Malware Analysis Report

2025-01-19 04:31

Sample ID 240812-yw635sxfkm
Target Unconfirmed 581740.crdownload
SHA256 8a55127e468ac1c351487eb1199d3bf26818d6449d3e7fa4a9fe72425a43a007
Tags
adware microsoft defense_evasion discovery evasion persistence phishing privilege_escalation spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8a55127e468ac1c351487eb1199d3bf26818d6449d3e7fa4a9fe72425a43a007

Threat Level: Likely malicious

The file Unconfirmed 581740.crdownload was found to be: Likely malicious.

Malicious Activity Summary

adware microsoft defense_evasion discovery evasion persistence phishing privilege_escalation spyware stealer trojan

Manipulates Digital Signatures

Reads user/profile data of web browsers

Downloads MZ/PE file

Enumerates connected drives

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Checks whether UAC is enabled

Network Share Discovery

Indicator Removal: Clear Persistence

Installs/modifies Browser Helper Object

Detected potential entity reuse from brand microsoft.

Event Triggered Execution: Component Object Model Hijacking

Drops file in System32 directory

Checks computer location settings

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Checks system information in the registry

Drops file in Windows directory

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Checks processor information in registry

System policy modification

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-12 20:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-12 20:09

Reported

2024-08-12 20:54

Platform

win10v2004-20240802-en

Max time kernel

2700s

Max time network

2700s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 581740.exe"

Signatures

Manipulates Digital Signatures

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Reads user/profile data of web browsers

spyware stealer

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.100\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\127.0.2651.98\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Indicator Removal: Clear Persistence

defense_evasion
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Delete value \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe\MitigationOptions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A

