996630a5d0096582eaf072b282682a0eeb0adc5946f03751c96e19d32138936a2e4d32b1f265a5c773eca14c4e14 |
C:\Users\Admin\Desktop\RenameGrant.xps
| MD5 | 447205478540fe56810f42892e40f425 |
| SHA1 | 15b87ce854679d1ca92d13bf8c8c601909fbe8dc |
| SHA256 | 5ce2bf63b0b232c71bd2f3dd106e6ce444c5c7bb11583fe361bfb8b1a90b2cdf |
| SHA512 | 2c192084556935d77922d1ac3d711335df8d9e57b17646fc13aaf83d73f80278a75ae9a9e9257931c2ab246ef86eebce5706344f44db4efdcbba52f4741f0aab |
C:\Users\Admin\Desktop\SetRestore.xml
| MD5 | e92444150cd3c69a290a6561afcf2c2e |
| SHA1 | 071d746523b120ad0d00d63ed4faf8b8aac77de9 |
| SHA256 | c4601bc6c2892c520bf6b4e001b4de6ce5eb9fadee5558490ac4d86c412d166e |
| SHA512 | 33ed28f15be265e890bfb77bfceeaea56ca12a8e8272e39e1388e3e1ea2b9173eb368250368606fbf9215f4c8ab9973deb08dd05b53885e46a9dc79f9bc84a1a |
C:\Users\Admin\Desktop\SwitchStart.ods
| MD5 | 9e29892138645d129b4f73f04f0c8f81 |
| SHA1 | 556723440cf717fe6838f91c0322085d62e80a86 |
| SHA256 | 5157ddc8c8158c1a48265b54e58724399be4505364812cb7d3ef83742e4e2c03 |
| SHA512 | 98b354acf9441cab46647f287e12898506be35ff5fcf9ec1df59c44e0488e4ed62c5b43720a9e9dd401c1ec95dedd11e3db4109854eb429baa9c24ff1a530d41 |
C:\Users\Admin\Desktop\SetOpen.emz
| MD5 | c7e87c733f77c3abb31df29f73612ad8 |
| SHA1 | 1a24f8c9d5590cdd364ef5b7d34d1c9b91201678 |
| SHA256 | f815d5c055e62790842478f706a0b749a98a1e8eb4fba6b969db6c78852a95d3 |
| SHA512 | eabf5b1a21de12f8bc43a5a90f58e7f48e88b4499101a09690007a802e9907037aa090a359d5ca4bc9ec119ec01f49cfea2bfc681871a2c89598efe4f4241014 |
C:\Users\Admin\Desktop\RevokeExit.dwfx
| MD5 | c64232cf8388baf8643f302d150f0a9f |
| SHA1 | 3eadf99fca40e766a40c6acc0d20bab3a972c6f6 |
| SHA256 | dcc9af189dbdcbb9c46afd66711127744741bc3d8fff128d39665cf7f1f54a1e |
| SHA512 | 7e7077eb3f59a8c9fd6255021a71f5c76f76de6a973212b9f0600b3b257a0a0ee2aa19c5f340e5881c70af5116a916149ac25b31e7ddf35bc42d9f6f3ac83936 |
C:\Users\Admin\Desktop\ImportUnblock.au
| MD5 | ba409654285b1b36af52810cf155713f |
| SHA1 | 53e53e61a9730cef847075a6495f49396d382b4d |
| SHA256 | 41c3e99922e902d3e7965269f18d0d1be5c32e943386f6018646ca8fe34462f5 |
| SHA512 | 3d986e5f30bb762bdcb6da792830da1e74b24d4466ef11e3d71839f6dc05ef5b9eea0255165bb1b930ecdc0c55de6649e9aa3571eb9fb19067b3ff29fc6beae0 |
C:\Users\Admin\Desktop\GetSplit.docx
| MD5 | b6959e98df05e40eb24c732ffc519b13 |
| SHA1 | bd05385506ae5634e377627604fb624824ddcc3c |
| SHA256 | c7974120ea9fe5b9769f9af5efd1752b9b18b4b20c4a30328bfff7366994e108 |
| SHA512 | 85214d78a3e787999c6a4066ea82dc21d23c00dca049a853439eb87117a1b4ebded39ef41a498646af979179d43e00094af24b3809e435bac410441852117a38 |
C:\Users\Admin\Desktop\UnlockLock.exe
| MD5 | 28939c3f793cf6873e292aa3ea9f62a8 |
| SHA1 | 868310c735df3e5aef011d8324cce3989f357777 |
| SHA256 | cc793e81fb9c707c6efaf9cc8e17af641609045dafb4867602bd166a5b37f414 |
| SHA512 | c586cff665b6076d657826a6f6739175536dac480242ad63b467f482514cd6c6687c2d5194483fea42a5210dab29d5a5aed5412bce76d56c8e7f76fff76e3554 |
C:\Users\Admin\Desktop\UndoResolve.vstm
| MD5 | 2af4998c6f7f350fef53a14920ab7271 |
| SHA1 | c78ac2ec2b3017f54aca51014491011546476303 |
| SHA256 | 17cec7b35c9f1ad325d1760496174cfc69e37c4695712eac9510d75fd02bfe7f |
| SHA512 | 9990b00aedf401bf0e54d329e1c0905801db5813a91d7e37f6c58bd54dbac81ea437a4a68afeb518abc8404d202c76e74f80f11a9c2a5ef96e7ca70865afc324 |
C:\Users\Admin\Desktop\TraceSync.jtx
| MD5 | cce646a09b8a801270d79cada525242f |
| SHA1 | e14ebdd59fabfed0c8f5dd207691544295ee0015 |
| SHA256 | 7c727e185347838e97ba4f455d9a0b5b31a6db94de39227013e7773386d53966 |
| SHA512 | 5797cb58d7541e55ff94dfd5201625489bfc70bb0bf6e17bc04eb185f588ad5e5f5b1cafca5419b3d9f4d3b95205bb6d9fd2817c0c03a644ca3b96fb3a0fee6f |
C:\Users\Admin\Desktop\SetResume.nfo
| MD5 | f3dee49ee67ad02e10edf4ffc902b763 |
| SHA1 | df54464a18c3e82ba08a9e3f67668c918a0e542e |
| SHA256 | 6b9e37e415473ff8d5982f0e1ef458848655965af34891cd40a9fcbfffa0387e |
| SHA512 | 9ef54a4995e81641745dd9fb0705aa699caf219e0b5fff113c4c6a1a872621e468fe28e2e0778d09815eab2c26fc820b73e718a8efce362598d51062aebe1722 |
C:\Users\Admin\Desktop\SelectDeny.lock
| MD5 | 2d5921744c4421589e7c0d3b4d44015f |
| SHA1 | ec10d5df360c569e5fba2ba9d86a7fa2a7ef2c50 |
| SHA256 | ef784abb629af0aeed364372357e09c411d78d38cf257da0187c198da8a255a7 |
| SHA512 | 294bdc1dcfca294f538acd5ef9a9d45aa1db08297447f650c7479cc3b11640c615ef55462cad8405bd19392eefc7d3cb474e079626b5467965e4c039a6a1335d |
C:\Users\Admin\Desktop\RenameCompress.html
| MD5 | f6b91c6bec4b7f813db86a7834f4c780 |
| SHA1 | c468423c6d81fe3f25ab6d59de1550e81d62abec |
| SHA256 | 0cee435b5af94a38aa196bc329aa7b11d1b1b533b45416654aa7aac816eace4d |
| SHA512 | 9c57b4f810c78ecb9e85a11ac6f072b841c58a31c9dffe0d8085d076ea3a4155116b692a95c005e63ab7d3d6f65feadfc66472e8e9fee291f0a065ebfde946a8 |
C:\Users\Admin\Desktop\PushEdit.tif
| MD5 | 773e97adbd429f15f178c96f81126c0e |
| SHA1 | 012326a81ddef521c2ac82eeb93171f22b8cca9b |
| SHA256 | f6c1f690971251c9d191470678f88d283865705abc17323fb4bb2edc77c10a3a |
| SHA512 | b71fd47ed24111ce58b8dc4287bcb3f5ea7779d443830aaf120003f907d375c21b89c29bdcc0924b8acef71925e426d3953a7d06886cb9a0bba932563b21fa72 |
C:\Users\Admin\Desktop\ProtectSubmit.mpv2
| MD5 | aec8caccdfa887f8fe3424f00145e846 |
| SHA1 | bdab178c2d968153fa059ce2c4b70e1081cdce3e |
| SHA256 | 1a99e69ee6784a763c1ef1e86dd594ff041135b0daef9dcfc8c5fda244f550df |
| SHA512 | 1e109575e9b423f7b1d625aeff9869a4d47e393426865c9c9e888f5d06a7e623040161ec223977f4a725b01465c749f25a40367b8d382b86e29ff2f8818fb21d |
C:\Users\Admin\Desktop\ExportInstall.7z
| MD5 | 0b88db3c224deef560853b4034ade61f |
| SHA1 | 8c86c9496d6d6e7f5c840b813e28a5232fb37cfe |
| SHA256 | 1c491f0778a40f3148ecf71b4609b579ad1a20e6072156495db478e5c333fc1b |
| SHA512 | b984c70984a4de1fe0a6573fb918bf1a9c33baadebb14075de6069136d2ebfe65e7c18deafdb73ca471ba9375aba283653be4e92144467408535ea68ddba3379 |
C:\Users\Admin\Desktop\ImportRestore.aifc
| MD5 | 3e135a0ba20c1e0a77ca76ffadb9a7b8 |
| SHA1 | 3c8607d66ea7d91d12e4f3c3bcf12247abb27c0a |
| SHA256 | 57d4893b72a4e35b7812d139d8923ce2ed67bf77d70c2d4478650ca3cd649595 |
| SHA512 | a03e6034b60964a0726d69164c37ac706454ebf422954e1effca9b5adfb7256de0b5d249139649d73c578844ece10c6452bfe4f4d470cfdf20edf976a1d339cb |
C:\Users\Admin\Downloads\StartResolve.svg
| MD5 | 2be7bee640e05084b716ff2ddf1be4ac |
| SHA1 | 491ba5cfea95f82491946005d7294f49d8dc154f |
| SHA256 | fe6f4e9c3849e7fae1b6e6a0bf98a882e43789d74916b340885c7aa696cd6361 |
| SHA512 | 49bd8f39cd6b15c38fa5f3be0561a322877811b55fb794a73c3fe686b4298d2bfbc179fd39d4bd17f31f900efa1387a138f7d651983304e0b5e2d2a05b55cff3 |
C:\Users\Admin\Downloads\UnprotectRead.asx
| MD5 | c5dc26e63252de9ae2fb25d9c6c35d04 |
| SHA1 | c86e18bca034429eeae392f71e21f98cd9e06b36 |
| SHA256 | df84fd70b19758d390aca03af18e81b4451a8981477a7e47786b10ba997ec74a |
| SHA512 | d1e1f614dd4b4de9aeec8ce9fd2e171d1625314fe387a83b08da17312bbc01973ed0dafa2c6c1807692812cc04763bf1dc1929b5a246a4b3ea9a7d98b7b8683c |
C:\Users\Admin\Downloads\WaitUnlock.edrwx
| MD5 | ce3cfb182e6b370586980adddc463ac3 |
| SHA1 | 499e2d29c07f3e4c7d84a49026fde4ce7efb8dd3 |