Network Share Discovery

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Quick Assist Installer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log \??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\fil.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\msedgeupdateres_es-419.dll C:\Users\Admin\AppData\Local\Temp\wv25580.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedge_elf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\WidevineCdm\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Trust Protection Lists\Sigma\Cryptomining C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedge_pwa_launcher.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\v8_context_snapshot.bin C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Locales\et.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\et.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1208949932\Part-RU C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Trust Protection Lists\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Locales\th.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\MicrosoftEdge_X64_127.0.2651.98.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\msedgeupdateres_ja.dll C:\Users\Admin\AppData\Local\Temp\wv25045.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\VisualElements\LogoDev.png C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_id.dll C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Trust Protection Lists\manifest.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\bs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\identity_proxy\win11\identity_helper.Sparse.Canary.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psuser.dll C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msvcp140_codecvt_ids.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\ml.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\msedgeupdateres_fi.dll C:\Users\Admin\AppData\Local\Temp\wv25580.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\cy.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Locales\sr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\Office16\SLERROR.XML C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\da.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\ru.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5072_1149573474\Chrome-bin\127.0.6533.100\dxcompiler.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\msedgeupdateres_gu.dll C:\Users\Admin\AppData\Local\Temp\wv25045.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\cs.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Trust Protection Lists\Mu\LICENSE C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\06f5720c-b6ee-411a-9671-2f6a1e3d2ee1.tmp C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe.sig C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\hu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdateBroker.exe C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\hi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\msedgeupdateres_de.dll C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\notification_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\Locales\mt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Edge.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\edge_feedback\mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\msedgeupdateres_kk.dll C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_pl.dll C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Locales\ga.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Extensions\external_extensions.json C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\pubpol48.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\667L78U1F9\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\GZVQ6ILYPO\Microsoft.VisualStudio.Tools.Applications.Runtime.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\PCX4MYMW8T\Policy.11.0.Microsoft.Office.Interop.Excel.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\VCIMYKJNFE\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\temp\UCZ8H3APJB\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\pubpol27.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\PCX4MYMW8T\Policy.11.0.Microsoft.Office.Interop.Excel.config C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\B94C8BK8M1\Microsoft.Office.Interop.PowerPoint.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\pubpol41.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140_1.dll_x64 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\KL4VEV6DZC\Microsoft.Office.Tools.Common.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\MIBFZT71G0\Microsoft.Office.Tools.Excel.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\msvcp140.dll_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\MSIB0A8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB165.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\T12YEO0VZ5\Microsoft.Office.Interop.Graph.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\ND9WRRRZ5F\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\pubpol47.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\0NPPSN3VUY\Microsoft.Office.Tools.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngennicupdatelock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\pubpol26.dat C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\9O7Y5GK2BM\Policy.12.0.Microsoft.Office.Interop.SmartTag.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\SDYJANVPPT\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\assembly\pubpol42.dat C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe N/A
N/A N/A C:\Windows\Temp\ose00000.exe N/A
N/A N/A C:\Users\Admin\Downloads\Quick Assist Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wv2FC1F.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wv25045.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wv25580.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\MicrosoftEdge_X64_127.0.2651.98.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\MicrosoftEdge_X64_127.0.2651.98.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\MicrosoftEdge_X64_127.0.2651.98.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\MicrosoftEdge_X64_127.0.2651.98.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Unconfirmed 581740.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wv25580.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\wv2FC1F.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\127.0.2651.98\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\127.0.2651.98\\BHO" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\6036_ExitCode = "0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\001800101D769F2C = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000e45df6f77d4c1b49abf52b22dcfbc03c00000000020000000000106600000001000020000000d2a675cab70a54bfdff6943efcb8c908896cec6d75b04e3c26ae86362e1a026e000000000e8000000002000020000000639c40d12207a4016481d9d5c01a86e156f614a9ad716daaf6c5e8b580194706800000008d08ec12dffdaa5857b96e0b94e4c0ac45739b1c298e85f2232307709dc6d6d61097539eeeb3258605878f44a897a3db4f67609153c97d310d73935e9f64111c4bcfedbb6417bcdb07cdd2d4ba4a2277d934e1791056b77931de4104a461b4c520c536fd3b87afbdfb5085c735d37229d619657fd6e5622490d51ac27543df8d40000000c0239aec9b73b72049637e1f8eb3eba2b43414174ba22b558db229fb7260e7451ae7e382451a86725336510e8fd96721024bcd5ecdf4831530c2cba8c1da02cf C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0 = 4d736f3a3a436865636b73756d52656769737472793a3a446174617c75696e7436345f747c343531343639373633303333353331393130353b456373436f6e666967526573706f6e7365446174617c7b202256657222203a2022696e7433325f747c30222c2022436f6e6649647322203a20227374643a3a77737472696e677c502d522d313039383135382d312d352c502d522d37363735372d312d322c502d522d35343930332d312d332c502d522d32363134362d372d31372c502d442d32393633352d312d312c502d442d32373038372d312d392c502d522d37393638382d312d332c502d522d35333533322d312d352c502d522d35313433362d312d362c502d522d35313432372d31382d31322c502d522d34303436342d31382d392c502d582d39383531382d362d392c502d522d33383339302d31382d32312c626c6f636b6564677261706869637361646170746572353a3437353839392c502d522d33353039392d322d342c502d522d36313430382d31382d332c502d522d35353734362d322d352c502d522d35333531322d312d342c502d522d34363937342d31382d31382c502d522d33383935332d312d31312c502d522d33363535312d31382d31382c502d522d37313431342d312d362c502d522d34303235332d362d31392c502d522d34303235342d362d31382c502d522d33353430312d362d372c502d522d33323130372d32322d32322c502d522d33393134362d31342d31352c502d522d33393134372d31342d32302c502d522d32383534362d362d31312c502d522d32383136352d362d32382c502d522d32343938302d382d34382c502d522d32343339302d352d31322c502d522d31383237392d322d36352c502d442d33343230302d342d352c502d522d35313134352d322d372c502d522d32393932382d322d32302c502d522d36373933322d312d342c502d522d36373230312d312d342c502d522d36343534352d312d342c502d522d36343033352d312d342c502d522d35333531352d31382d392c502d522d35333238302d312d362c502d522d35323234372d312d352c502d522d35313935382d312d352c502d522d35313834322d312d352c502d522d35313237372d322d362c502d522d34373435312d31382d32302c502d522d34353931392d31382d31392c502d522d34353038352d31382d31322c502d522d34313434322d31382d31382c502d522d33383038352d31322d392c502d522d31383734342d362d32322c502d442d33343233392d312d362c502d522d313033343136392d31302d372c502d452d32383637372d322d332c502d522d35353132322d382d382c502d522d35303235352d31302d392c502d522d34343930372d312d392c502d522d34353331342d31302d31362c502d522d34343936352d43312d362c502d582d313234303832332d312d332c502d452d33383233312d322d342c502d522d313234353636322d31352d342c502d522d39343536302d31342d31322c502d522d39343138392d31342d31332c502d522d39333838322d31342d32362c502d522d35343732382d31362d32332c502d522d35343639382d31362d31362c502d522d35343635382d31382d31392c502d522d33383330362d4331372d332c502d522d33353731372d352d33302c502d522d33343031392d342d332c77696e333264657669636563616e6172793a3534313438332c77696e333264657669636563616e6172793a3534313438332c502d582d35333834352d312d392c502d582d35333737322d312d332c502d582d35313739302d312d332c502d522d313032353233322d32342d392c502d522d37313335382d312d342c502d522d37303934312d312d342c502d522d36393036352d312d332c502d522d36373136302d312d372c502d522d35393738312d312d342c502d522d35353633312d312d342c502d522d35343231352d312d342c502d522d35333735312d312d342c502d522d35333735322d312d342c502d522d35333532362d312d342c502d522d35323131302d312d342c502d522d34393736352d31352d33322c502d522d34383831382d31372d32352c502d522d35303637392d312d342c502d522d35303438362d31382d31322c502d522d34343833302d31382d31332c502d522d34393431362d342d31342c502d522d34383435372d322d362c502d522d34373937342d31362d31382c502d522d34363534342d31382d31312c502d522d34353630392d31342d362c502d522d34353139372d322d362c502d522d34343034362d31382d31312c502d522d34343031352d31382d32302c502d522d34333732332d322d362c502d522d34313734322d31382d33322c502d522d34303938302d31382d31362c502d522d34303335392d322d31302c502d522d33393032392d352d31382c502d522d33383833352d31382d34382c502d522d33373637362d31382d34362c502d522d33363331302d342d352c502d522d33353934352d31302d352c502d522d33353136352d322d372c502d522d33353134332d342d342c502d522d33333535332d342d362c502d522d33333533362d31322d31332c502d522d32393830392d312d372c502d522d32363936382d332d392c502d522d31383432352d322d35372c502d522d31383432362d352d32352c502d522d31383432342d342d32392c66697365723139303a3337373730342c686170707930333137323032302d313a36313937372c686170707930323036323032302d303a32383432382c502d522d35333534352d342d352c502d522d35303731312d31382d31312c502d522d34393733362d362d32322c502d522d34383436372d31382d31382c502d522d33323130362d372d33332c502d522d33303038352d312d392c502d522d32393133382d33382d38332c502d522d32393331352d33362d36392c502d522d32353030392d312d382c502d522d32343336332d312d31332c502d522d32313633312d31302d36342c502d522d31393839382d312d32322c502d522d31393831342d312d36322c502d522d31393031322d312d35372c502d582d35303232302d312d332c502d582d34393733302d312d332c502d522d36393334372d312d352c502d522d36343537342d312d342c502d522d35343131362d312d342c502d522d35333538352d31382d31382c502d522d35323539342d31382d352c502d522d35323338362d312d342c502d522d35303938302d322d342c502d522d35303933382d312d342c502d522d35303135322d31382d32302c502d522d34393137352d31382d32322c502d522d34373236302d31382d32332c502d522d34343135362d31382d32362c502d522d34333238342d31382d31392c502d522d34333238352d31322d32322c502d522d34323438322d312d342c502d522d34303939302d31322d31352c502d522d33393333332d31382d32382c502d522d33353433392d31322d32312c502d522d33333231352d31382d31392c502d522d33313335322d31322d32352c502d442d33343236392d322d352c67727573653438383a3537303335382c677269636f3430363a31393737372c502d522d34393833302d31382d31352c502d522d34303538362d31382d32372c502d522d33323939362d31382d32342c502d442d34303331362d392d352c502d522d35303432392d31382d382c502d522d36353239352d31382d33302c502d522d36313836312d312d342c502d522d36313733372d312d342c502d522d35313737372d31382d382c502d522d35303932302d312d362c502d522d35303336362d31382d31392c502d522d33353938352d31342d32332c502d522d33353839312d31382d352c502d522d33323030342d322d352c502d582d313237363530392d312d352c502d522d313238303432352d31332d31372c502d522d36383333362d322d342c502d522d36373238362d322d362c502d522d35313531332d322d342c69306437363937303a3539383638392c502d522d37393936332d312d322c502d522d35323034332d312d332c502d522d35313736342d312d342c502d522d34393338382d322d362c502d522d34383333352d342d31362c502d522d34373330382d332d392c502d522d34323339322d322d342c502d522d33393037332d312d352c502d522d313132333337362d31302d31322c502d522d313030393835352d31322d31342c502d522d39383835362d31382d34382c502d522d34333438392d33302d31352c502d522d33383431302d31322d32332c502d582d313239313234362d322d332c502d582d313031393538312d312d332c502d582d313030363137342d312d352c502d522d36363433362d312d342c502d522d36323837332d312d342c502d522d35313039372d312d352c502d522d35303730362d31382d372c502d522d35303035352d31382d372c502d522d34393331352d31382d352c502d522d34323636302d31382d33352c502d522d33363634392d382d392c63683337313137393a3630303339362c6f656d69633633393a3339373735332c6f65616c6c3834333a3337353838372c502d522d34323337392d322d332c502d522d34323337382d322d332c502d522d36363533392d312d342c502d522d36363533382d312d342c502d522d36353237382d312d342c502d522d36353237392d312d342c502d522d35393138302d312d342c502d522d34383037302d312d352c502d522d34373338362d312d342c502d522d35353334322d322d322c502d522d35333337372d322d362c502d522d35323438312d322d352c502d522d34393735392d322d382c502d522d34363130302d32302d392c502d522d33383531302d322d31302c502d522d33373535302d32302d31332c502d522d33323138362d32382d32392c502d522d35383133352d322d342c502d522d35363631382d312d332c502d522d35363032372d312d342c502d522d34363134352d31382d31382c502d522d33333839322d312d382c502d522d33333639362d312d352c502d522d35353734392d312d342c502d522d35333636322d312d342c502d522d35323234362d312d342c502d522d35323234352d312d342c502d522d35323233382d312d352c502d522d34333634342d362d31332c502d522d33393931322d312d322c502d522d33393238332d342d31302c502d522d35303338302d31382d31382c502d522d35303337392d31382d31372c502d522d36383134362d312d352c502d522d36333430392d312d352c502d522d35303534322d31382d31342c502d522d35303530302d31382d31362c502d522d34383336352d31382d32342c502d522d34383136312d31382d33322c502d522d34363539372d312d342c502d522d33333733372d312d342c502d452d32393636322d322d332c502d522d32393330332d322d32302c502d522d35363635342d322d342c502d522d35333235362d322d31312c502d522d35313730332d312d352c502d522d35303133332d322d392c502d522d34373234322d31382d31312c502d522d34363431302d312d352c502d522d34353535302d31382d34362c502d522d34353439302d31362d392c502d522d34343838352d31382d32302c502d522d34323531322d312d332c502d522d34303136392d382d31332c502d522d33393730302d322d372c502d522d33373331332d31382d32322c502d522d33363636342d342d342c502d522d33353437362d322d352c502d522d33353430372d342d332c502d522d33353233372d31342d31312c502d522d33353135302d322d342c502d522d33353132392d322d342c502d522d33353035362d342d352c502d522d33343838392d382d342c502d522d33343034342d322d342c502d522d33333731382d362d352c502d522d33333435392d312d352c502d522d33303239322d342d372c502d522d32383634342d312d342c502d522d32343033372d312d372c502d522d32333434352d332d372c502d522d32333433342d332d372c502d522d32333430332d332d382c502d522d31383531332d312d33302c502d442d33343639392d342d342c502d442d33343639372d322d342c502d442d33343637352d312d342c502d442d33343637332d312d342c502d442d33343635342d312d342c502d442d33343538372d332d352c502d442d33343236362d312d342c502d442d33343236322d312d352c502d442d33343236302d312d352c502d442d33343235382d322d352c502d442d33323436352d312d352c502d442d33323435392d322d342c502d442d33323435382d352d342c502d582d313038333432372d322d352c502d522d36393532392d312d352c502d522d36353031312d312d332c502d522d35333632322d31382d342c502d522d35303534312d322d372c502d522d34393839332d32322d392c502d522d33363933322d322d31332c6a683861623434373a3338303633332c502d522d36393233322d31382d31332c502d522d32333638312d322d372c502d442d33323530322d322d332c502d442d33323530312d322d332c502d442d33323431352d322d332c502d522d36343531332d31382d31312c502d522d35313931362d38342d33312c502d522d313238363634322d312d332c502d522d313238303138362d312d332c502d522d313236373038342d322d352c502d522d313235383738342d312d332c502d522d313234353239362d342d362c502d522d313233363935332d322d342c502d522d313135373537302d322d342c502d522d313133323832312d322d342c502d522d313131393031332d312d332c502d522d313039383739362d312d332c502d522d313039343434352d312d332c502d522d313038303431322d312d332c502d522d313036393736392d322d342c502d522d313036383131352d312d332c502d522d313034353131382d322d342c502d522d32353236392d31342d32312c502d522d313034343430382d312d332c502d522d313034343134312d372d392c502d522d313033373838372d312d332c502d522d313033373837392d312d332c502d522d313033363239332d312d332c502d522d313033363239322d312d332c502d522d313033363238392d322d342c502d522d313033363238382d312d332c502d522d313033363036382d322d342c502d522d313033353933332d322d342c502d522d313033353134392d322d342c502d522d313033333831372d312d332c502d522d313032383136382d312d332c502d522d313030393731372d332d352c502d522d313030303036312d322d342c502d522d3131373534382d322d342c502d522d3131313638322d312d332c502d522d3130353733312d33362d33382c502d522d3130343433352d31332d31352c502d522d3130303239342d312d332c502d522d39393633332d312d332c502d522d39383932392d322d342c502d522d39383235302d312d332c502d522d39343239392d312d332c502d522d39333037372d312d332c502d522d38363131382d312d332c502d522d38303531372d372d392c502d522d37383131322d342d362c502d522d37373134302d322d342c502d522d37363931382d322d342c502d522d37363732312d312d332c502d522d37353434302d322d342c502d522d37333637362d312d332c502d522d37323434392d372d31302c502d522d37323033302d342d362c502d522d36383036392d322d342c502d522d36363937352d312d332c502d522d36353536372d312d332c502d522d36323231322d322d342c502d522d36303630322d332d352c502d522d35323633332d312d332c502d522d35323137312d322d342c502d522d35323031312d322d342c502d522d35313932312d382d31302c502d522d35313235382d382d31302c502d522d35303735322d322d342c502d522d35303638312d322d342c502d522d35303539392d342d362c502d522d35303539362d342d382c502d522d35303535332d312d332c502d522d34393539372d332d352c502d522d34393435382d322d342c502d522d34383533302d372d392c502d522d34373934382d312d342c502d522d34363538302d332d352c502d522d34363438342d31302d31322c502d522d34363132322d312d332c502d522d34353835382d322d342c502d522d34333936362d322d342c502d522d34333530322d31392d32312c502d522d33383234382d31392d32332c502d522d34313433302d312d332c502d522d34303735312d382d31302c502d522d34303237332d342d362c502d522d33393233382d352d372c502d522d33383638322d332d352c502d522d33373538382d322d342c502d522d33343335352d382d31302c502d522d32363236362d342d392c502d522d32363833342d332d382c502d522d32343636322d31362d32322c502d522d32373437392d362d31312c502d522d32363035362d372d31352c502d522d32373030362d372d31322c502d522d33303333382d332d372c502d522d33303137382d37392d38312c502d522d33303035332d382d31302c502d522d32373435382d312d352c502d522d32353832322d31362d31392c502d522d32353038332d362d392c502d522d32343639302d34322d34362c502d522d32343638392d322d352c502d522d32343636362d322d352c502d522d32343636332d362d31312c502d522d32343635392d372d31302c502d522d32333734342d372d392c502d522d32333733392d372d392c502d522d32333733362d31342d31372c502d522d32333733342d372d392c502d522d32333733302d32312d32342c502d522d32333732332d31302d31322c502d442d33323538382d312d332c502d442d33323533342d312d332c502d442d33323532342d312d332c502d442d33323531382d312d332c502d442d33323531322d312d332c502d442d33323530392d312d332c502d442d33323438352d312d342c502d442d33323438342d312d342c502d442d33323430352d312d332c502d522d313038373134312d342d372c502d522d34393136302d31322d31322c502d522d34373630312d31382d31332c502d522d34363833342d31322d31342c502d522d34363230322d31382d31312c502d522d34343031382d31382d31332c502d522d34333335352d31382d31322c502d522d33353333372d31362d372c502d522d33333931362d312d352c502d522d33333538302d382d392c502d582d3131373430302d312d332c502d522d35393137352d31382d342c502d522d35333239322d31342d31302c502d522d34393133302d31382d32332c502d522d34363931332d31382d382c502d522d33373434392d31382d31352c75786d656469756d69636f6e6c756d696e616e63653a3335333435352c502d522d34383534392d31382d31312c502d522d31393236322d312d31322c502d452d34343737342d322d392c502d522d34343836392d31362d31362c502d522d33333931382d312d31312c502d522d313132383633302d312d372c502d522d313039383431322d312d352c502d522d313039313236372d312d35322c502d522d38313732302d312d322c502d522d35383430362d312d352c502d442d35303639372d322d342c502d442d32393731392d312d312c502d442d32393731382d312d312c502d442d32393539332d312d36222c2022434322203a20227374643a3a77737472696e677c4742222c2022446566436f6e667322203a20227374643a3a77737472696e677c6f6673683663326231746c61316133312c6f666372756934797664756c626633312c6f6668706578336a7a6e65706f6f3331222c202245787054696d6522203a2022696e7436345f747c31373233353336363037222c20224554616722203a20227374643a3a77737472696e677c C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|9" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Printers\DevModes2 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.1 = 5c22756b6373746a594d6e584443675949454554696c686d7a307a6131734f432b534d51796852454a684f6c6f3d5c22222c202246434d617022203a205b207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4669785468656d654368616e676551727952657061696e74222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e4c696e6b65645461626c654d616e616765722e536561726368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e7473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4163636573732e5175657279496d70726f76656d656e74732e45434c4d756c746953656c656374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e41697253706163652e436f6d62696e654261636b656e6444696d656e73696f6e436f6d6d616e6473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e4c6963656e73654665617475726573456e61626c65644f72436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4175674c6f6f702e576f726b666c6f7744697361626c65642e5265706c6163654f626a656374576f726b666c6f77222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4358452e48696464656e466f6e74734d736f466f6e745069636b657257696e3332222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e416c6c6f7753657456616c756573576974686f7574457863656c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4368616e6765476174652e46436c6561724d6f6e696b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e436f6c6c656374536861706550726f7073427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e4d6170436861727459656c6c6f7744617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e5069766f744368617274496e7665727446696c6c427567466978222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e43686172742e536c69646553686f7748696465546f6f6c74697073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d61785265747279436f756e74222c20225622203a2022696e7433325f747c313422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070564d6178526574727954696d654c696d6974222c20225622203a2022696e7433325f747c363030303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e417070565265747279496e74657276616c222c20225622203a2022696e7433325f747c3230303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655265666163746f72656453687574646f776e50726f636573736573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734164646f6e222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e557064617465427573696e657373222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e436c69636b3252756e2e5573655465616d734f6e55706461746550726f506c7573222c20225622203a20227374643a3a77737472696e677c656e61626c656422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e4164646974696f6e616c4461746154797065456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b466565646261636b457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e426c6f636b537572766579457870657269656e636542617365644f6e5072697661637953657474696e6773222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e436f686572656e6365457870657269656e6365456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e446961676e6f73746963735341532e55706c6f6164657254797065222c20225622203a2022696e7433325f747c3322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e456e61626c65466565646261636b5632536368656d61222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e466565646261636b446973616d626967756174696f6e53637265656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564466565646261636b5461736b50616e65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e486f73746564537572766579456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e437573746f6d6572566f6963652e536173466565646261636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446961676e6f73746963732e44697361626c654661737446696c746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c654361706163697479222c20225622203a2022696e7433325f747c313022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e414354522e5468726f74746c65496e74657276616c4d736563222c20225622203a2022696e7433325f747c3130303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4261636b7374616765496e6170704e61765632456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e49735265706c7954696d657374616d704c6f6767696e67456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e4e657743617264426f7264657273222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e4a53476174652e50616e65546162466f6375734669786573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d6f6465726e436f6d6d656e74732e50726f636573734368616e676573496e766f6b65456c7365506f7374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