| SHA256 | c1dd3ac12be9d1db7782fd34d7f3f0491158e35c4ec59a96c1992b857eba51e9 |
| SHA512 | daf9d56fcbd7d6490182d532b9afbf29221115cd5a89ea3df046ce8927d057186453b0449d02497b1b4dc5316b9d69ff5571d728ef8da90455ca861035c42eee |
C:\Users\Admin\Downloads\RepairPing.bmp
| MD5 | 69c9a589e50cb6cb0b4ef5e3b430efb4 |
| SHA1 | eff7f6bf3e45967e56adfde983528b7cc6b5c763 |
| SHA256 | 87a8790b0f3f108d625841f4f46a792f42695e30aa8a46cc612e086dfd4337ac |
| SHA512 | 721e56b6713bc728269613626b21aa08dce5b93b635c1a32f23c4c248f93ffd6c77fa5b1794043b6156a9c4ed1fd6a4f25b2b41ee99414a4f2f3b54b20caadff |
C:\Users\Admin\Downloads\ComparePing.ogg
| MD5 | 7fc4467c187dfb70d74db11d0fde0b58 |
| SHA1 | 83fdf4fe4388019fa8bee0fbfa9ca271b7d8cd40 |
| SHA256 | 740d307046c3af5f8e45ecdda10460c4ff3bbf56f931cf93af5175b2b7ad06f5 |
| SHA512 | 9fd576b28fcbbbe9faf0f8f1c51a3bc4037c25ea0bc0e954e3f82cf266e17d69d5230e6aa2420d253bda3d09c3cf4b473dda95d7d5f0a3da1760686385fe02d3 |
C:\Users\Admin\Downloads\MoveConnect.ps1xml
| MD5 | 83a661ae63f0409566f44c1f71a72a45 |
| SHA1 | d433a19b52b3cf3f838f3d223a6721dac3221783 |
| SHA256 | 01a4c9eadc3c6264717d84deeb41b919380b0c4870a397f61d6b62458f822cf5 |
| SHA512 | 349c8c120b8a6404264ff9c263cc58122186721ac360bb33862788644fb6741fa4bdf49014f9cfde27a1b9e0df39e932d1b5cb900a76fd319608a773e9ef3a97 |
C:\Users\Admin\Downloads\UnprotectInvoke.potx
| MD5 | 47e958e483d04ab52ccc1af82fc1bf6f |
| SHA1 | b5602561c1f1a04f4fc245d8bf1f7c84bbf5bf42 |
| SHA256 | c24e57b494e3ada6474c77c9e93bf2971888b756273ff1b7ceefd23da20bc2c7 |
| SHA512 | 3a8ceeb92c0ff3c1ff22ae40ed1e3472401c9eb0b550c6703dcd275ac5e289a74e9ae4c862b166c115135b07f2f3a5cc22492b5967d1303c321cdd56823058c2 |
C:\Users\Admin\Downloads\CompareSplit.svg
| MD5 | 026ea82dc89d5dee736b7b89cdeb3f59 |
| SHA1 | c3c50d1dffb26eab366dd3e9db236a9d424773e0 |
| SHA256 | 5f2a304c135545e182135acebc8c8f958ae7c338e4813431d5fe39141dcbb086 |
| SHA512 | 3269e16ab81ddb05f8293ffdfc4c680ae3f679b81c8cb6c2ac152947332114159cce7caa07db5e53794cd6ed0b2162cf3aabb4dade70e873ec26641c130ce871 |
C:\Users\Admin\Downloads\ReceiveRedo.fon
| MD5 | aa8708c231c1cccaadc4c9840010c409 |
| SHA1 | 3ed02db2dade12b0226e70f7d0c126e6a1080621 |
| SHA256 | c7178af31eadbd1207f809338df7a612b651a91b74b67456cf09e9c8a01af648 |
| SHA512 | 39d1bbef48755f6f145b7952716ac165b7a4eb21e6702600af96656cca7699b84d3dd0d54937b9c2ccc18d9a91a9b2f0efb84cc5b059c4751892838aa1124c9e |
C:\Users\Admin\Downloads\UnprotectReceive.dwfx
| MD5 | 7487c38061dff4a8274a100032dd5bcd |
| SHA1 | aa774b97ef469c83d1991d076a696cb56f9b7119 |
| SHA256 | 2e7182d6ed8e301fbfcb45be408e71e1d18da11c364b7045513e85dd564e00ed |
| SHA512 | 70adcfccc403cb20ff8d7ccc608bc68f799b84b5cc55b8235084b5f684cc47b151bbe018212fb1ae225c5ae3b2ec8302022b67b8b82d9e2f11e459376a1357d7 |
C:\Users\Admin\Downloads\LimitMeasure.AAC
| MD5 | 28037df8df37f657fde41e93af65c132 |
| SHA1 | 5a58c19d641b8896d15355b4bbb6127de3ddce5b |
| SHA256 | 6ce060807fde2d60f941c690991fc021bbc951395f9542062b56b411a60a69ed |
| SHA512 | 0a73e7de52a7a8e0f1ee527626ba296c3fe6791c109ad91d1ca208f0079d505b202e50f5aaa986a2e7b893f751d09382bddd985b23890839a6c0a07279c1d3c2 |
C:\Users\Admin\Downloads\DenyUnlock.cab
| MD5 | 30e1d805545c7216b76a4304ba58c02b |
| SHA1 | 21b72ca5088e3f639e7299f3b9e4d4dbdb960fab |
| SHA256 | c2c77c3e0725b362a1a90f05a94f41bc5de614d33eebadad383a39b688e872db |
| SHA512 | c1458e13bc7fdbf9aa69326295245cc6c22a5e6126641515dbc5a8567ffddd7da5f559dcda4453ca8857d665190dde202e00d3dc63ccda4369b23455208b3e19 |
C:\Users\Admin\Downloads\UninstallFind.3gpp
| MD5 | d7318aa854570626a83223bcea4972cf |
| SHA1 | 0e3003044bad3012de31b440e60aeb700aa32387 |
| SHA256 | d69bd3ca06e9f442795563c0b9c4f241f51f7ecb4d0a5079301e6aceb59f15a6 |
| SHA512 | 014c0f9f1cb61fadb9b1a76cb97ea5d258dd9e56363f5d731320f30bffa5974877b6d3a45b44fc27d4b669ee23fa32716fbd0959a9616648613c0060b0b12476 |
C:\Users\Admin\Downloads\ImportResolve.jtx
| MD5 | a66e961ad16b9477dea92c99e9db858a |
| SHA1 | 8c3859ca2ade0c4964468b20588f08aa8a17597e |
| SHA256 | 15a2ba4e6430106638cab4745ece1ef4b71d08e65d46794012f9860a0ea5746d |
| SHA512 | 4da29172665a841171b2389b0ba8c085759c8fd438da7f37e76695dd8f1c3bdf3df02c1700c33738f18cc7470a3d87bd69610189d6ec9adb0f6e1983194ac738 |
C:\Users\Admin\Downloads\RegisterStart.ex_
| MD5 | 318b8da8744f22a6cbacb333628a46bd |
| SHA1 | 5880f76260155c69ccb9645f1b4e3baa42b93c0f |
| SHA256 | b559c3794a3c16a93e83000beb90946b8d786ba976b587f38861c2c5bdb52473 |
| SHA512 | e97d75c21a4e4501f1bd9449b756c8a9e954f18c2ade5701ca1729475a98111b37283fbea88b7e79bd421ac0b907985dd5c1fda49527f051ce1247dcd7c9c050 |
C:\Users\Admin\Downloads\LockUninstall.AAC
| MD5 | 9170e445fccd4c17a1a65a1d1ba81e79 |
| SHA1 | 81c5204a00e1a7bc15d53e25d443ff15a062c5be |
| SHA256 | acf0a3e590dddd9b9c697190d64219a92df332dd8a520e5d805ea29c9d84f146 |
| SHA512 | 31acc83a27136bfa68bce3344f8fbda669471e7fcbfdfd30bb2dfbb9b73c27d14623080c5f4b9890277e16e8fc69fb15924c79b03a69a8a6872b86fd0f8b7f42 |
C:\Users\Admin\Downloads\AddMeasure.nfo
| MD5 | 002c013f8cc636288133ac1808400348 |
| SHA1 | bb441869bb8c75e5929f8e49db102fa6526f7ab7 |
| SHA256 | abd5621565f7232362f32508fc78318dd6e8e19b1cc59edc3add84c79574f732 |
| SHA512 | 7b514623ff9e6060f218b8df1872f7f8e6c645e70ec6422300930de13f0869c4b2756e5e191da2b4ae4fab9ed9a1759f58b34726e6e61b024580ae9a31b8abc6 |
C:\Users\Admin\Downloads\SearchEnable.pptm
| MD5 | 6db71c7ba57ecbfc9ab312c018fa88a7 |
| SHA1 | 199ce295a2bd31e1e746965b9692e99e2ad36137 |
| SHA256 | 171ac6ef15fdd128fdebf6c46497883b85aef5e709a6503eac24dc737d9db1f8 |
| SHA512 | d888fe0b4c027daa22e04f9bea249fe34e1c9e0d8647cd88f56924d89d16da70830f59736f0d7bbcebb869fa92e5d16dd028b81d7834796e4d222b0be4f874c5 |
C:\Users\Admin\Downloads\RevokeShow.ADT
| MD5 | fd54565e8ba74fafc4b3d0828b1f0752 |
| SHA1 | 886051e0a02c125e97f8a1d03db918e43a6eb72c |
| SHA256 | 5dacc61e8912811e74f1f28c7544d9e7f03a4098acec93bbb85872c67ec5426e |
| SHA512 | 7c9491ce1d96c2aaf23faf2ab0e11446d0ab1b4e8e69585405161819ebec451829f618c6602de279edb69c1c0751c7f1a0d429e58ac1459ee4e425c49cb9c73d |
C:\Users\Admin\Downloads\MoveDisconnect.pcx
| MD5 | df04e5ad6c34d9ed162cbf73f9e5a0d2 |
| SHA1 | e6f50830e145e93d2d576cc8ec45d57bf5a40d87 |
| SHA256 | d112e6d3c774fc92bde7b23ae56d1070f295f317386df6c949b711f2d1ad00fb |
| SHA512 | 1b22cd4e431cf99585e421d955d539a904205d9d10981fe207d91855a4f77ac41aeefc4d703211845e430f3545313cb65c855b46cb2fb3b9ad6469ff2c55715d |
C:\Users\Admin\Downloads\GrantSet.ram
| MD5 | 0956aa8d47e121d32bbb275a27cd6ddc |
| SHA1 | a964a690fb90eb785014d33eb651ad1f60156759 |
| SHA256 | f1931194bdd23470c5e5830fa8df395c2a18cef54f4bcd34ba1560608f4e2dc8 |
| SHA512 | 1555348a104c5926b23f00a3822ea9aaa16579c9a3012e5c2c683435c09f16518bea9afc9c37180cdc76cbae6cfcdf955d20fa57f6dc13f8b11ffa26ffd02d13 |
C:\Users\Admin\Downloads\ResumeConvertFrom.pptm
| MD5 | 5cb00e1f758e7663bfaa02f14d80a5b5 |
| SHA1 | 99ea1dbfd9272d24d093feb53412f9b67401cebd |
| SHA256 | 28ff5657ea5a339635c4ff3ba70df59076f8636387f9e322d6d4ba8da6d53889 |