4d736f2e4f757453706163652e446570726563617465536574496d6167654173796e63222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f666669636553746172742e466978466f7241444f33393032343239222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4368616e6765476174652e4f757453706163652e536861726564576974684d652e44697361626c65446f63756d656e74735265717565737449665573696e674167674d7275222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e436865636b41637469766974794c6f67546f456e61626c654d656e74696f6e73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e456e61626c655369746573467269656e646c7950617468222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f72794c6567616379436c65616e7570456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486973746f7279556e696f6e466978456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e486f6d65506167652e436f6c6c61707369626c65536c616273222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e496e4170704e61762e43726561746552656e616d6544656c657465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4d736f2e4f666669636553746172742e466978466f7241444f333838363036375632222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e4f44656c74612e53747265616d4d6f6465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e446f63732e576f7069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e4361636865457870697279496e4d696e222c20225622203a2022696e7433325f747c37323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e666967496444656c696d69746572496e4c6f67222c20225622203a20227374643a3a77737472696e677c3b22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e436f6e6669674c6f67546172676574222c20225622203a20227374643a3a77737472696e677c64656661756c7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e44697361626c65436f6e6669674c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4543532e456e61626c65536d61727445546167222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e454353546573742e746573747661726961626c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c65436f6d706c65785069766f745461626c65496e5069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e456e61626c655069766f745461626c655265636f6d6d656e646572222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e496e7369676874732e5069766f745461626c655265636f6d6d656e64657252616e6b65725632222c20225622203a20224d736f3a3a416e79547970657c75696e7431365f747c323b626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e457863656c2e4e616d656453686565745669657750657273697374656e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e436f6e66696746657463684d616e61676572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e44796e616d6963447069222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e457870466972737453657373696f6e5461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e4665617475726551756572794c6f676765722e456e61626c655374617469634c6f6767696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e5472696d41707049644c697374546f4665746368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4578706572696d656e746174696f6e2e57696e333244657669636543616e617279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e416c7761797346616c6c6261636b466f7253796e634261636b6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e44657072656361746546696c65536572766572496e666f54797065222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e456e61626c654261636b67726f756e6455706c6f6164222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4368616e6765476174652e5573654e65774d736f446f6354656c656d65747279496e697450617468222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436865636b5265766973696f6e53747265616d457175616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f6c6c616250726f7053746f726543616368655265736574436865636b6572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e436f7079546f43616c6c6261636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4373694c696d6974656446616c6c6261636b546f486c696e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44534c49422e456e61626c654c6162656c73556e757365644f72436c6561726564436865636b222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446570726563617465436865636b5374617274735769746846696c654e616d65457869737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973616d626967756174654373694e6574776f726b436f6e6e65637469766974794572726f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f52657472795374726174656779222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446973636f5374726963744d6f6465456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e446f63732e4d736f2e4f757473706163652e496e6974436163686546726f6d464948222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4472675570646174655265666572656e63657353796368726f6e6f7573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e44796e616d6963467261676d656e7453697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e456e61626c65466f726365486f73744d6f C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.10 = 4576656e74466c61675c22203a2032207d207d207d2c205c22486c696e6b5c22203a207b205c224576656e74735c22203a207b205c224d736f4872486c696e6b43726561746546726f6d537472696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d534f5c22203a207b205c224576656e74735c22203a207b205c22434d736f4f4c446f634e657744657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c446f63756d656e74496e666f557073656c6c4576656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f63616c446f63756d656e74496e666f466c796f757444726f707065645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c65417574684661696c7572655f5573654578697374696e6743726564735f47656e657269634661696c7572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f4f4c446f6342617365476574504b4d436c69656e7445785c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f536572766572496e666f476574536572766572496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794872476574447270436f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745265636f766572794d736f4872426567696e4d6f646966794472705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225469746c654261725361766555694d616e616765725772697465537461747573546f5469746c654261725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164437369446c6c466f72436c69636b3252756e456e7669726f6e6d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2249735365727665724361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d616e75616c5361766555736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c6553746f72655c22203a207b205c224576656e74735c22203a207b205c22465344436f7272757074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2247617262616765436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225a65726f4279746546696c6555706c6f6164417474656d707465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2252756e74696d6550726f706572746965735c22203a207b205c224576656e74735c22203a207b205c22496e636f6d70617469626c6543736956657273696f6e44657465637465645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224f66666963655c22203a207b205c225375624e616d657370616365735c22203a207b205c2246696c65494f5c22203a207b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f707469637356325c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6f6373695c22203a207b205c224576656e74735c22203a207b205c22557064617465486f73745469705c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4772617068696373222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22415243457863657074696f6e53636f70655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2245326f5669657752656e646572506572666f726d616e636541637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224172745669657756616c69646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f6669745368617065546f54657874436d645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f704c6576656c456666656374447261775c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654269746d617046726f6d506c6174666f726d4269746d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e6b496e70757453757266616365426173655570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250617468576964656e657246576964656e53696d706c65506174685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224776697a536d61727441727450726f7065727469657354656c656d657472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746544657669636544334431305c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22537065637472655472616e73636f646541637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e73657274496e646976696475616c4d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61646564496d61676550726f706572746965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e736572744d6f64656c334441637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22537065637472654372656174655363656e6541637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d6f64656c334452656e64657241637469766974795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4964656e74697479222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22456e7375726550726f7669646572496e697465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574506572736f6e50726f66696c6553657475705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224964656e74697479536e617073686f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f7669646572466f7241757468536368656d655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794964656e74697479506172656e744d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526f616d696e6750726f7879496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564437265645265667265736846726f6d53746f72655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561644f6e6546726f6d43726564656e7469616c4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22435265616453796e635461736b52756e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f6d61696e4a6f696e65644f72436c6f7564446f6d61696e4a6f696e656453657373696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744164616c416363657373546f6b656e46726f6d4372656450726f76696465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6e666967546f6b656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574426c6f636b696e67536572766963655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506f70756c617465536572766963654d61705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657441757468656e74696361746564536572766963655469636b65745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526566726573684964656e7469746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765745365727669636555726c466f7246656465726174696f6e50726f7669646572416e616c797369735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365727669636555726c5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2241637175697265536572766963655469636b6574466f724144414c5c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2253697465735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e496e736967687473222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436163686546696c654e6f7456616c69645c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d616c69645c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22496e73696768747350616e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e73696768747350616e65725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c224163746976697479715c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224163746976697479735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74735c22203a207b205c22415c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f7079466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331305c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331315c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657446656174757265476174657331355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573335c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573345c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573355c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573365c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573375c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573385c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574466561747572654761746573395c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22535c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248746d6c5072656665746368526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265667265736843616368656446696c65735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61645265736f757263655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241757468656e7469636174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526573756c7447726f7570546f52656e6465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64576562536f636b6574526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22576562536f636b657450696e67506f6e674c6174656e63795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446961676e6f737469635c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c2238564d65686c6c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22356b69614b3747426b7a505746675c22203a207b205c224576656e74735c22203a207b205c22373139305c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c22385c22203a207b205c225375624e616d657370616365735c22203a207b205c227a424b387872415553554e52497859484e4b55415c22203a207b205c224576656e74735c22203a207b205c22393133335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f66666963655c22203a207b205c224576656e74735c22203a207b205c2253797374656d644d617463685c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22496e7369676874735c22203a207b205c224576656e74735c22203a207b205c22536d6172744c6f6f6b75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536d6172744c6f6f6b75705f5f5f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d5c22203a207b205c224576656e74735c22203a207b205c2241637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253797374656d68633863674f6a46515c22203a207b205c224576656e74735c22203a207b205c22383635335c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22556952756e74696d655c22203a207b205c224576656e74735c22203a207b205c22437265617465576562536f636b65745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250726f636573735265717565737451756575655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e74656e745365727669636550726f78794f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f6e436f6e6e656374696f6e436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4c6963656e73696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224c6963656e73696e67427573626172416374696f6e5c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c22487244697370617463685375625461736b53746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253617665416c6c536b75696473546f52656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257616974546f52657472794865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536561726368466f7253657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e554c56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2256616c696461746553657373696f6e546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e4665617475726543616368655c22203a207b205c224576656e74466c C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor\ULSTagIds0 = "18679566,5804129,7202269,23978014,39965824,7692557,5850525,34198423,41484365,17962391,17962392" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.9 = 76656e74466c61675c22203a20323536207d2c205c22457773526566726573685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786563757465416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e4f454d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e7374616c6c4d616e696665737452656164795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d696e43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224d69734d61746368696e67526962626f6e4964656e74697479496e666f5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072657061726553686f775461736b70616e6556325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656d6f766546726f6d526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775465616368696e6743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225461736b70616e65417070436d64496e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2255585c22203a207b205c224576656e74735c22203a207b205c224c61756e63684f6d657853534f436f6e73656e744469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416761766555784d696e6f72426c6f636b65645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241707044656c6574656446726f6d446f63756d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f67436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f674f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f77496e666f626172436f6e73656e74566965775c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f774c6f6164696e6753746174655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775265616374566965775c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22416464696e50726566657463685c22203a207b205c224576656e74735c22203a207b205c22507265666574636849636f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072656c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253616e64626f78507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241637469766174696f6e5c22203a207b205c224576656e74735c22203a207b205c224352656d6f74657250726f78795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253696e676c655369676e4f6e5c22203a207b205c224576656e74735c22203a207b205c22446973706c617953534f436f6e73656e7450616765466f7241706943616c6c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224578656375746547657453534f546f6b656e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c224f445041637469766174696f6e466f7254616761353572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e64735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434f4d416464696e4f7065726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e647343616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473496e7374616c6c54696d655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224557534c69626c657443616c6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67436865636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e744f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e7453686f77547275737455495c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e675472757374526573756c745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d53686f776e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644261736553756272756c655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e3141637469766974794167677265676174656453756363657373436f756e74576974685461675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44504170704d616e6167656d656e744d656e755c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450496e73657274696f6e4469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445050617273654e65774d616e69666573744572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44505265636f6d6d656e64656447616c6c657279436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450526962626f6e427269646765526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445053616e64626f7841637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f45504d616e696665737450617273696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526962626f6e427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475734572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445041637469766174696f6e466f7254616761353572715c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f44504c6174656e63795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e466565646261636b222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c2253617665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e46696c65494f222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c224576656e74735c22203a207b205c225265717565737441646170746572556e657870656374656443616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416d49416c6f6e6550726f63657373526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174615570646174655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174614d657267655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c655363686564756c6546696c6555706c6f6164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c74434d555c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e49734f6e6c79436c69656e7452657175657374436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437369446176436c69656e7453656e64526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574446f63756d656e7446726f6d55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c654373694c6f616446696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224343616368656446696c654373695361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e74466163746f72794372656174654e6577446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e7452656e616d655375626d6974576f726b4974656d5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22464d617050617468735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f72436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f7246696c654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574576f706955726c46726f6d46696c654964656e7469666965724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e7447657456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e74526573746f72654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224973446f776e6c6f616465644261736556616c69644e6f48617368436865636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472795265636f6e63696c65546f4c6174657374416674657256657273696f6e4e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472616e736974696f6e4f6e6c696e655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2254727944657374726f794f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22576f706942726f77736542726f777365546f436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f70746963735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f70746963734572726f72735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637346696c6553746f726546696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373576f726b696e67436f707946696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f766546696c65456e7472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637350657246696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253746172744f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2243656e7472616c5461626c655c22203a207b205c224576656e74735c22203a207b205c22436865636b536368656d6156657273696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c65617243616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22437265617465446174616261736546696c655573696e6754656d706c6174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2243726561746544617461536f757263654661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2244617461736f757263654f70656e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246696c65436163686550726f70657274696573526f774e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d69677261746546696c654e616d6546726f6d496e695c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526f77736574556e6b6e6f776e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536368656d61557067726164655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224661756c744d616e6167656d656e745c22203a207b205c224576656e74735c22203a207b205c224661756c745265636f766572795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224661756c745265706f72745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d2c205c2250726f746f636f6c5061727365725c22203a207b205c224576656e74735c22203a207b205c2250617273655572695c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496672496e697441726773576f72645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248724c61756e636855726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464c6f6164436d644c696e65436f72655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f746f636f6c48616e646c65725c22203a207b205c224576656e74735c22203a207b205c225472794f70656e696e674c6f7248797065724c696e6b496e4e6174697665436c69656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f746f636f6c48616e646c65724d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e7061636b4c696e6b5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b4c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b5769746848696e745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225254435c22203a207b205c224576656e74735c22203a207b205c2246696e6453657373696f6e456e64706f696e7452756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74536861726555726c5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b536861726555726c416e6448616e646c65526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e556e7061636b55726c436f6d706c657465645c22203a207b205c22 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.11 = 61675c22203a20323536207d2c205c22506572666f726d4c6963656e73696e674e6f74696669636174696f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d207d2c205c225375624e616d657370616365735c22203a207b205c224c5655585c22203a207b205c224576656e74735c22203a207b205c224e6f456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a203439343038207d2c205c224e6f456e7469746c656d656e74734578706572696d656e74547269676765725c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c224f6666696365436c69656e744c6963656e73696e675c22203a207b205c224576656e74735c22203a207b205c224c6963656e7365436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6567616379416374697669747953756363657373436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c656761637941637469766974794661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c69656e745c22203a207b205c224576656e74735c22203a207b205c224653686f756c6441637469766174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224865617274626561745c22203a207b205c224576656e74735c22203a207b205c22577269746543616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225265616443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246756c6c56616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c6f61644c6963656e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f706572746965735c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546f6b656e697a654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224272616e64696e675c22203a207b205c224576656e74735c22203a207b205c2247657441707056616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657450726f6475637456616c75655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253686f756c645573654d6963726f736f66743336354272616e64696e675c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2254656e616e745c22203a207b205c224576656e74735c22203a207b205c22496e697454656e616e7449645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224e756c5c22203a207b205c225375624e616d657370616365735c22203a207b205c22466574636865725c22203a207b205c224576656e74735c22203a207b205c224765744e756c4f626a656374466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684d6f64656c46726f6d4f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744c6963656e73654665617475726573466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552657175657374426f64795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d6f64656c5c22203a207b205c224576656e74735c22203a207b205c224765744c6963656e736543617465676f72795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574416c6c4c6963656e736543617465676f726965735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225061727365526177526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243616e52756e46656174757265526573756c74735c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224d6f64655c22203a207b205c224576656e74735c22203a207b205c224765744d6f64655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224170695c22203a207b205c224576656e74735c22203a207b205c22437265617465526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253656e64526571756573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656365697665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2247657453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22476574556e766572696669656453746f72616765506174685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d6f64656c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656e616d6546696c65546f55736555706461746564486173685c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c69646174696f6e5c22203a207b205c224576656e74735c22203a207b205c22517569636b56616c69646174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2256616c696461746f725c22203a207b205c224576656e74735c22203a207b205c224d61746368696e67486172776172656449645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22466c6f77735c22203a207b205c224576656e74735c22203a207b205c22536561726368466f72534341546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4d6f786965222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74466c61675c22203a203438383936207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f6666696365222c20225622203a20227374643a3a77737472696e677c7b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224e61747572616c4c616e67756167655c22203a207b205c224c6f636b65645c22203a2066616c73652c205c225375624e616d657370616365735c22203a207b205c224372697469717565735c22203a207b205c224c6f636b65645c22203a2066616c73652c205c224576656e74735c22203a207b205c2250726f636573734175676c6f6f704372697469717565735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f636573734175676c6f6f7041646443726974697175655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4f75746c6f6f6b222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224465736b746f705c22203a207b205c225375624e616d657370616365735c22203a207b205c2253796e635c22203a207b205c224576656e74735c22203a207b205c2253796e6350757267654f66666c696e654974656d735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2256696577735c22203a207b205c224576656e74735c22203a207b205c224872566965774c6f6164436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22566965774d6f64655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572666f726d616e6365222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22506572665363656e6172696f5c22203a207b205c224576656e74735c22203a207b205c2253636f70655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e506572736f6e616c697a6174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2246696c65496e736967687443616368654d616e616765725c22203a207b205c224576656e74735c22203a207b205c2250757267654578706972656443616368655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225369676e616c50726f636573736f725c22203a207b205c224576656e74735c22203a207b205c2253656e645369676e616c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e50726f6772616d6d6162696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c656d657472795c22203a207b205c224576656e74735c22203a207b205c22446e61416464496e4c6f6164586c6c46696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f616445787465726e616c446c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446e61416464496e4c6f6164446e6146696c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e43726173685c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416464696e735c22203a207b205c224576656e74735c22203a207b205c22417070416464496e4c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070416464496e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e446f634c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7465726e616c536574436f6e6e6563745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5365637572697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22506f6c696379546970735c22203a207b205c224576656e74735c22203a207b205c224d616e61676572436f6e74696e7565436c617373696669636174696f6e436c6173736966794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e436c6173736966794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436c705c22203a207b205c224576656e74735c22203a207b205c224c6162656c55736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f7574636f6d6555736167655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f66666963654a534765744c6162656c44657461696c735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c70506f6c696379466574636843616c6c4261636b537563636573735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d616e6461746f72794c6162656c6c696e674469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c4765744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c5365744c6162656c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f626a6563744d6f64656c506f6c696379436f6d706c657465496e697469616c697a655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656c6563744a757374696669636174696f6e4f7074696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253656e7369746976697479466c796f7574416e63686f72547261636b416e645265766f6b65427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225265676973746572446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246657463684c6162656c7346726f6d5365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657444656661756c744c6162656c49445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744c6162656c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744f7574636f6d6573466f724c6162656c4368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f6e5265706c79466f72776172645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f6365737341756469744f70656e48656c7065725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f506f6c6963794d617463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f4c6162656c416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744175646974496e666f46696c65416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6162656c696e67457870657269656e63655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224164644c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f76654c6162656c4f627365727665725c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c22436c705c22203a207b205c224576656e74735c22203a207b205c22446b6550726f746563746564436f6e74656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224d6163726f5c22203a207b205c224576656e74735c22203a207b205c22426c6f636b4d6163726f46726f6d496e7465726e6574506f6c69637953657474696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e636f756e74657265645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22456e61626c65645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2246696c65426c6f636b5c22203a207b205c224576656e74735c22203a207b205c2246696c65426c6f636b496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c224f43585c22203a207b205c224576656e74735c22203a207b205c2254727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224e6f6e54727573746564456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22416363657373456e636f756e7465725c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22426c6f636b6564657874656e73696f6e735c22203a207b205c224576656e74735c22203a207b205c2246696c65457874656e73696f6e4c69737446726f6d536572766963655c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22536563757265526561646572486f73745c22203a207b205c224576656e74735c22203a207b205c224f70656e496e4f53525c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c22436c70547279557067726164654c6162656c4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54617267657465644d6573736167696e67222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224275736261725468656d6553656c656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c656d65747279222c20225622203a202273 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000e45df6f77d4c1b49abf52b22dcfbc03c00000000020000000000106600000001000020000000fd48bec898e674f1caca0b0fbc86491a759811a71b162807901d855ef795f2a8000000000e80000000020000200000005118f0ede4fa9a6088117e47e10ff4a2d701ea557846711ebb5ee10a0b064b5df003000027984da5ed14436d6f4951ad3ce84d50bd5d59714ac613ed906846ade390478a0682cb81cd01c291cc1edc55049c6f38925130154d671ceb3876cab0251f4ecfe997b2bfc495dfe83cfeb43ccd60da690751ab86ba4ebdc75ebeb1c5aab2e348aefceb995ba2beae4234800aa93024283c29926ea46c45b12523891aa5ec709725f9e8003ed76872a38b7c9b168cb8619a7cadb8b0a950ee6583dfe0b1b5f503476cf8f7690ff374afa5fda91187ef65608debb9bfb1cfa88d72a629b81cd31ff258d1ca23db915c4d593547a44704080c98034f9d99a58133c17acb816cb7a84b175e1b4c9d6bf153b0e79bf8023340f42dffff7567ed4c26f6a03bb7274cc22a2eaf297d8abfb8ae76a46aa09f3a44de8d155f1d009f313d915a941391679777083ad9d1abda3bb2b27d374364d876c48dac582ed6be36b9ef113ea3c037250dde0682b9b987b89ad7e3ed9ed316a822720652942c0db3493a585b49c47a49f7a02473b55da60f27890163de0c3d08919a44a5f09e5fcdedd45edc501ac0492a0073c1220821fbeba2d9878a688a80cccd1696860f7ec58a7bd1ff3840741913e12feb69565cea01f5d0d2a5c986a2c0c9dd8b63e2d41987525fffb7dd50f3c71f29e79ae8a72f97e5855bb9e0a669efa2a032da20696a762cc36742784b1cae3ebcc3a00bc928609257f7db3ad0b2af0840c5b350595f45ab5a6c2fb13d8b2bb38cb17381644943acac9a6ec1d26afd4fd1fe57a0fedbac3f366debba6a240ffc42456724588639d03cc2504dd244ae25b2e962c2f198a442568982e431d00190673e6e4a6a18126f18793a656f4fc8b711b61551cb336d3d802c28ed5b22479605e55d722a1206019818745a90e2378d7c3f581e5781c79543969187dfdb20230f7aa88e27302c6dd0904cae490def304095d8e410b98578cac41bb572531a31ad924fcdcba6522cd9342aff5323d91f4e2dac17f9a88d6778543cde2a603c03a53c3f7bbb6a127339ee8335d5b4269d7dda6e5b152ce93c9e50b3083f98f47f8dd2e37572ce02419b28a56e0e5a4c4475027ed734a211b0e2154edf58db4a968ae8b583437bfd6706e1fbf1b0d0e29aab414581160f699a6ef930c03bbb2941518b0e3ff0ff33807d7edeebe02778beaac12bf9ec18014ac2f573933b8aa29837588861ee2839a3372776c235e013fce759fc78e8c9ba652631709e6e914a6c16fedbc5015323dac0f82fd4c10cd24fd59700da2d671360c4f6d7bbac4517c598f015af31d2f19204aa78954babe5a01ae54056943c10f861f40412918b6fa3b06181b3d66103b6a6d460aa2a68440d5d599333a626de125f0772bb9eed8f63461b85da3e3574fce9bf218bfcf3b3899b2f86259fec0a7fbad9e7e13b7ba1f68890a9716971fb11e039c9ded549400000006e7fef758af4a1d5578ceb27e969f36c103af7f9f375e4452138435c605b866dd627ed5731dd5724e25371bf7ecc69d907dfca5574423495a95ec4945247a840 C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|2" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|4" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|6" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|11" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring|\"ukcstjYMnXDCgYIEETilhmz0za1sOC+SMQyhREJhOlo=\"" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Windows\system32\wwahost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.12 = 74643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436c69656e7453616d706c696e674f76657272696464656e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253797374656d4865616c74684d657461646174614e6574776f726b436f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224576656e7451756172616e74696e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172676574537761707065645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546578745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e496e7365727465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e4c616e6775616765734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e5461624368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e4578616d706c655265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e436f706965645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464496e4c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5558222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436f6c6f725069636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d696e67536f6f6e54435348574e445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f46696c65457874656e73696f6e49636f6e4d617070696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225344585c22203a207b205c225375624e616d657370616365735c22203a207b205c224d65436f6e74726f6c5c22203a207b205c224576656e74735c22203a207b205c22547261636b65645363656e6172696f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225465616368696e6743616c6c6f75745c22203a207b205c224576656e74735c22203a207b205c225465616368696e6743616c6c6f7574416c726561647953686f776e4d617854696d65735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574416c726561647953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574546f6f4d616e7953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2244796e616d69634470695c22203a207b205c224576656e74735c22203a207b205c22446973706c6179546f706f6c6f6779456e756d65726174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446973706c6179546f706f6c6f67794368616e6765645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22446f63756d656e745265636f766572795c22203a207b205c224576656e74735c22203a207b205c22496e76616c696461746550616e65735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22546f6f6c746970735c22203a207b205c224576656e74735c22203a207b205c2253686f77546f6f6c7469705c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416e63686f7252656769737472795c22203a207b205c224576656e74735c22203a207b205c224765744f72437265617465416e63686f7252656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22526962626f6e546162735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5461624163746976617465645f466c6f6f64676174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e576f7264222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224544505c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e744964656e746974794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f6f66696e675c22203a207b205c224576656e74735c22203a207b205c2250726f6f66696e674e6f50726f6f66526567696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225453706c4c6f61644c6962726172795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f75645370656c6c6572436865636b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f50726f6f6652756e4469666665727346726f6d5061726150726f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e4372697469717565526573706f6e7365506572664d61704578636565645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224772616d6d6172436865636b657243616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22536176655c22203a207b205c224576656e74735c22203a207b205c22436d64446f53617665446f63436f7265436f6d6d616e64416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436d64446f53617665446f63436f7265416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464d617953746172745472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224669726553746174654f664175746f536176654f6e436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456964456e737572654f70656e466f72536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2242475361766546616c6c6261636b546f46475c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72645c22203a207b205c225375624e616d657370616365735c22203a207b205c22426f6f745c22203a207b205c225375624e616d657370616365735c22203a207b205c2254696d696e675c22203a207b205c224576656e74735c22203a207b205c22446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22426f6f745c22203a207b205c224576656e74735c22203a207b205c22416464696e4d6f6e69746f7256616c6964617465426f6f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e44697361626c65644469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e4d6f6e69746f7256616c6964617465426f6f74325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c654f70656e5c22203a207b205c224576656e74735c22203a207b205c22464e4d45696453657446726f6d5873747a46747970466e6d4469725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e697469616c697a6542696e6172794261636b696e6753746f72654361636865735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72644d61696c5c22203a207b205c224576656e74735c22203a207b205c2248724c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872536176655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f6354696c696e675c22203a207b205c224576656e74735c22203a207b205c2254696c696e6749646c6542756e646c654576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654669726542756e646c65644576656e74735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577476574456e756d657261746f724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577446973636f6e6e6563745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b52656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b556e72656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f417574686f72696e675c22203a207b205c224576656e74735c22203a207b205c224f6373446f776e6c6f6164526566557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244796e616d696353617665496e697469616c496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70436f6d706c657465645374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2254687265655761794d657267655c22203a207b205c224576656e74735c22203a207b205c22435254435265766572745265706c61794b706f7353636f70654475726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c22436d645361766546696c65436f7265325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255494d5c22203a207b205c224576656e74735c22203a207b205c224655494d426567696e556e646f4265666f726546426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224655494d426567696e556e646f416674657246426567696e556e646f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224163636573736962696c6974795c22203a207b205c224576656e74735c22203a207b205c22416363436865636b657256696f6c6174696f6e547970655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2247726170686963735c22203a207b205c224576656e74735c22203a207b205c2245326f496e666f466f72446f63756d656e74436f6e7461696e696e674475706c696361746541727469645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446961676e6f737469635c22203a207b205c224576656e74735c22203a207b205c22496e636f73697374656e74526561644f6e6c79446f6350726f70657274795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22547261636b4368616e6765735c22203a207b205c224576656e74735c22203a207b205c22557463547261636b4368616e67657341646465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2255736572507265666572656e63655c22203a207b205c224576656e74735c22203a207b205c225365744972665c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e4368616e6765476174652e4361636865456e726963686d656e74416363657373546f6b656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e526573656172636865722e4e6f64654a5357656250616765457874726163746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5543492e54656c6c4d652e48656c704974656d53706c6974427574746f6e456e61626c6564222c20225622203a C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\VersionId = "uint16_t|0" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679670181996263" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Google\Chrome C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t|13" C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109C80000000100000000F01FEC\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{000209F4-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CurVer\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616193" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9F76AA71-557E-3BF3-AC54-72E6D099B16B}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F09D237B-3FD1-4900-BEF2-3471CA68142D}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B5A60D8C-605C-4784-BA39-FB4B9AAEEA01} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{4E58B80C-D41E-470A-A2F8-05373CA3EA5D}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\OneIndex.ShellFolder C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{769ADDEF-E3D4-3EEF-B2B4-8F5B21BD06C6}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{0E8770A1-043A-4818-BB5C-41862B93EEFF}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0002E17C-0000-0000-C000-000000000046}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BDEADEF4-C265-11D0-BCED-00A0C90AB50F}\TreatAs C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F317-98B5-11CF-BB82-00AA00BDCE0B} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8540D1F6-D74A-3FAD-8BE2-03F9CADC2B1E}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82B02374-B5BC-11CF-810F-00A0C9030074}\InprocServer32\11.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{8A4B5D74-8832-5170-AB03-2415833EC703}\1.0\0 C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1AFB3130-C129-11CD-A777-00DD01143C57} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\LICLUA.EXE C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\ = "GoogleUpdater TypeLib for IGoogleUpdate3Web" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A39E3994-98AA-3606-BCE7-D90E0BA144F8} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F50431E9-6C75-347D-8C33-B473B982ADBA}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{062752C8-C44D-3CBD-A146-0DCD9544BA52} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1410BEF9-CE35-3B3A-8830-B9D445CD0905}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\STSUpld.CopyCtl\CLSID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9DCDA232-6504-4F31-A174-CEEE2EFE5F27} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{EC64ADD2-4DB2-36C1-8915-2E9C64F9F57B} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BFA3BC72-BCD9-31CC-9F78-1AE867DF9840} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\ProxyStubClsid32 C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D0B22D03-D05D-4C6D-8AB7-9392E84A87B9}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05}\TypeLib C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{42CE0331-0571-3322-AEB3-2309B4794847} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VisioViewer.Viewer\shell\open\command C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7}\VersionIndependentProgID C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationDescription = "Browse the web" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2557B811-A4B0-37DE-8813-B29C63B56525}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ = "Update3COMClass" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\PROGID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DA936B63-AC8B-11D1-B6E5-00A0C90F2744}\InprocServer32\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC67E480-C3CB-49F8-8232-60B0C2056C8E} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B77B0056-7F9E-3C09-8269-10B47887B8E2}\15.0.0.0 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6AA9DBAF-EDDB-31DA-88C3-FFF0FBA0FC96} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{44B969D4-48B7-5A30-9CD6-CAC179D81F9C} C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeLockMemoryPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeMachineAccountPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeTcbPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSecurityPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeLoadDriverPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSystemProfilePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSystemtimePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeBackupPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeRestorePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeShutdownPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeAuditPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeUndockPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeSyncAgentPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeManageVolumePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeImpersonatePrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe N/A
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Program Files\Windows NT\Accessories\WORDPAD.EXE N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Windows\system32\SystemSettingsAdminFlows.exe N/A
N/A N/A C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Windows\system32\wwahost.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 372 wrote to memory of 4936 N/A C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 372 wrote to memory of 4936 N/A C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 372 wrote to memory of 4936 N/A C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 4936 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
PID 4936 wrote to memory of 1840 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
PID 4340 wrote to memory of 2328 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 2328 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 3884 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 3884 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 2968 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 2968 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 1208 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 4340 wrote to memory of 1208 N/A C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe C:\Windows\system32\schtasks.exe
PID 2332 wrote to memory of 4952 N/A C:\Windows\system32\msiexec.exe \??\c:\Windows\syswow64\MsiExec.exe
PID 2332 wrote to memory of 4952 N/A C:\Windows\system32\msiexec.exe \??\c:\Windows\syswow64\MsiExec.exe
PID 2332 wrote to memory of 4952 N/A C:\Windows\system32\msiexec.exe \??\c:\Windows\syswow64\MsiExec.exe
PID 2332 wrote to memory of 2564 N/A C:\Windows\system32\msiexec.exe \??\c:\Windows\System32\MsiExec.exe
PID 2332 wrote to memory of 2564 N/A C:\Windows\system32\msiexec.exe \??\c:\Windows\System32\MsiExec.exe
PID 4172 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 4904 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5152 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4172 wrote to memory of 5232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 581740.exe