| SHA512 | 6ce89145bc68278ac3aa83f2c7207cdbec2b79b3d453dedb14c8756865dc71bd24e136f66a7c25598f3fd71a1e719d27c48d55e39b8bbadd8044885e8d02bb2a |
C:\Users\Admin\Downloads\ProtectSet.mp4
| MD5 | 699e219b5a9383a62d1cd8bed811c631 |
| SHA1 | 4968837d6ccd638c1370c44c6d9a56a712dbe461 |
| SHA256 | bb4a2322765b345c2fc6cd28407981af08c1719b17ae8422a96585081382aa5a |
| SHA512 | e4aae42e250872464f8f4d5de1d36b67bbc89be75cfd8ecef54050b178174c7c72fc215ba1843642c9bc207c90b793cd0916ee84394b12d17ace81eeeddf383d |
C:\Users\Admin\Downloads\EnterImport.edrwx
| MD5 | 6316ff799e71e627a101bdc829ce3bba |
| SHA1 | d6c0dfb0c5df68bf9c8fb5846c60705dd5734998 |
| SHA256 | 2de298c031a4bc75d0735e29aa5b03cc2d49deb37e4d4b2ab3211d17d1a80eaf |
| SHA512 | 50c3bc7876f213443d86a27393408c1f2d2836b9775459f53d53c1d68230253aa565dad25df57061db855cd6bd79e04cc25ec2a5d8af62da0b9849290ad87878 |
C:\Users\Admin\Downloads\SetResume.bin
| MD5 | b55f24f1a320b269651201db0095b82d |
| SHA1 | 17fdbff165388eff97697480331b9c2eead80b3c |
| SHA256 | 6220cd8b0d9d7b2c591518bfe0d12858052b915127c6ffe9c56df623a14e7b9e |
| SHA512 | 25abece8ffec1c43d03445e95dea85dc2b5ceed5a9218d1d1d96dbb3325a550791605b3c21df8eab7d275b0c5f1b0557f09cc6eacf65689c30847a6f1f211446 |
C:\Users\Admin\Downloads\CopySplit.MOD
| MD5 | db343a9827abe46c39c91abc0726496f |
| SHA1 | b01bcfa426c828eaac0355d6f46d668a753ab474 |
| SHA256 | c0c3d198a8f3444bb604fcf43575f1e5b48e0c2375a8a8808dc5dd3aa250853a |
| SHA512 | 1c9541018e1eb3aec59e6422e4ab3e77fbdf3694085e906a4ae2b84dc96f04347c995b2530d5d9d48949c9f6afd641eee4d7d4e126341ece54284807b57d75a0 |
C:\Users\Admin\Downloads\ResizeMeasure.mhtml
| MD5 | c01e03db3b1f236ebf7187b03e913430 |
| SHA1 | b1169673c2592f2c95539ea0f9bf9d0dedd4d05f |
| SHA256 | 5a8f2ca28ef6ead9844359cf422b392b008439eeecd6e8996c19c38060c2d4c4 |
| SHA512 | e7dea2ff7f004a614e051702509893fa545a48f596e397f88b5dbd3b63f49a44d9570d6ce2d1fccebfab35b65c48ab30dd62d9f4f5ba17a76124a66ef4d0389a |
C:\Users\Admin\Downloads\UnblockConvertTo.htm
| MD5 | 683c284731ec2fd22f12810ad8cee40b |
| SHA1 | 46c5eae7646c817b8035d0704611692428a084c8 |
| SHA256 | 877700dcd6e9f3d36ea551c826942ad25b32129323a2f80ff0042253967e4e39 |
| SHA512 | e89f6c240abc9711551914bce4aadfc49a037010e995389f92d99d3a5f171da4bde3b9e4ae4eadc7eb85faaec0623c09b25b87413f2086dcfc15e1fafc4ffc8b |
C:\Users\Admin\AppData\Local\Temp\nsy4FD9.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
memory/2404-262-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3996-268-0x0000000000400000-0x0000000000481000-memory.dmp
memory/3996-287-0x0000000000400000-0x0000000000481000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsn668F.tmp\System.dll
| MD5 | 4f25d99bf1375fe5e61b037b2616695d |
| SHA1 | 958fad0e54df0736ddab28ff6cb93e6ed580c862 |
| SHA256 | 803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647 |
| SHA512 | 96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130 |
C:\Users\Admin\AppData\Local\Temp\nsn668F.tmp\nsDialogs.dll
| MD5 | 2029c44871670eec937d1a8c1e9faa21 |
| SHA1 | e8d53b9e8bc475cc274d80d3836b526d8dd2747a |
| SHA256 | a4ae6d33f940a80e8fe34537c5cc1f8b8679c979607969320cfb750c15809ac2 |
| SHA512 | 6f151c9818ac2f3aef6d4cabd8122c7e22ccf0b84fa5d4bcc951f8c3d00e8c270127eac1e9d93c5f4594ac90de8aff87dc6e96562f532a3d19c0da63a28654b7 |
C:\Users\Admin\AppData\Local\Temp\nsn668F.tmp\LangDLL.dll
| MD5 | 20850d4d5416fbfd6a02e8a120f360fc |
| SHA1 | ac34f3a34aaa4a21efd6a32bc93102639170e219 |
| SHA256 | 860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61 |
| SHA512 | c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276 |
C:\Windows\Installer\MSIDAA3.tmp
| MD5 | 67f23a38c85856e8a20e815c548cd424 |
| SHA1 | 16e8959c52f983e83f688f4cce3487364b1ffd10 |
| SHA256 | f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40 |
| SHA512 | 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d |
C:\Windows\Installer\MSIE7F0.tmp
| MD5 | be0b6bea2e4e12bf5d966c6f74fa79b5 |
| SHA1 | 8468ec23f0a30065eee6913bf8eba62dd79651ec |
| SHA256 | 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164 |
| SHA512 | dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b |
C:\Windows\Installer\MSIF1C8.tmp
| MD5 | 0e91605ee2395145d077adb643609085 |
| SHA1 | 303263aa6889013ce889bd4ea0324acdf35f29f2 |
| SHA256 | 5472237b0947d129ab6ad89b71d8e007fd5c4624e97af28cd342919ba0d5f87b |
| SHA512 | 3712c3645be47db804f08ef0f44465d0545cd0d435b4e6310c39966ccb85a801645adb98781b548472b2dfd532dd79520bf3ff98042a5457349f2380b52b45be |
C:\Config.Msi\e5edcee.rbf
| MD5 | 21438ef4b9ad4fc266b6129a2f60de29 |
| SHA1 | 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd |
| SHA256 | 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354 |
| SHA512 | 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237 |
C:\Config.Msi\e5edb3e.rbf
| MD5 | c8b7f90834ad585a7c1f1b3045f0a4b5 |
| SHA1 | 695f919bd0c75ede1bc807a20dd3937dcc00de3e |
| SHA256 | 0e90838f515af90056a512d7882d7f6d5aa63f14c9fcedb8a7641285940f6daf |
| SHA512 | d9a4f3df31de7deea1a401468d79870fd58d827d568c6b0b2b1e3eed38281e51d150486c6d1741dbee1c1093a82e15cb94cb74511a7c02f7d963fbe24019b781 |
C:\Config.Msi\e5edb3f.rbf
| MD5 | a62f85ded507d9e3b6201ce2026832d2 |
| SHA1 | e56e290431ab577db73c9d92da8463c765ed274c |
| SHA256 | 97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0 |
| SHA512 | 387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987 |
C:\Config.Msi\e5edb3d.rbs
| MD5 | 24071fc49013e1f0d52681670dd9d5d0 |
| SHA1 | 4f88bd41b23c464664244ca2b766dff270186de4 |
| SHA256 | dfff122ecca245baf9a98ee458d001844aeab7cd5926d9dce7f783fd4a5090f6 |
| SHA512 | 025fa51a731784ab59868b7e5e375e1dffee286e77ddd37eef68d60a82ff2cf0c90a2c08b52ce97bb4c9b42e2e33e62cf7c9149b52cf06a9d0c4214e62243fdd |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | 6fad12a43c4ed37b9682c8b663609185 |
| SHA1 | f674593eff469becacb266d2a9c965d7c99ded86 |
| SHA256 | 44ccb8bd75e936a91f18977cf1861f6c320172e510d04e6c05624afb03350a1c |
| SHA512 | e40488f2d9eb02376d6b6d9257f87b450484b18031bed5f4ed9fa47b9a3a4f974d060e153f4761b6d4224c58fa679b3cb7bab08760dbb79ca99200ae8b273114 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | aaad0c966378c315a028984bb28b221b |
| SHA1 | 3df0c5066c811ef0c7d416dce47a4b3000a170ac |
| SHA256 | 8654b8cab2917d1b1e174ba5967dac965f9d97bd19e1647e07b04b6ae03c610b |
| SHA512 | 208cda7965d10fd23202308a74aa23881fa109645414af5251c4418d533b952a016d0be8a10b3288e1d943e0a166fb97bb8a6ba3aad6117c4e3f56ed04bbe9ab |
memory/164-746-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-748-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-747-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-760-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-759-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-758-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-757-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-756-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-755-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
memory/164-754-0x000001A43E5C0000-0x000001A43E5C1000-memory.dmp