"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 581740.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2340 -ip 2340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 1272

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files (x86)\Mozilla Maintenance Service\

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

\??\c:\Windows\syswow64\MsiExec.exe

c:\Windows\syswow64\MsiExec.exe -Embedding 3FD9114CCF61A44C00E5F325C7721EBF E Global\MSI0000

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding 8753BA90266822506A33E2F877D1C91E E Global\MSI0000

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3696,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4920,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3472,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3388,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe

"C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp

C:\Windows\Temp\ose00000.exe

"C:\Windows\Temp\ose00000.exe" -standalone

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue

\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild

\??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding E2CBB9B7B5A7A77BCBA0A28D28C7A907 E Global\MSI0000

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"

C:\Windows\system32\schtasks.exe

schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5188,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4736,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b0 0x404

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5464,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5664,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5668,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4692,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5352,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5652,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5812,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5828,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4704,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6124,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6100 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6164,i,11585729827453689676,7859175263689474222,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1612 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2148 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3680,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4912,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4784,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3284,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5272,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4644,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4552,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5488,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5084,i,4110650128002002947,8681670990048141400,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5560 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Quick Assist Installer.exe

"C:\Users\Admin\Downloads\Quick Assist Installer.exe"

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Admin\Documents\UnregisterDismount.docx"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\ConfirmUnprotect.jpeg" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\ConfirmUnprotect.jpeg" /ForceBootstrapPaint3D

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

"svchost.exe"

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp

C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUFC91.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.15\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTZDQzI2M0EtN0ZBNi00MTlELUE1MEYtRDQ5QUZEODhDRDlBfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRUYxMDk0RS0wMEVDLTQ1NDAtQUU1OC02N0IxRTgzQkMzNzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwMDIxMjEzNTciIGluc3RhbGxfdGltZV9tcz0iNDk2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E6CC263A-7FA6-419D-A50F-D49AFD88CD9A}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTZDQzI2M0EtN0ZBNi00MTlELUE1MEYtRDQ5QUZEODhDRDlBfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RjkyQkY5MEQtOEM0Ri00MkMwLUFENzAtNEVBQTY4NTdDNTY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2hWZkRqTWRGRzZGZ0tzME56NmVtcllDU2c2VFF2RFBvbW9sUmF5UVhCSzQ9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNjYyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyODYxNDQyNzM1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzAwNzE1MTUxNCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Users\Admin\AppData\Local\Temp\wv2FC1F.tmp

C:\Users\Admin\AppData\Local\Temp\wv2FC1F.tmp /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUFE61.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODNGNDI4MDUtMzVCMC00Mzk2LUFCNDYtRkVENEI4M0RBMTJBfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMkQzNkM0OS0yRTNELTQxNkMtQjQ5Ny01MkMzNkM5ODE5NDJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NTYyODc1MzkiIGluc3RhbGxfdGltZV9tcz0iNjIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{83F42805-35B0-4396-AB46-FED4B83DA12A}" /silent

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Users\Admin\AppData\Local\Temp\wv25045.tmp

C:\Users\Admin\AppData\Local\Temp\wv25045.tmp /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5391.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODY2ODEzQjctNDlENi00QzI5LTk0ODEtMzBEODE3QjdDRDNEfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUVDRTZFNS00MUMzLTQwN0ItQTAyNi1FNTU4MThFMUVFMzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1MzA2NDEyMTIiIGluc3RhbGxfdGltZV9tcz0iNDciLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{866813B7-49D6-4C29-9481-30D817B7CD3D}" /silent

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Users\Admin\AppData\Local\Temp\wv25580.tmp

C:\Users\Admin\AppData\Local\Temp\wv25580.tmp /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU5811.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzRDRDNEOTQtN0ZDOC00RThDLUEyNjktMEIyOTk3QjUwRjVGfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEMTEzRUY3MC04QjYyLTQ1RkMtOEY4RC00MDBFRjQ2MTQ1NTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkxOTcxOTkyOTIiIGluc3RhbGxfdGltZV9tcz0iNjIiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{C4CD3D94-7FC8-4E8C-A269-0B2997B50F5F}" /silent

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp

C:\Users\Admin\AppData\Local\Temp\wv25EA3.tmp /silent /install

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ5RUVDMkEtOTU3Mi00OEJBLTgwMEEtOEIwOUNBN0Y4RUYzfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFNEQzNzUxOS00M0Q5LTQ2QzAtOUVEQi1CM0RCNTgyODY2Nzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IjEuMy4xOTUuMTUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NzQ1MTA2MzgiIGluc3RhbGxfdGltZV9tcz0iOTQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2D9EEC2A-9572-48BA-800A-8B09CA7F8EF3}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{4F651EA6-B237-4C26-B03E-48751B64641A}\EDGEMITMP_605FA.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x74,0x80,0x70,0x78,0x84,0x7ff73326b7d0,0x7ff73326b7dc,0x7ff73326b7e8

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --accept-lang=en-US --disable-features=msSmartScreenProtection --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=1112.5504.686035304923685808

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=127.0.2651.98 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ff8811cd198,0x7ff8811cd1a4,0x7ff8811cd1b0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2052,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2244,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3444,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTZDQzI2M0EtN0ZBNi00MTlELUE1MEYtRDQ5QUZEODhDRDlBfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswOERBNzJGQi02MjhFLTQ4OUEtOTE5Qi0wQzU1NjNFMTU3OTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzAyNjY1MTY1OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcwMjY3NjE2NjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDIwMDM0NDIwMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTgzOTUmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9YTNsVWl0UTU5dXl1ZFVUc050SG16aW1LJTJiWnJqTiUyYm5oMzJuWUdCTDFuRSUyYlpQYzlQbGFJRUpySFNuQlZ3eFpTUEwyUVYzV3pFSUslMmJMcDQlMmZrWnZvYUhnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBkb3dubG9hZF90aW1lX21zPSIzMTUwOTMiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDIwMDgxMjY3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjE1MzQ0MDQ4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDY3NjY0NTM1MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE1NDMiIGRvd25sb2FkX3RpbWVfbXM9IjMxNzM4OSIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSI0NjEzMCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7697ab7d0,0x7ff7697ab7dc,0x7ff7697ab7e8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjZDMDM0NzQtQkRCQi00NTc1LUI5QjgtMUI4RDRGREZDNjczfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins5N0YxQzUwMy04MjAxLTRFNEItOUY1Ni1COTM2RUM1QTBCQUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iRVVXViIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMDA0MDk0MDUwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwMDQyNTA0OTkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0NTAwNzIwNjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy81MjlhNDFjZC01YzBjLTRjZDAtODA2MS1iNzFmZWFhOGEzMzY_UDE9MTcyNDA5ODY5NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1EVyUyYkdWcldhNyUyZlI2NDVtc09aU016enppbEJ6TGIlMmJqaHFZZHhjREpQZGhPbEhiVmw1RnRydWR5TlFjZUEyQXg2Rk9lOTNFV3o2OW9uc2hoWEwlMmI3WmdRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ1MDA3MjA2OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTg2OTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RFclMmJHVnJXYTclMmZSNjQ1bXNPWlNNenp6aWxCekxiJTJiamhxWWR4Y0RKUGRoT2xIYlZsNUZ0cnVkeU5RY2VBMkF4NkZPZTkzRVd6NjlvbnNoaFhMJTJiN1pnUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjYwNjQwOCIgdG90YWw9IjE3MjYwNjQwOCIgZG93bmxvYWRfdGltZV9tcz0iNDMwMDQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ1MDIyODQzNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjc2NjQ1MzUwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTAyNTE0NTM1MiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0MyIgZG93bmxvYWRfdGltZV9tcz0iNDQ1NjciIGRvd25sb2FkZWQ9IjE3MjYwNjQwOCIgdG90YWw9IjE3MjYwNjQwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzQ4MzQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4824,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E7B4AB9F-535C-42BC-9784-515B65718B01}\EDGEMITMP_C1DC4.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7b15bb7d0,0x7ff7b15bb7dc,0x7ff7b15bb7e8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4872,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4980,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5064,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4b0 0x404

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=752,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODNGNDI4MDUtMzVCMC00Mzk2LUFCNDYtRkVENEI4M0RBMTJBfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyN0U3RTUzNy1GMjlELTQ3QTYtQUNDNS05MDBDMzMzNzEzOTl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzY2NzM4MTUyNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc2NjczODE1MjQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTE4MDU1NTM4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTg0NjAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9bjVOcE1NRmt2SVhUa1h0ckRIcUZBckNLeDZ1TSUyZkVhaDJ3S1RRZ1NaeHVDdVdySnVjUDhSYmxpekZObjliOTB4ZCUyYmYyS3dUSVNOeTg2a214ZjZBck1RJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBkb3dubG9hZF90aW1lX21zPSIzNDk2MzYiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTE4MDU1NTM4NiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExMTk1NjU0NDA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMTU0NDM5MDkyMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjgxMiIgZG93bmxvYWRfdGltZV9tcz0iMzUxMzE3IiBkb3dubG9hZGVkPSIxNzI2MDY0MDgiIHRvdGFsPSIxNzI2MDY0MDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM0ODc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff7c225b7d0,0x7ff7c225b7dc,0x7ff7c225b7e8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5060,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A1EF8EFB-71BD-4BD8-BB34-3CEAB4DEAEFA}\EDGEMITMP_BAA95.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x210,0x238,0x23c,0x234,0x240,0x7ff7c225b7d0,0x7ff7c225b7dc,0x7ff7c225b7e8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x238,0x23c,0x240,0x234,0x210,0x7ff72a8cb7d0,0x7ff72a8cb7dc,0x7ff72a8cb7e8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff72a8cb7d0,0x7ff72a8cb7dc,0x7ff72a8cb7e8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4004,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3308 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=5084,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4840,i,17401655820583326995,8092768708338693042,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkUxMDQzM0MtRjkxRi00NzJDLTgwM0MtNDNBOTMwMkFEQkEwfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBQjI5MUMyRS1GQzMwLTQyOTUtQTYyNi04QzM0MDA5MENCQkJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xNSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjIlNUQiIGluc3RhbGxhZ2U9IjEwIiBjb2hvcnQ9InJyZkAwLjU2Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEwIiByZD0iNjQyMyIgcGluZ19mcmVzaG5lc3M9Ins0M0Y5NEE4MS1GNjY4LTQ2NzAtODQ4Qy1EMzJGMjI2REU5QjV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIxMCIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzY3MDgwMjM1MjYwNTc3MCI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSIxMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTEyOTc1NDg5OTEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1NDQzOTA5MjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1NzM3NjM4MjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE1ODgxMTc2MDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjExOTU5MjM1NTg2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODc1IiBkb3dubG9hZGVkPSIxNzI2MDY0MDgiIHRvdGFsPSIxNzI2MDY0MDgiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjM3MTEyIi8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxMCIgcj0iMTAiIGFkPSI2NDIzIiByZD0iNjQyMyIgcGluZ19mcmVzaG5lc3M9IntCRjI3MjYwNS1ERUQ3LTQwNTMtQTBGQi0wOTAxQjIwODlFQzZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyNy4wLjI2NTEuOTgiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY0MzMiIGNvaG9ydD0icnJmQDAuNjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM2Nzk2NzU0MjkxMTU3NDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSItMSIgcj0iLTEiIGFkPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0iezlGQUM3QjdBLUJFQkYtNEUxMC1BMEVGLTBFQkJEMjczNzMyNX0iLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B517120D-C6C4-49BD-A850-C5DB9142E813}\EDGEMITMP_48C96.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff62952b7d0,0x7ff62952b7dc,0x7ff62952b7e8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {e8803e05-1f90-44cc-8847d5d0e9d9b975}

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODY2ODEzQjctNDlENi00QzI5LTk0ODEtMzBEODE3QjdDRDNEfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFQTBCMTVBRC00OTk1LTQ3RjMtQTI0MC1GMTVDQkY3MEI1RTJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODU1MzI5Nzc1NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijg1NTMyOTc3NTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjA5OTQ1NjcyNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTg1NDkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SWglMmJDQ1Fxc2Q5UFJBYW4yOFNLJTJiJTJiOFRNQ1J4QllLeWs5N2ttQzNiTGtkSiUyYlhTMiUyZnhCQjFGd0lkMDN0aXlUZ1RMemUxU3FMN3Y4Z2Z4a3JRWVBzTnpRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBkb3dubG9hZF90aW1lX21zPSIzNTMwMjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjA5OTU1OTIyNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEyMTE0NDEzOTIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjQ2ODY4MzY3NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjIwMTYiIGRvd25sb2FkX3RpbWVfbXM9IjM1NDYxMSIgZG93bmxvYWRlZD0iMTcyNjA2NDA4IiB0b3RhbD0iMTcyNjA2NDA4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTQyNyIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E562F139-3F04-452C-B0C0-9164E4C6F04C}\EDGEMITMP_B3E92.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6e63fb7d0,0x7ff6e63fb7dc,0x7ff6e63fb7e8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1884 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4512 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,8715503663183261510,12146262717564395277,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzRDRDNEOTQtN0ZDOC00RThDLUEyNjktMEIyOTk3QjUwRjVGfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsxNTgwNzgwNS1GNTM1LTQzMTctOURBOS03QzRFQ0U1MjUyMzV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIwOTIzMDc3MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMDkzODY2NjkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzE5MjE3ODI3MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTg2MTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QTE3d1lqMjdEa1YwYVVQSzV6TDQlMmZpVDJlaHVseThqTWhORzQlMmZPMUJGMm54Tnl0aUhIbmV6MEZJd1BCbkdpRUlUWkJTUUFBZFk1ZHBGcndKOEYlMmI5YWclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI2MDY0MDgiIHRvdGFsPSIxNzI2MDY0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjM5NjY4MCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTkyMzM0NDkwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyMDYzODEwNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTYzMzI4NjcxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODU5IiBkb3dubG9hZF90aW1lX21zPSIzOTgyNjMiIGRvd25sb2FkZWQ9IjE3MjYwNjQwOCIgdG90YWw9IjE3MjYwNjQwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzU2OTUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\MicrosoftEdge_X64_127.0.2651.98.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\MicrosoftEdge_X64_127.0.2651.98.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C866CB6F-B368-40EA-91E2-4D7AE2B24BC9}\EDGEMITMP_99827.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff7c3f3b7d0,0x7ff7c3f3b7dc,0x7ff7c3f3b7e8

C:\Windows\system32\SystemSettingsAdminFlows.exe

"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ5RUVDMkEtOTU3Mi00OEJBLTgwMEEtOEIwOUNBN0Y4RUYzfSIgdXNlcmlkPSJ7MzM4MUUxNDYtNzEwMi00RTkyLUFGMkMtRTMwODlFOEFCNzk2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMkRCRTQ4MC0wNjFFLTQ2MUItQURDRS0wOUZDMkJDRTQ5NTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7aFZmRGpNZEZHNkZnS3MwTno2ZW1yWUNTZzZUUXZEUG9tb2xSYXlRWEJLND0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTI3LjAuMjY1MS45OCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTg4NTc2MDc2NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4ODU5MTcyNzEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzk2NzU0ODgzNCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNTI5YTQxY2QtNWMwYy00Y2QwLTgwNjEtYjcxZmVhYThhMzM2P1AxPTE3MjQwOTg2ODImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9RzBkZFNlZUdDJTJiaEd2WHcxYmd6JTJmV0hHYjNEMW9QRXJrTGtYVSUyYmJCeFV5TnpQd3FkZWprMXlVZHBNT21QN3VqQnJVdG5aNndrWXV4Y1F3OEtMelJ2TUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzI2MDY0MDgiIHRvdGFsPSIxNzI2MDY0MDgiIGRvd25sb2FkX3RpbWVfbXM9IjQwNjY1OSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTY3NzA2MTMzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM5ODE1OTI0MzIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0MzQxMzk1NjIzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODQ0IiBkb3dubG9hZF90aW1lX21zPSI0MDgxNzkiIGRvd25sb2FkZWQ9IjE3MjYwNjQwOCIgdG90YWw9IjE3MjYwNjQwOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzU5ODAiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe

"C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.30.0_x64__8wekyb3d8bbwe\Microsoft.RemoteAssistance.QuickAssist\QuickAssist.exe"

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --accept-lang=en-US --disable-features=msSmartScreenProtection --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=436.5668.17788750266253027721

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=127.0.2651.98 --initial-client-data=0x160,0x164,0x168,0x13c,0x19c,0x7ff8811cd198,0x7ff8811cd1a4,0x7ff8811cd1b0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,8410834106290417288,16237318231750127343,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1804,i,8410834106290417288,16237318231750127343,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=1916 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2312,i,8410834106290417288,16237318231750127343,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3456,i,8410834106290417288,16237318231750127343,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView" --webview-exe-name=QuickAssist.exe --webview-exe-version=10.3.10095.1000 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4908,i,8410834106290417288,16237318231750127343,262144 --enable-features=MojoIpcz,msSingleSignOnOSForPrimaryAccountIsShared --disable-features=msSmartScreenProtection --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1732 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3680,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3672 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,11784784221569437483,2103261718420491694,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7a7fd4698,0x7ff7a7fd46a4,0x7ff7a7fd46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1968 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2096 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1948,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3668,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4712,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5240,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5500,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3840,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5656,i,6080213232603420874,10143688640796020367,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5780 /prefetch:8

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe

"C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={652ECEE3-156D-2C01-93E5-7E6F06E73F19}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe

"C:\Program Files (x86)\Google5488_1631111337\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x27c,0x280,0x284,0x278,0x288,0x73c694,0x73c6a0,0x73c6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\127.0.6533.100_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\127.0.6533.100_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\be2269c2-5381-4aa1-b612-25cc8ebda092.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\be2269c2-5381-4aa1-b612-25cc8ebda092.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff70a3d41f8,0x7ff70a3d4204,0x7ff70a3d4210