C:\Windows\Installer\MSI5EF.tmp
| MD5 | fccdc45ca17e5180b40efc28052bac39 |
| SHA1 | cecb5a7e8807e619956183897a64930ce56294d6 |
| SHA256 | 4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621 |
| SHA512 | 67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce |
memory/4920-1076-0x000000001BC80000-0x000000001BCAC000-memory.dmp
memory/4920-1077-0x000000001BC60000-0x000000001BC6E000-memory.dmp
C:\Config.Msi\e5edd20.rbf
| MD5 | 745897fc2816625a0e5f1ac0f9af16a2 |
| SHA1 | cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b |
| SHA256 | 5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62 |
| SHA512 | 7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2 |
C:\Config.Msi\e5edd23.rbf
| MD5 | 57626036538c8abbf5bc761c8ecbb274 |
| SHA1 | f3dc829a302cd7e268b566eff47b9c5b3badc33c |
| SHA256 | aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2 |
| SHA512 | 2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330 |
C:\Config.Msi\e5edd21.rbf
| MD5 | 485f3cd5a94355f8e6b0aa101abd9f04 |
| SHA1 | a91650f4f103fdf08c8c261cdb1746aca658229e |
| SHA256 | ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8 |
| SHA512 | 31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794 |
C:\Config.Msi\e5edd22.rbf
| MD5 | 7e23e2abf1e03fd0d3c0ed71d3e67201 |
| SHA1 | 77e9ff622eb2b07d4eb908146251d2061895fd47 |
| SHA256 | 588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209 |
| SHA512 | 14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3 |
C:\Config.Msi\e5edd24.rbf
| MD5 | 642d05fef3999b47e67a3b979395d87d |
| SHA1 | 0806dda798421528f8e61e81ac4aadd20cc101e7 |
| SHA256 | 53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b |
| SHA512 | 7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e |
C:\Config.Msi\e5edd26.rbf
| MD5 | 1c213c5e8828353641cef6d74ee6838d |
| SHA1 | 6e16eb31f642327afbed7b8d4ca56e791b799cca |
| SHA256 | a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd |
| SHA512 | 7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43 |
C:\Config.Msi\e5edd25.rbf
| MD5 | fd580865ff5b65ffeead3da78f9d244b |
| SHA1 | f26c08181b87d1a6979f97293413d25f6f2862e3 |
| SHA256 | 5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a |
| SHA512 | 5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd |
C:\Config.Msi\e5edd27.rbf
| MD5 | b4c6016286bdce7c51c3634999f2ea5e |
| SHA1 | c446378afc6b12c372bf4dbf33efa61e9f7fbbda |
| SHA256 | a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a |
| SHA512 | a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d |
C:\Config.Msi\e5edd28.rbf
| MD5 | dcc6434e76ccc91fa6c35df0d0d6f5ce |
| SHA1 | ed1d50016a7db340208145d988a82ce7c126cc94 |
| SHA256 | 45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8 |
| SHA512 | 90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102 |
C:\Config.Msi\e5edd29.rbf
| MD5 | 2317370717a6bf28b9af805dc45ae5c4 |
| SHA1 | ae6876ee8672be7ef18ea64af2293e0d4bf8703a |
| SHA256 | 01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663 |
| SHA512 | 5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4 |
C:\Config.Msi\e5edd2a.rbf
| MD5 | f35d405459f10fd3d1f52f6dd64252ca |
| SHA1 | 5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14 |
| SHA256 | 384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7 |
| SHA512 | 2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e |
C:\Config.Msi\e5edd2b.rbf
| MD5 | 3e3b6511ef707e9d2344b320407ca1da |
| SHA1 | af55e484ad47daeeaedc5efc0d301ed8d6a7be16 |
| SHA256 | 8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636 |
| SHA512 | a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30 |
C:\Config.Msi\e5edd2c.rbf
| MD5 | 5fe646e5f52a6183027c87160b922e2b |
| SHA1 | 53123095d2ff679db51a55961e7efa6f3c2cd09f |
| SHA256 | ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0 |
| SHA512 | a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7 |
C:\Config.Msi\e5edd2d.rbf
| MD5 | 9473054628d25757f804cc2584a931ac |
| SHA1 | 1ec0e971be84d5e980988c16e1dba3b5323e7ca9 |
| SHA256 | 6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47 |
| SHA512 | 668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae |
C:\Config.Msi\e5edd2e.rbf
| MD5 | d80746b2f94a3a28e380735d4b8a9ea3 |
| SHA1 | adf85a8d951e2ef30100f88bd072d333839462ad |
| SHA256 | 45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218 |
| SHA512 | cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1 |
C:\Config.Msi\e5edd2f.rbf
| MD5 | 5440ee9cd44616d60cde57ebdb286e95 |
| SHA1 | bb7635d6911311b2f3a637a2e9d8446fd0698678 |
| SHA256 | e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3 |
| SHA512 | 4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0 |
C:\Config.Msi\e5edd30.rbf
| MD5 | aaa2e20588e154a10747bf1b31b55125 |
| SHA1 | 03cf9f79b9cacda13aeb644a88180222240b6f0c |
| SHA256 | fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e |
| SHA512 | 29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa |
C:\Config.Msi\e5edd32.rbf
| MD5 | e1eeb7e26ab04075eecc7275239b20b3 |
| SHA1 | ba62b37d4233b88948fdc2ffed08f3c82e8627f1 |
| SHA256 | d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7 |
| SHA512 | dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262 |
C:\Config.Msi\e5edd34.rbf
| MD5 | 5f0934c524364c1e1a77db8ccb832c5e |
| SHA1 | 848eec26bf024a7c350bdb02d0e92116a4882b76 |
| SHA256 | 82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6 |
| SHA512 | 1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222 |
C:\Config.Msi\e5edd36.rbf
| MD5 | 524014d39a54d3908de59807c09cae3b |
| SHA1 | cc166f76626f94cdbabd8095286a82a474af9f8e |
| SHA256 | f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66 |
| SHA512 | 02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182 |
C:\Config.Msi\e5edd35.rbf
| MD5 | 0ed609c8782c37c67a5ca7233f08d103 |
| SHA1 | c286345aae83608005c0e20aa000acdbfabbdac8 |
| SHA256 | 10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f |
| SHA512 | 92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c |
C:\Config.Msi\e5edd33.rbf
| MD5 | f8d11c60b70acd2ec9154ee676f615ba |
| SHA1 | a869fc75f44438d9207511dc73bae976f558ba6e |
| SHA256 | b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2 |
| SHA512 | c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907 |
C:\Config.Msi\e5edd31.rbf
| MD5 | 7ecb661f50f34a941a44dac7241f7d08 |
| SHA1 | 772b0df3ad4a89a078cd4ff8e5f45115778d04a2 |
| SHA256 | e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2 |
| SHA512 | aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b |
C:\Config.Msi\e5edd37.rbf
| MD5 | d2bc82e2f203cc4778ff312475a1d37a |
| SHA1 | 2da7e8f3e8e4189acf5624bead6b7b983af17e5e |
| SHA256 | e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734 |
| SHA512 | 976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b |
C:\Config.Msi\e5edd38.rbf
| MD5 | c1e58c73d935540d0673dffb303aca5b |
| SHA1 | 2a95a12c512a2aaf29587db1ec4271cb92846bed |
| SHA256 | 3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44 |
| SHA512 | 471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3 |