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2868_373508535\CR_A08F3.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff70a3d41f8,0x7ff70a3d4204,0x7ff70a3d4210

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff87fd7cc40,0x7ff87fd7cc4c,0x7ff87fd7cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,12867909516461862593,2602520933141442231,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1996 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,12867909516461862593,2602520933141442231,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2108 /prefetch:3

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6e44041f8,0x7ff6e4404204,0x7ff6e4404210

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6e44041f8,0x7ff6e4404204,0x7ff6e4404210

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff88f4ee790,0x7ff88f4ee79c,0x7ff88f4ee7a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files\Google\Chrome\Application\127.0.6533.100\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1792,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2540 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2184,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4740,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4968,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4680,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4900,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4692,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5388,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5640,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5700 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3224,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3312,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=5856,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5864,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5772,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5248,i,7781314547311439999,6141799671178612453,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --wake --system

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x230,0x284,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xa3c694,0xa3c6a0,0xa3c6ac

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.100 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff88f4ee790,0x7ff88f4ee79c,0x7ff88f4ee7a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2108,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2272,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files\Google\Chrome\Application\127.0.6533.100\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.100\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4856,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4912 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4624,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3228,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=3336,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3156 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4828,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=3128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=884,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5748,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2112,i,11535972083049505905,11633094359770922426,262144 --variations-seed-version=20240812-050059.636000 --mojo-platform-channel-handle=1652 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Info about this PC.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault8300e9c5h12f5h42dfhbaf5h2f1a1917c6c7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.100 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.98 --initial-client-data=0x258,0x25c,0x260,0x254,0x268,0x7ff8811cd198,0x7ff8811cd1a4,0x7ff8811cd1b0

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.98\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2152,i,6860918169758183756,6478714723027615322,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2000,i,6860918169758183756,6478714723027615322,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2544,i,6860918169758183756,6478714723027615322,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,6860918169758183756,6478714723027615322,262144 --variations-seed-version --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,6860918169758183756,6478714723027615322,262144 --variations-seed-version --mojo-platform-channel-handle=3340 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Info about this PC.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Info about this PC.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Info about this PC.txt

C:\Windows\system32\wwahost.exe

"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AAD2FE8BCBB8FA4BD54803223F285C20 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9F4885B2F4FCA929438271244D14FF23 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9F4885B2F4FCA929438271244D14FF23 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1D459C903881E2086A48385DE022FEB6 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CFA701BCFCBD0F6460695D43F5776F2A --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9BF920BE3B1F6702C9FBE61E50B6E476 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A4CBA42A7004CC92F7E6B39BA0FAC7AA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A4CBA42A7004CC92F7E6B39BA0FAC7AA --renderer-client-id=8 --mojo-platform-channel-handle=2380 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=60AF4D7FBD241C0600FAC816F54157C5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=60AF4D7FBD241C0600FAC816F54157C5 --renderer-client-id=2 --mojo-platform-channel-handle=1672 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A25CE91D0A1967155AA49604F3210C51 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3C92949971732FA4DEF5A0B7E388B652 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9FAC5D501103A0455028DC49F5B8CC6 --mojo-platform-channel-handle=2028 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C4DC459F1549540C21878006BCC0054A --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15DB53BDDC157DA9277E298EB2E29BBC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15DB53BDDC157DA9277E298EB2E29BBC --renderer-client-id=7 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 22.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 204.79.197.200:443 bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.27.82:443 r.bing.com udp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 2.18.27.86:443 assets.msn.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 86.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 172.64.154.167:443 www2.bing.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 c.msn.com udp
IE 13.74.129.1:443 c.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.11:443 browser.events.data.msn.com tcp
US 20.189.173.11:443 browser.events.data.msn.com tcp
GB 2.18.27.86:443 assets.msn.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
GB 173.222.211.43:443 img-s-msn-com.akamaized.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 24.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net tcp
US 8.8.8.8:53 41.211.222.173.in-addr.arpa udp
GB 173.222.211.41:443 aefd.nelreports.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 3pcookiecheck.azureedge.net udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 chrome.google.com udp
NL 142.250.179.174:443 chrome.google.com tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 apps.microsoft.com udp
US 8.8.8.8:53 images-eds-ssl.xboxlive.com udp
US 8.8.8.8:53 sparkcdneus2.azureedge.net udp
US 152.199.19.161:443 sparkcdneus2.azureedge.net tcp
US 8.8.8.8:53 musicart.xboxlive.com udp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
US 8.8.8.8:53 store-images.microsoft.com udp
GB 184.26.56.8:443 musicart.xboxlive.com tcp
GB 184.26.57.200:443 store-images.microsoft.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 8.56.26.184.in-addr.arpa udp
US 8.8.8.8:53 200.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 200.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 northcentralus-0.in.applicationinsights.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.8:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 get.microsoft.com udp
US 8.8.8.8:53 151.64.8.51.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 52.240.245.68:443 northcentralus-0.in.applicationinsights.azure.com tcp
US 20.189.173.8:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 68.245.240.52.in-addr.arpa udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 30.58.26.184.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 store-images.microsoft.com udp
GB 184.26.57.200:443 store-images.microsoft.com tcp
NL 142.250.179.174:443 chrome.google.com tcp
US 8.8.8.8:53 35.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 60.129.102.23.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
FR 217.20.58.40:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 40.58.20.217.in-addr.arpa udp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
FR 217.20.58.40:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
FR 217.20.58.40:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
FR 217.20.58.40:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
FR 217.20.58.40:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 2.20.12.95:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 95.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
GB 23.208.243.106:443 remoteassistance.support.services.microsoft.com tcp
GB 23.208.243.106:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 106.243.208.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 184.25.193.234:443 www.microsoft.com tcp
GB 184.26.44.174:443 s.go-mpulse.net tcp
US 8.8.8.8:53 alcdn.msauth.net udp
US 8.8.8.8:53 alcdn.msauth.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 23.200.208.174:443 c.go-mpulse.net tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 174.44.26.184.in-addr.arpa udp
US 8.8.8.8:53 9.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 174.208.200.23.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
GB 184.25.193.234:443 www.microsoft.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google udp
US 13.107.21.239:443 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 23.73.139.18:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 239.21.107.13.in-addr.arpa udp
SE 52.123.159.172:443 tcp
US 8.8.8.8:53 18.139.73.23.in-addr.arpa udp
SE 52.123.159.172:443 tcp
US 52.123.128.14:443 tcp
US 8.8.8.8:53 172.159.123.52.in-addr.arpa udp
US 13.107.238.64:443 tcp
US 8.8.8.8:53 14.128.123.52.in-addr.arpa udp
US 8.8.8.8:53 64.238.107.13.in-addr.arpa udp
US 13.107.238.64:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
IE 20.123.1.181:443 tcp
US 8.8.8.8:53 181.1.123.20.in-addr.arpa udp
US 20.42.73.27:443 browser.events.data.microsoft.com tcp
US 13.107.21.239:443 tcp
GB 23.208.243.106:443 remoteassistance.support.services.microsoft.com tcp
US 23.102.129.60:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 rdprelayv3northeuropeprod-0.relay.support.services.microsoft.com udp
IE 20.123.1.173:443 rdprelayv3northeuropeprod-0.relay.support.services.microsoft.com tcp
US 8.8.8.8:53 173.1.123.20.in-addr.arpa udp
SE 52.123.159.172:443 tcp
SE 52.123.159.172:443 tcp
US 52.123.128.14:443 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
US 13.107.21.239:443 tcp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:443 dns.google udp
SE 52.123.159.172:443 tcp
SE 52.123.159.172:443 tcp
US 52.123.128.14:443 tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.206.78.251:443 cxcs.microsoft.net tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 251.78.206.23.in-addr.arpa udp
US 13.107.238.64:443 tcp
GB 23.200.208.174:443 c.go-mpulse.net udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 133.251.213.23.in-addr.arpa udp
US 8.8.8.8:53 206.221.208.4.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
GB 184.25.192.150:443 support.microsoft.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
GB 104.78.168.184:443 tcp
US 20.189.173.10:443 tcp
US 20.189.173.10:443 tcp
US 20.189.173.10:443 tcp
US 8.8.8.8:53 150.192.25.184.in-addr.arpa udp
US 8.8.8.8:53 184.168.78.104.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
GB 104.78.168.184:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
DE 51.116.246.104:443 browser.events.data.microsoft.com tcp
DE 51.116.246.104:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 104.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 20.189.173.1:443 tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
GB 104.78.168.184:443 remoteassistance.support.services.microsoft.com tcp
IE 52.123.137.125:443 tcp
IE 52.123.137.125:443 tcp
US 52.123.128.14:443 tcp
US 8.8.8.8:53 125.137.123.52.in-addr.arpa udp
US 13.107.237.64:443 tcp
US 8.8.8.8:53 64.237.107.13.in-addr.arpa udp
IE 20.123.1.181:443 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.18.27.76:443 www.bing.com tcp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 rdprelayv3northeuropeprod-1.relay.support.services.microsoft.com udp
IE 20.123.1.189:443 rdprelayv3northeuropeprod-1.relay.support.services.microsoft.com tcp
US 8.8.8.8:53 189.1.123.20.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 204.79.197.239:443 tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
IE 52.123.137.125:443 tcp
US 8.8.8.8:53 assets.msn.com udp
GB 2.18.27.89:443 assets.msn.com tcp
US 8.8.8.8:53 89.27.18.2.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
IE 52.123.137.125:443 tcp
IE 52.123.137.125:443 tcp
US 52.123.129.14:443 tcp
US 8.8.8.8:53 14.129.123.52.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 172.217.23.206:443 clients2.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 chrome.google.com udp
NL 142.250.179.174:443 chrome.google.com tcp
NL 172.217.23.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.174:443 www.youtube.com tcp
US 8.8.8.8:53 tools.google.com udp
US 8.8.8.8:53 s.ytimg.com udp
NL 142.250.179.206:443 s.ytimg.com tcp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 172.217.168.202:443 content-autofill.googleapis.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.250.179.162:443 ade.googlesyndication.com tcp
NL 142.250.179.162:443 ade.googlesyndication.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 142.250.179.196:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.179.131:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
NL 142.250.179.131:80 o.pki.goog tcp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
GB 2.18.27.89:443 assets.msn.com tcp
NL 172.217.23.206:443 www.youtube.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 translate.googleapis.com udp
NL 172.217.23.202:443 translate.googleapis.com tcp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
IE 52.123.137.125:443 tcp
IE 52.123.137.125:443 tcp
US 52.123.128.14:443 tcp
NL 142.250.179.196:443 www.google.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 roblox.com udp
NL 128.116.21.3:443 roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
US 8.8.8.8:53 www.roblox.com udp
GB 128.116.119.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 104.77.118.82:443 js.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.95:443 static.rbxcdn.com tcp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
BE 18.239.208.88:443 roblox-api.arkoselabs.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
GB 128.116.119.4:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 82.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 104.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 2.22.144.104:443 css.rbxcdn.com tcp
GB 2.22.144.170:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 auth.roblox.com udp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
GB 2.22.144.71:443 images.rbxcdn.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
BE 18.239.208.88:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 170.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 71.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
NL 142.250.179.138:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
IE 52.123.137.125:443 tcp
IE 52.123.137.125:443 tcp
US 52.123.128.14:443 tcp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 auth.roblox.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 8.8.8.8:53 www.roblox.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
BE 18.239.208.7:443 roblox-api.arkoselabs.com udp
BE 18.239.208.7:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 7.208.239.18.in-addr.arpa udp
BE 18.239.208.7:443 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.206.78.251:443 cxcs.microsoft.net tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 2.18.27.82:443 www.bing.com tcp
GB 23.206.78.251:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 account.live.com udp
US 13.107.42.22:443 account.live.com tcp
US 8.8.8.8:53 22.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 177.192.25.184.in-addr.arpa udp
US 8.8.8.8:53 59.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 98.12.20.2.in-addr.arpa udp