C:\Config.Msi\e5edd3b.rbf
| MD5 | 846e77a9f3c6bb2ecf5518d470b2b908 |
| SHA1 | f16c73c5b7a4b0a596ab41472a246faffd9a9b01 |
| SHA256 | 17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072 |
| SHA512 | d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941 |
C:\Config.Msi\e5edd41.rbf
| MD5 | d78266c35a0ed4bb6fb2f6683c8a6e68 |
| SHA1 | 7ebda40cdb602b20323e6e7d24f28f25a931b11f |
| SHA256 | c68b82408df6d0e6f7c7ca0a5e7d1c80af6cbec57788570bea58efff8053f306 |
| SHA512 | e60ae6b2cd22614be134d06ce823bc5d31d0aaf1f01dcc4fd0f6021bd307609e8d2f47ebf8490d3bc33f0b225303b63e44f09384bc3804494f595e876e673854 |
C:\Config.Msi\e5edd48.rbf
| MD5 | 4667b1d3fe384b97a94deb1553af2174 |
| SHA1 | e14902922748fffc1f65cb299b52c114887b761c |
| SHA256 | 705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d |
| SHA512 | 3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb |
C:\Config.Msi\e5edd54.rbf
| MD5 | f8354171db5fc4506cd0a0b9a3c9eaf6 |
| SHA1 | f155f11010d91896161a2818815a1dc32f183731 |
| SHA256 | 6131d4341986952f7343eeb984544a17bb5f121e1b24ad572ae93d928f9179fe |
| SHA512 | 10aa970372b956ee7d018b4d5d8bd7faedaef20b83ada551e7a260730d5a642c9ea13548743ebd470f5ecbc7a08ddead828c41e229c96538d93d3f0ea7cea52b |
C:\Config.Msi\e5edd65.rbf
| MD5 | da7787ae5278031ef79441d29599dcff |
| SHA1 | 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f |
| SHA256 | 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39 |
| SHA512 | 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e |
C:\Config.Msi\e5edd8e.rbf
| MD5 | 683fc126a13b915b3ff36735ea5ca5fc |
| SHA1 | d1ccfdf78919f51b09fbde02c2cf0f332601bd74 |
| SHA256 | b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929 |
| SHA512 | 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9 |
C:\Config.Msi\e5edcf1.rbs
| MD5 | 459e1a150e482fff3dc57b4bea00c53b |
| SHA1 | 9a8f4444e6853fe3695be6a7552716dd1cfca433 |
| SHA256 | c123c2e0f8c5250a4ca5368a0e84690a184d03032e7d1591e0c6809ef3ef7fc5 |
| SHA512 | 6ca96d4edb094d480a4aff08d65d030465614ce38b207088ad64314b34fb89679367d6d8913a24e6de037597a020004250044b4a3ebb62320f27803b007d8006 |
C:\Config.Msi\e5edd90.rbf
| MD5 | d8a76dfe6188e600bd7a8480dcedcbdb |
| SHA1 | 40080e226be118c2a0a8f9dd70879467ec09f198 |
| SHA256 | a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a |
| SHA512 | 9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76 |
C:\Config.Msi\e5edd93.rbs
| MD5 | 013483ee9280d77a1851a14acea03956 |
| SHA1 | c568c62da91f2a5167eb3487c209ae0356cdf946 |
| SHA256 | 4f2b44de915825da93786825cdf48a58340fc5a3962be72ad9789d727851a37b |
| SHA512 | 4f97a8d794510fbb879ae6b69c321922c4c4c6398e1b24a1b2a963d162d32e6c535a123ea27a3f3eee5f09c2452712ad6158fefe449f143f8082e368dc903a1c |
C:\Config.Msi\e5edd97.rbs
| MD5 | e930ba78fa60e24d36fbc95eebf7aab8 |
| SHA1 | 18c3fe7fb056f1a5a1089883b38da07ccf5c598c |
| SHA256 | 60c92a225c9a950e8c76402ceef31667fbd8b90e54069dcabd0ed6166554e197 |
| SHA512 | 71617b2aed6265d7a7ef30b10d0c5ccce265f7199b85cd935602d6b498fc5d036c1db7f9c8173984aa1df10cd2c9f58e4aa5287a387e760188ba2a9522a440c3 |
C:\Config.Msi\e5edd8f.rbf
| MD5 | 1a063e60707636e76e61ad9784bb1eea |
| SHA1 | baf498bac402a29b1330fcd20cfbacbc5d245cf7 |
| SHA256 | 878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5 |
| SHA512 | 39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65 |
C:\Config.Msi\e5edd8d.rbf
| MD5 | 4b15c6de8b0cbeb6d4d7d6e14b9ca7fa |
| SHA1 | af3b589712be828302778a6e248ebd659fcdabfe |
| SHA256 | 7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85 |
| SHA512 | 1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491 |
C:\Config.Msi\e5edd8c.rbf
| MD5 | 9f735917c0bba0f42b40e719047eefd5 |
| SHA1 | d8c1ef036b9d841db86ffc76d9150064ee836cce |
| SHA256 | 7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83 |
| SHA512 | 65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e |
C:\Config.Msi\e5edd8b.rbf
| MD5 | 54c12705dc6a32282762bbc4252e2b9b |
| SHA1 | 2d1fd38b5f3db7c7f0d7baee446a00099a506d50 |
| SHA256 | a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc |
| SHA512 | c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf |
C:\Config.Msi\e5edd8a.rbf
| MD5 | 18a9dd94b5112ea94f3fc9fc22ff8409 |
| SHA1 | 97a0b82343ef1599e517946a2c3c259b61e53ca7 |
| SHA256 | 55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e |
| SHA512 | 7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6 |
C:\Config.Msi\e5edd89.rbf
| MD5 | 32f2ac5f45b93b733cab1865affd588d |
| SHA1 | 5062e6d2a8c1e06e19c9f0b29164915286ece618 |
| SHA256 | 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5 |
| SHA512 | 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1 |
C:\Config.Msi\e5edd88.rbf
| MD5 | 158f96bd130a9f3a1f7e91dc611e8b7d |
| SHA1 | 207264f61e8d8cd77c7dd82e7c8c38927bcdef85 |
| SHA256 | 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55 |
| SHA512 | 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a |
C:\Config.Msi\e5edd87.rbf
| MD5 | d2d2a9e08ad2df5d73ca0aa0797cd96a |
| SHA1 | f6050bc38d27c805daa078383506b93c5dd854c7 |
| SHA256 | 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879 |
| SHA512 | 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de |
C:\Config.Msi\e5edd86.rbf
| MD5 | facce237d5cc5e89d8e92a36289f588b |
| SHA1 | 5b91fe97781b107df2754a5d38807a597f1d99a2 |
| SHA256 | ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9 |
| SHA512 | f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0 |
C:\Config.Msi\e5edd85.rbf
| MD5 | 62faa6fe395c5810fe4fceffcba62966 |
| SHA1 | ed830d3d1156c3a5ea6502148f4347af0c4a8051 |
| SHA256 | 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099 |
| SHA512 | 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54 |
C:\Config.Msi\e5edd84.rbf
| MD5 | aa8ef0154efa83de1c2786ab1cb76f37 |
| SHA1 | 5e4fcdf55c34538dfdda172a985731019f74898f |
| SHA256 | db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57 |
| SHA512 | 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd |
C:\Config.Msi\e5edd83.rbf
| MD5 | fca2f9f00de26d0b5af4881836d6337a |
| SHA1 | b11dcad7c00c2c85354b131c796ae34bbbefdb38 |
| SHA256 | 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501 |
| SHA512 | 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738 |
C:\Config.Msi\e5edd82.rbf
| MD5 | c30dfa5fbf9f2e6d18ceb7108923fdfc |
| SHA1 | 523c4b9043cd6d722c01215f64173b9287623d76 |
| SHA256 | ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8 |
| SHA512 | 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2 |
C:\Config.Msi\e5edd81.rbf
| MD5 | 93030b5af327ece3ddc3518410e1af59 |
| SHA1 | 4be27729a906169d2afcf025e10f308fce35056c |
| SHA256 | ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650 |
| SHA512 | 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d |
C:\Config.Msi\e5edd80.rbf
| MD5 | 218e31b07c6e07633a84f0248730e220 |
| SHA1 | 47ee36529b741f3d52c487e6dad151f516c2eb5a |
| SHA256 | 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec |
| SHA512 | e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0 |
C:\Config.Msi\e5edd7f.rbf
| MD5 | 9002a577c07ab2b99979435cd8b67acd |
| SHA1 | 5b3c6231c113b726ddd55fd8a8e3ae84b1526820 |
| SHA256 | c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1 |
| SHA512 | f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47 |
C:\Config.Msi\e5edd7e.rbf
| MD5 | 4d4774a30da56119888490cdf3157b09 |
| SHA1 | 360221725daa9b7a14460fe6939d54b2173fb8d1 |
| SHA256 | 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7 |
| SHA512 | eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130 |
C:\Config.Msi\e5edd7d.rbf
| MD5 | 7a016cec8851a57b2f0376ae6d1fc837 |
| SHA1 | f161f9d8d7b073c1f17f55719c37124969bd7d2a |
| SHA256 | 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b |
| SHA512 | f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456 |
C:\Config.Msi\e5edd7c.rbf
| MD5 | 63a1e9cde10490008ba7ef47a12179d1 |
| SHA1 | 5299af182b7cf08f95fcb3815149d7c54e73187d |
| SHA256 | 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4 |
| SHA512 | dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe |
C:\Config.Msi\e5edd7b.rbf
| MD5 | bd3e2c28c647533a057b5cdf8bff2c5f |
| SHA1 | d36c80e460c5dde615ab1c268bd89309225ecb82 |
| SHA256 | f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b |
| SHA512 | 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc |
C:\Config.Msi\e5edd7a.rbf
| MD5 | 2a9b706d83be29f32a28f29be397e533 |
| SHA1 | 31135de80dd7b7c4a27516806fbbb13d871548d9 |
| SHA256 | db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236 |
| SHA512 | cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64 |
C:\Config.Msi\e5edd79.rbf
| MD5 | 775dac5f81248b14182c82013672c42e |
| SHA1 | cef7bba712b25da04f60f597cb614c7e4b87f24e |
| SHA256 | e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f |
| SHA512 | 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c |
C:\Config.Msi\e5edd78.rbf
| MD5 | 75e8bc00ad7da1e7628f146dc33cc83a |
| SHA1 | b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e |
| SHA256 | 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d |
| SHA512 | b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3 |
C:\Config.Msi\e5edd77.rbf
| MD5 | 219c69df0c23fdaf84e4c9ea2835a628 |
| SHA1 | d3b091bfcaa8506d299cb1d7453fdce7fb27dafe |
| SHA256 | e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457 |
| SHA512 | e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8 |
C:\Config.Msi\e5edd76.rbf
| MD5 | e3c8239a97601bb203b9e9037eed89c2 |
| SHA1 | 75f0e5f417477d4c491e8ad81f498faf761618a1 |
| SHA256 | 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db |
| SHA512 | 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2 |
C:\Config.Msi\e5edd75.rbf
| MD5 | f148286b321ed09c2d17e9e3637c807b |
| SHA1 | b0928429f52028b512dad9c7e0996ee7ade315d3 |
| SHA256 | 33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a |
| SHA512 | d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b |
C:\Config.Msi\e5edd74.rbf
| MD5 | 03898441f5d9a8809c04fe746fd498b3 |
| SHA1 | 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6 |
| SHA256 | 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296 |
| SHA512 | dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12 |
C:\Config.Msi\e5edd73.rbf
| MD5 | 5e1a793d9615d4d9e153ee416abc83ad |
| SHA1 | 27d231f4d1e2b473f9695daa21b22804db779826 |
| SHA256 | 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090 |
| SHA512 | f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876 |
C:\Config.Msi\e5edd72.rbf
| MD5 | 535d9d8441e0e22aa3f407c7197f8a0f |
| SHA1 | ec6d047e975c107a7ecdf78bf352a5a68f53392f |
| SHA256 | 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5 |
| SHA512 | f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e |
C:\Config.Msi\e5edd71.rbf
| MD5 | c7fc5f01de9577403a1ea8aafad79e72 |
| SHA1 | 6422fa355184394ace02c0ba88e5b8af3db7fa6c |
| SHA256 | c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef |
| SHA512 | b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87 |
C:\Config.Msi\e5edd70.rbf
| MD5 | bc9a83d77cae33f9eb9bd538ab65b2a1 |
| SHA1 | 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8 |
| SHA256 | d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c |
| SHA512 | 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57 |
C:\Config.Msi\e5edd6f.rbf
| MD5 | 9e877ffed2e2c9a013c59581f88786b5 |
| SHA1 | d3bbb3e2c36520ec267463916d3356bf4fcd8037 |
| SHA256 | 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5 |
| SHA512 | 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613 |
C:\Config.Msi\e5edd6e.rbf
| MD5 | d68368708be2b6dac797743e23dbf655 |
| SHA1 | e843b858d72359ecf6fcdfca328ed19a7f23210b |
| SHA256 | dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361 |
| SHA512 | 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e |
C:\Config.Msi\e5edd6d.rbf
| MD5 | 1f50737bb92b1f71b15824a0f113d3f9 |
| SHA1 | 4d78793ea921986d011a024b91ac59d6c02de6e0 |
| SHA256 | f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57 |
| SHA512 | 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4 |
C:\Config.Msi\e5edd6c.rbf
| MD5 | cad14a2ced4a556139097c1f716eae70 |
| SHA1 | 9552115b645c17165bacc2231725b3f8073105a3 |
| SHA256 | 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a |
| SHA512 | df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331 |
C:\Config.Msi\e5edd6b.rbf
| MD5 | 6742f826c21773c933fc2a68ceecb99b |
| SHA1 | dc689d3fb31e7cab6a33cd2192d6114542173514 |
| SHA256 | a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036 |
| SHA512 | 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a |
C:\Config.Msi\e5edd6a.rbf
| MD5 | 1c8e5ef9f86430fbda800e45c0a89aa5 |
| SHA1 | 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a |
| SHA256 | 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6 |
| SHA512 | 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66 |
C:\Config.Msi\e5edd69.rbf
| MD5 | a3ae8e892e025e479978fb07fb449784 |
| SHA1 | 71a1641ffb0da859af5e355c5bf4a9bcf1746e74 |
| SHA256 | a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b |
| SHA512 | e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54 |
C:\Config.Msi\e5edd68.rbf
| MD5 | d87310699e3baac5ecc0f64673fe3485 |
| SHA1 | 34460b0eb74977b98d9d3e683d5ffa2aec11059c |
| SHA256 | 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb |
| SHA512 | 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38 |
C:\Config.Msi\e5edd67.rbf
| MD5 | 6083b2909a6c1ab52ce84da1b435e7cf |
| SHA1 | e851ccddf1fcb0c2fd9cfb4a357f72633452f240 |
| SHA256 | 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956 |
| SHA512 | 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1 |
C:\Config.Msi\e5edd66.rbf
| MD5 | 86a1d818b679edbe94ab51b963ba79a1 |
| SHA1 | 2b9ee6b54aa2f709442e7e514335e2548c933318 |
| SHA256 | b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa |
| SHA512 | ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9 |
C:\Config.Msi\e5edd64.rbf
| MD5 | 7173d17aa9ff4cda07fbfff21a584a67 |
| SHA1 | 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc |
| SHA256 | 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867 |
| SHA512 | b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167 |
C:\Config.Msi\e5edd63.rbf
| MD5 | 91ceea551937cb5da627f33ef7995ee8 |
| SHA1 | 4e7483605c4027381e4796345f0a0e6aa9342a5b |
| SHA256 | 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806 |
| SHA512 | 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9 |
C:\Config.Msi\e5edd62.rbf
| MD5 | bc959a160882b0de0583047b1b5b93a6 |
| SHA1 | 78bda837a0fcc25623b54e95f3eff76c3bd79332 |
| SHA256 | b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e |
| SHA512 | 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd |
C:\Config.Msi\e5edd61.rbf
| MD5 | 3fd311d5a5cab694d93c6de5ab39adc6 |
| SHA1 | 2950e2cecaa45f46dcc443037c7a4db550533578 |
| SHA256 | 4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3 |
| SHA512 | fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35 |
C:\Config.Msi\e5edd60.rbf
| MD5 | f1e8d3b056eb17b33d6d23b5dd20eb56 |
| SHA1 | 7556e1bf214dca70ffec24768f3c549ab4ab1886 |
| SHA256 | e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c |
| SHA512 | 914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87 |
C:\Config.Msi\e5edd5f.rbf
| MD5 | 90891a2ac9ef19d26ddfae3dcb69fadc |
| SHA1 | 14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98 |
| SHA256 | dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d |
| SHA512 | 4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49 |
C:\Config.Msi\e5edd5e.rbf
| MD5 | 9f8ecff52bd15cff2deeb91bd325e101 |
| SHA1 | c82a0eddc66f95f0bfe1fc984671837cf0b07a65 |
| SHA256 | aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170 |
| SHA512 | cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c |
C:\Config.Msi\e5edd5d.rbf
| MD5 | a06591a7b689e5fe00f6755a180af130 |
| SHA1 | a581485fe2c6d9acf795e80c7d6b0f3a0e721584 |
| SHA256 | 6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4 |
| SHA512 | bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff |
C:\Config.Msi\e5edd5c.rbf
| MD5 | 070f18d93af687edf010efa343dcc983 |
| SHA1 | 16858f9fd0d8ed788ec49460ca2b596c193d2af1 |
| SHA256 | 89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0 |
| SHA512 | e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de |
C:\Config.Msi\e5edd5b.rbf
| MD5 | be6f4fd7365dfa124d60114095380602 |
| SHA1 | 66a41958ead9151d7e61d690f12006ca8a40df89 |
| SHA256 | 66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa |
| SHA512 | e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781 |
C:\Config.Msi\e5edd5a.rbf
| MD5 | 8b1132f4e0387a233497141cf30b1edf |
| SHA1 | 2afb866bc5093b1281b2ad0fc4a29bc2cab035d5 |
| SHA256 | 51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f |
| SHA512 | f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490 |
C:\Config.Msi\e5edd59.rbf
| MD5 | a5c7d3197e0ac097600d2901ed4f6e77 |
| SHA1 | a459c50978c7e377f1130d7779f4a2fa41d0033c |
| SHA256 | 8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356 |
| SHA512 | f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc |
C:\Config.Msi\e5edd58.rbf
| MD5 | aef35350473c3e263b6d8d4a76616b7d |
| SHA1 | 265bf8cadf460109a3a2d0d8e23b7b1eb18d7660 |
| SHA256 | fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135 |
| SHA512 | b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76 |
C:\Config.Msi\e5edd57.rbf
| MD5 | 8a138a7c5f6826e2adec47162589bdc7 |
| SHA1 | 8ba9043cc728827655406126e46950e6a6bf35a1 |
| SHA256 | 9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43 |
| SHA512 | beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe |
C:\Config.Msi\e5edd56.rbf
| MD5 | e9e2502356902589e8b0b86314294f30 |
| SHA1 | 44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd |
| SHA256 | c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25 |
| SHA512 | 7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849 |
C:\Config.Msi\e5edd55.rbf
| MD5 | 967be7e7a5e3cfc4902a4dcd26eda18a |
| SHA1 | f0b364113ccd380a256a3f6217b8795300d0fe30 |
| SHA256 | 071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a |
| SHA512 | db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda |
C:\Config.Msi\e5edd53.rbf
| MD5 | acfd9dff068c374658366e397a5695d4 |
| SHA1 | bbd33c62b022d3592e0c2a67144070ff4e2709a8 |
| SHA256 | a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc |
| SHA512 | b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae |
C:\Config.Msi\e5edd52.rbf
| MD5 | 9184814c35561939e4b0ad91788441f1 |
| SHA1 | a5281447d62fb3acb7915e757c68b6c29ae69adb |
| SHA256 | 788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27 |
| SHA512 | cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199 |
C:\Config.Msi\e5edd51.rbf
| MD5 | 6a5ee23e3d7b67dfc39ce1c085d8c654 |
| SHA1 | 6f9c0d88df3df2cf86cc543822b2e6196e849b15 |
| SHA256 | b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48 |
| SHA512 | 2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9 |
C:\Config.Msi\e5edd50.rbf
| MD5 | 97cf058f86fa06f7e5893211dca28a42 |
| SHA1 | 17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f |
| SHA256 | 742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e |
| SHA512 | 84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb |
C:\Config.Msi\e5edd4f.rbf
| MD5 | af6ae18e360ffca6c0ceaeeebbf6d8d4 |
| SHA1 | 0b4ee1121e9070e95147f6c1664f23a9c772ac7a |
| SHA256 | 9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3 |
| SHA512 | eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0 |
C:\Config.Msi\e5edd4e.rbf
| MD5 | a9762e02d260a34b79fdea198f3e82d6 |
| SHA1 | 5023fc4a74ce1eb15893cf0f724e658c9c5236eb |
| SHA256 | 15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578 |
| SHA512 | 61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502 |
C:\Config.Msi\e5edd4d.rbf
| MD5 | 2cf01239384af6de8b712278d7598e90 |
| SHA1 | 613cb264d8628008809878154f6eb17f35031c04 |
| SHA256 | 51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e |
| SHA512 | 0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6 |
C:\Config.Msi\e5edd4c.rbf
| MD5 | 15caac1ec79f05d8aa62aaeec6903e8d |
| SHA1 | 1990604b5491cc83a73f592d1e70b41be5a2d998 |
| SHA256 | e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2 |
| SHA512 | d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402 |
C:\Config.Msi\e5edd4b.rbf
| MD5 | 0da2f7810a668012c630db3fa8230499 |
| SHA1 | 9ca963ea4e3544609741308d71863bc86a0c0ceb |
| SHA256 | 4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0 |
| SHA512 | 57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee |
C:\Config.Msi\e5edd4a.rbf
| MD5 | df0c6bb7965a3dfce5f0f158e9d5251f |
| SHA1 | 5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35 |
| SHA256 | 883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f |
| SHA512 | 8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04 |
C:\Config.Msi\e5edd49.rbf
| MD5 | 4f94bf5157da351f7d0089a0b72b1ad9 |
| SHA1 | c61d8fb8801a3362fcb8eb539003c996cd94e9fd |
| SHA256 | 257b042bbab38406cb720fb9b2275828b003c6be15933227ceac68e08b846412 |
| SHA512 | f75d0365f67ff6632c8d1a3745e8e8eab55b25a562841910320dfda967a5428a5afc469a211e90d7ac78930fd55e0597b11aaf15cec5e57c0f22c02da53881d5 |
C:\Config.Msi\e5edd47.rbf
| MD5 | 5062f0598bc909a99bd21ff77d3421eb |
| SHA1 | 4917cf83d7e3ebac3fbf3e405c4dd633430cb98f |
| SHA256 | e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8 |
| SHA512 | ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a |
C:\Config.Msi\e5edd46.rbf
| MD5 | da8a2cab1ddbd3fa6cfa43c0bff54348 |
| SHA1 | 45268d28d4e628781f65f08612394ff7e0d38720 |
| SHA256 | a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200 |
| SHA512 | 18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10 |
C:\Config.Msi\e5edd45.rbf
| MD5 | de2943783e864e16eb161a507dedcd3c |
| SHA1 | 577774c71730c72d22a80e5d049073fc23f8023a |
| SHA256 | 6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe |
| SHA512 | 00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec |
C:\Config.Msi\e5edd44.rbf
| MD5 | 91d3ae6b71705330e73ca4159817ff4e |
| SHA1 | a941037aa373a426e73dfb853526f150ce4457b0 |
| SHA256 | 4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea |
| SHA512 | 8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5 |
C:\Config.Msi\e5edd43.rbf
| MD5 | 4da7266720463186401b1ee9ae625e09 |
| SHA1 | 040cf60bc1f52402d10e0b898e38b907dd9d9ba0 |
| SHA256 | 2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b |
| SHA512 | da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091 |
C:\Config.Msi\e5edd42.rbf
| MD5 | e8013aaa8fea097b88d7021039154ed9 |
| SHA1 | 4866c788df4739c011e62f3634989e8959832730 |
| SHA256 | a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370 |
| SHA512 | 8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d |
C:\Config.Msi\e5edd40.rbf
| MD5 | 6d525c5be39dd69154fb0cf297fa9c1b |
| SHA1 | 48b89a8803b7020d7a0bc5dd760c261b2dbb87bf |
| SHA256 | 82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744 |
| SHA512 | 0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef |
C:\Config.Msi\e5edd3f.rbf
| MD5 | 2408534b8cefaf5362700e8afedf070d |
| SHA1 | f197be5f143eae025a5c40837b8432e89b8752a3 |
| SHA256 | e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2 |
| SHA512 | 94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb |
C:\Config.Msi\e5edd3e.rbf
| MD5 | 7273fe5d0ce6473e646ba240e3fffc8e |
| SHA1 | af11a7b48bde2b1046779147c84d3287a469639f |
| SHA256 | d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd |
| SHA512 | 9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b |
C:\Config.Msi\e5edd3d.rbf
| MD5 | ec5a78ba8d91e89c0d9b3683d0cfd5d8 |
| SHA1 | 0db33de0721fda2e302c39b98f3987ddb9267850 |
| SHA256 | b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07 |
| SHA512 | c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9 |
C:\Config.Msi\e5edd3c.rbf
| MD5 | 224d8b3ed1cc4f5b32e295612f1c263d |
| SHA1 | d84f00249e43dcf21d4e68c1b2b21efed5f3c267 |
| SHA256 | 20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676 |
| SHA512 | 87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2 |
C:\Config.Msi\e5edd3a.rbf
| MD5 | 574d91266ee9fa03432cf50da30dd232 |
| SHA1 | b5c48a695fc376c174a79954a6d49280178eb4ae |
| SHA256 | 6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85 |
| SHA512 | f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa |
C:\Config.Msi\e5edd39.rbf
| MD5 | fda48714f6a291e25a1a219e89d59d9b |
| SHA1 | c1e8ddfc64995c0acc48623f30aadb1448bca62f |
| SHA256 | be2885e897470da3778a661158dc21f32a4aada769996abda082cc4bb6030086 |
| SHA512 | 8508ee381bfc5d2491fdd9b14603003264441222984762d14f06440afbc2cc88d80b95bdbbec4089127ec76402408a60b850e1f46ebb5bcda5aa3ef1b6ce70ab |
memory/3404-1590-0x00007FF8AB2B0000-0x00007FF8AB2EA000-memory.dmp
memory/3404-1587-0x00007FF666BE0000-0x00007FF667679000-memory.dmp
memory/3404-1591-0x00007FF89BCA0000-0x00007FF89BFAE000-memory.dmp
memory/3404-1592-0x0000029FC1700000-0x0000029FC1709000-memory.dmp
memory/3404-1589-0x00007FF8AB2F0000-0x00007FF8AB38B000-memory.dmp
memory/3404-1588-0x00007FF8B1780000-0x00007FF8B1795000-memory.dmp
memory/552-1601-0x00007FF8AB2B0000-0x00007FF8AB2EA000-memory.dmp
memory/552-1598-0x00007FF666BE0000-0x00007FF667679000-memory.dmp
memory/552-1600-0x00007FF8AB2F0000-0x00007FF8AB38B000-memory.dmp
memory/552-1599-0x00007FF8B1780000-0x00007FF8B1795000-memory.dmp
memory/3404-1610-0x00007FF89BCA0000-0x00007FF89BFAE000-memory.dmp
memory/3404-1609-0x00007FF8AB2B0000-0x00007FF8AB2EA000-memory.dmp
memory/3404-1608-0x00007FF8AB2F0000-0x00007FF8AB38B000-memory.dmp
memory/3404-1607-0x00007FF8B1780000-0x00007FF8B1795000-memory.dmp
memory/3404-1606-0x00007FF666BE0000-0x00007FF667679000-memory.dmp
memory/4948-1624-0x0000000002CE0000-0x0000000002CE1000-memory.dmp
memory/3084-1626-0x000001A0AA600000-0x000001A0AA700000-memory.dmp
memory/3084-1631-0x000001A0AB3E0000-0x000001A0AB400000-memory.dmp
memory/3084-1653-0x000001A0ABAB0000-0x000001A0ABAD0000-memory.dmp
memory/3084-1639-0x000001A0AB3A0000-0x000001A0AB3C0000-memory.dmp
memory/3108-1772-0x0000000002A20000-0x0000000002A21000-memory.dmp
memory/4296-1774-0x000002A521700000-0x000002A521800000-memory.dmp
memory/4296-1779-0x000002A5227C0000-0x000002A5227E0000-memory.dmp
memory/4296-1775-0x000002A521700000-0x000002A521800000-memory.dmp
memory/4296-1810-0x000002A522B90000-0x000002A522BB0000-memory.dmp
memory/4296-1799-0x000002A522780000-0x000002A5227A0000-memory.dmp
memory/2984-1910-0x0000000003460000-0x0000000003461000-memory.dmp
memory/4040-1912-0x0000020D18C40000-0x0000020D18D40000-memory.dmp
memory/4040-1916-0x000002151ADA0000-0x000002151ADC0000-memory.dmp
memory/4040-1928-0x000002151AD60000-0x000002151AD80000-memory.dmp
memory/4040-1944-0x000002151B170000-0x000002151B190000-memory.dmp
memory/3860-2044-0x0000000002AB0000-0x0000000002AB1000-memory.dmp
memory/4308-2046-0x0000022BE8F00000-0x0000022BE9000000-memory.dmp
memory/4308-2048-0x0000022BE8F00000-0x0000022BE9000000-memory.dmp
memory/4308-2051-0x00000233EB060000-0x00000233EB080000-memory.dmp
memory/4308-2061-0x00000233EB020000-0x00000233EB040000-memory.dmp
memory/4308-2082-0x00000233EB430000-0x00000233EB450000-memory.dmp
memory/4308-2047-0x0000022BE8F00000-0x0000022BE9000000-memory.dmp
memory/5460-2186-0x0000000004990000-0x0000000004991000-memory.dmp
memory/5368-2190-0x0000021677B00000-0x0000021677C00000-memory.dmp
memory/5368-2193-0x0000021678C00000-0x0000021678C20000-memory.dmp
memory/5368-2213-0x0000021678FD0000-0x0000021678FF0000-memory.dmp
memory/5368-2202-0x00000216789C0000-0x00000216789E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\92G8RFY9\microsoft.windows[1].xml
| MD5 | 154014c190bcc3ee57ed7e94a2f5d4b9 |
| SHA1 | 20848fea26d00af1a18c235031228444530ec9d4 |
| SHA256 | bcd046aa48862e2cc160ed1dc72283cfeeffce82c66d4aae555664ae3043ac53 |
| SHA512 | 91c232d6bb42bebe9f998bae5e1a08d9ea0a8ed86ead98ab733fcf8170ecb100f3294ba378ac4b07ed7b8023760a20324145fcd3884d8848334de81a718d8be5 |
memory/4708-2344-0x0000000003170000-0x0000000003171000-memory.dmp
memory/4252-2347-0x0000018CC9440000-0x0000018CC9540000-memory.dmp