Files

memory/2340-0-0x0000000074FDE000-0x0000000074FDF000-memory.dmp

memory/2340-1-0x00000000001D0000-0x00000000008BE000-memory.dmp

memory/2340-2-0x0000000074FD0000-0x0000000075780000-memory.dmp

memory/2340-3-0x0000000005970000-0x0000000005F14000-memory.dmp

memory/2340-4-0x0000000005280000-0x0000000005312000-memory.dmp

memory/2340-5-0x0000000005810000-0x000000000581A000-memory.dmp

memory/2340-6-0x0000000005900000-0x000000000590A000-memory.dmp

memory/2340-7-0x0000000074FD0000-0x0000000075780000-memory.dmp

C:\Users\Admin\Desktop\AssertPop.svg

MD5 315bc409d46b109300385fac2a0d000a
SHA1 e6ae079942bdee61b7825a1667525c545507a96f
SHA256 442ffb0de81dca713ef752fa31e8a6e295d9fefc37962ec7137aa6e4efb286cd
SHA512 4378d03da02ed99619a4a43969102a7905cf64eca22e58382162eeb8c2b5012a778df730fe3c3accaf2208a8ad3e4dc3357cccc814be1b5fd3f023f240eb0fd4

C:\Users\Admin\Desktop\AssertShow.M2T

MD5 f0e9ff17ae59776a774e06d828af6908
SHA1 197d6e86b0507751513c23f2bec5eb199f0b8bf0
SHA256 af4dcd53d90993f0284905122949b23bb818049b46a8411ec2b533e4785117de
SHA512 06db571a22767f5592790fb8d473b83cb6c4fdae44d4e41061312b02b6fcd3c8667596cc1b3080b21ec499ee6c6ebc458c4383006f402eec9fd87c4e21226da9

C:\Users\Admin\Desktop\RevokeConvertFrom.mp4v

MD5 523e05c213188998715539e39feac2a8
SHA1 86346df9e8d28b9484bf796724e9fdde7826b960
SHA256 dfe3b6e86ec94e462f9ca2731bcb0b195def21a08eece16d7f5614afbd6c8c59
SHA512 d3d632fc7848554c22a175a6e7928d76b3496e30c8fae41acf066e7b00c30f75688d5e1f1792fe7c25cdc942d72968ea951df286bca3469be17adb408b90b83b

C:\Users\Admin\Desktop\SaveReceive.vstx

MD5 01df11d11d2ce61da5a68dfa2bb59b74
SHA1 b0ea06c1f03e55d791f7eee07e9fe1bca4027366
SHA256 ce0020fdf26464a3783ca62dfe7ed87ad42ad87d8ed0d8c1aa667d749c494428
SHA512 47e8ba088419262fff312f154205976fc33433d19191b222e0e7b9d88ba79827ae1cc1718ac51924bb7d360091c2a4848f2cf01da9f6fac97cc6c3aa230db721

C:\Users\Admin\Desktop\RevokeGet.wma

MD5 35b29bdf673f6418dfac89b538c9ad9a
SHA1 7a3a250fc948573bb16712daf55df970c7efdeb9
SHA256 175af819fa35a646f6d007e47d2189e82ec115dd99dfe158b6e2eadfa94b7d2a
SHA512 2023d95011c5dcaadf7f58b9b880b441912453777d6b5aa271742c40b7d8e4e719f88a826f2cbaff07abdba2319fb42c4a932a0b6ff88d6a3f97dfe83407c732

C:\Users\Admin\Desktop\SwitchRequest.docx

MD5 d1910df71f6968c2251edf9e1ed26f34
SHA1 3ca3492ea7764937da575f00c33b2fb0352daccd
SHA256 1c4f90832077581bc809df9d3d8bbfcf620e2be5077eec5b8a097af2dd33c177
SHA512 14ea5e67614b7b1677d2a6ca9fb77b124b0ae680fb854b9ffd6a7750397f50dee2fce4f666082b7fb6746959cdc1317280d5c6a020f880e2111cd7bed2b7dc05

C:\Users\Admin\Desktop\SkipApprove.docx

MD5 e52679c438c7fd0a6751aff263156fbc
SHA1 7cca473b3242ad0d44c3c950db657ed670b4a07f
SHA256 b224c84e53eef159e84e447c1fca9111fd93148b041bfd72078f82136f4c5287
SHA512 0b4d67e90380bdb88427c1e9f3cb26af030f0375aa06aef176b5fdbf912bf1ca79b67d1872d7f301bb98aa0601ec79a6af9a0bd8c0bef3f754a83111d067a468

C:\Users\Admin\Desktop\WriteUse.mpeg3

MD5 414cc93cf01e25f2278a83141424f7b0
SHA1 d88877188f980471b970db411913035a702397c0
SHA256 23637f51e1bff8865823002b383bd3e4ab8f7818501b63838ad2ed9f5f49d3b2
SHA512 c95abe790b9b92589d6b5de01c13a8b667f21369cc600ce8c16db4c1785790f60c3805f5d92e309afc556e27134eb446c6302dc397a8efa4ddbf02f3684b54c7

C:\Users\Admin\Desktop\UnblockPublish.jpeg

MD5 15721854d64411b5249d5d2daea9bf0a
SHA1 1443ebf1146ef8dd3e8a9fb4d6f4b834eb723518
SHA256 6485cf6636625051882f6c27b1e81a53eb294720930d5aba2d9e171173c9f55e
SHA512 1093cc94ed88a3368b4e73bd06d8e9d431a221ca3bb3739d486db91f46f0e4d8eb20dc077258e2afdf8a4783cb3b750cc16a481bb44a4d3dfc0a3d82f88f45f8

C:\Users\Admin\Desktop\SwitchUninstall.htm

MD5 166d62ebf0b449b6afece272e0e55695
SHA1 cc505f9941494dce11003ec518d1882f2f1a4ccc
SHA256 429f330309013cc1e29cbf944eea83d7db4c2855efa14cec4ca579d57823bd08
SHA512 145868bb53d3c2f779108e1687ebed5f3474d515f2925bd56c590669653aebd2046f2f50725fbb873472242362a886d15cb7e1857c8d7a8d38dc68c88baca672

C:\Users\Admin\Desktop\SwitchRestore.docx

MD5 9499e7f2e9f30ff12028078cd6121e8c
SHA1 4632f30bba73bea2be0680bd2e4d382f5a784765
SHA256 058d225d92e8869ca58cb2b2aba6bd9d75550109eb7bbc2ae9fa541679cf1400
SHA512 19dcfc80d42517f49e13c1a02a9b64f3d8c45dbec1493d0ca11e07ecfac02ce91e9111fe4dc031cfd29694c229b295e09975438d2ea7cb69b7c793eeb2c094af

C:\Users\Admin\Desktop\SkipSubmit.mpe

MD5 3ef79e78c8bc7255050eb5f3124df79e
SHA1 977f41ef21261bc9496744c66d59f668c570c334
SHA256 7a494945da2987138fd8d7f466956378471414d90511794d29e1f77051c583bc
SHA512 3f967c0adb4e99248027b8321134a64a97c81bed25fc8c90641b6c6cd9c4ea413c7a6463e2905ab1bca313e7aca370c40e134462f0accdb1f81be4b574f65be0

C:\Users\Admin\Desktop\SetMove.vdw

MD5 309fef7939d17398904fc0b1e3768ab2
SHA1 55904e9f686a7ec11794fd4c3c1d9b171b86cf17
SHA256 bfad3bd6d98a80ccf9250245099a90c0686293f0e1aa3c4c9ea617befdc5de7c
SHA512 cfdaa2ea03c37eeb349ae1a01cebf82cf7ea5ac8c909750499874fdeee4e4bebbb17b8a4abe531cd510bf3e90d25dcd2e35247cd599f56430bd3d07cc0e59a76

C:\Users\Admin\Desktop\SendConvertFrom.mp4

MD5 e5a1348ae75e0645bf29b50ac04aa676
SHA1 d4e0513dbd5eb70a30c48fbbbd59c9cda7057dfd
SHA256 c13e68ed08141d845498a8e35f35a96d51b7044a656f11aeead38085d6b1585c
SHA512 da3b98f2350e62e1496735cb15c8f76847bb157a7ec2a5d5369016567c37296408073ba51a647435552674afe6fcd9d07c8ec608320f9e48b040d262e51fcd8f

C:\Users\Admin\Desktop\SearchRegister.vsd

MD5 6de68e8638a2f07b14d6c8f451afe342
SHA1 46795b39027d7415feb4f04927abcc36e704a477
SHA256 43d8a2dd948bb2118a27aa0b987de8174088712b2a0922a0777a3f9ffa380964
SHA512 5148ade63fa937a46c2f058e397f381eee4c14f463dfe82c95a95efaace009b3f2e3c2a3f6af977f1dacaf8840ad839cd2cdd6c4967f688b8e81d0385934aedf

C:\Users\Admin\Desktop\ResumeResize.cr2

MD5 a988ae24624ff40dcda4ae9949b162fc
SHA1 f68b34d929d9013ddedfd44cee35733725bcd3d9
SHA256 2f1f67f96d3ee802ccd980f1e8c657ab543c20bbcc35f605be00cc2ac58d825e
SHA512 a40ea139aa38c1666d2c8d9d3887695d01ea14f7e56fe7600725b56f6fde963ac40df43f6bf0fe3ebf307c4cee0a62fedba6b6f439fdd977f8066f2a4b521e39

C:\Users\Admin\Desktop\RestartTest.fon

MD5 170b3a0c3725d1469dccdd1be5c16cc4
SHA1 7e3c2e45e1dda8da8bf337ed943767c113912024
SHA256 b53ac9e78a54acb6d90b82597e4744c507b7b3e1cbd94e1a3889ba165821727b
SHA512 a39bf8912f034f83e3e015d7371e50baee27d77814206ef78ac98addc467191375b8e6b579c16104ab19241404abb65e2874cfe5e10f817e110abd8286606dd0

C:\Users\Admin\Desktop\ResizeJoin.M2TS

MD5 fb242863a7874e88e2094eeef615cc38
SHA1 e1d0e0179054ab7f2f351246f4d6bf6579316c46
SHA256 904135660e4fb6eb7f9e5ab68d44fef59604a0ac3f334b11c2091ed31cb0daec
SHA512 ef334bec2a738937cfd7cfd52dec9840e27403c115e8bba5298f703c0babaeb6387f39f1b72f966c7b470fe9da1000da47e11af616d6db25f877b2550ad17fde

C:\Users\Admin\Desktop\ResetDeny.reg

MD5 1e7aabd6d68a24ea961dbb4e3c9a77d6
SHA1 754ae9dd6dc41a4e79f25cf57a149fef4dd94991
SHA256 16877642788290cd8eaa8375b24643979464681dd0b1861b7b7a48e307981e56
SHA512 ad76b58850288e1d025e624f9be173598056c2dc27bfea24a8b2debbe910ffa9a687dd05a3bc4c7140f0154b7e7b65f40245d9d21a867c824926fce4cb3bda18

C:\Users\Admin\Desktop\ReceiveImport.txt

MD5 fc7450820e5534fc15767dc2e17a4f3c
SHA1 4521bda6e72bec6d1728a16c97bfc693f1765979
SHA256 1ba076c0f230b53eb04816609d501f5116192b9cda3eef2ecb72d9753a896f3b
SHA512 e22d00148a8de19964f9c6865b5b1efab0de8fa05e54346025ec379e744c14c03e7e28a4bb1f26befea0b3b2b09ae3058cee22f67977788e379bd411efde3a55

C:\Users\Admin\Desktop\PopSync.rar

MD5 d6a8cb7d40d924e721686e465a99c78c
SHA1 2ec59e10e2d285c87bded6065f6acb139959805c
SHA256 49d54ab0c4092d0bffd311e087184474a84c3deb412edb7469f99d2c5f3f5158
SHA512 a444018ab162d4274c43da7754f2aba49fca7cc02cc5d1ef5112865fb58c6db94e33f022cdcecd342b88144e82c6b9f1e70674f1830495aa0feeb00c165bacfc

C:\Users\Admin\Desktop\DisconnectProtect.scf

MD5 bd53c7c6577e9602943a1a60a3b80cd2
SHA1 449bb78cbb297f77f5a0c533d615788a7917e294
SHA256 b3cae41079a2540800518744a784683322f63e92dcc4512ee9841413de6d3fd2
SHA512 7267a293f48a0e21e2dcc7eeae80d02e4015c412e32f186ed3df6b790e2a487945ebb0c9e9101378e7d952d3539bebdb9fed46029d7e366053faf3eba2922747

C:\Users\Admin\Desktop\DebugRestore.rm

MD5 2e84c40ac7b5de912bd6960b5cb532b1
SHA1 6cb1649587c7a64b474e9aeacb5a93ae036374d7
SHA256 ba14c7182b9312df39bfca654d364931d1939cad74353a22a6f10705cfc82c26
SHA512 bf79f688c6ab9d2393ce207db26087eda580459edb83c18177620ec3e416520e48a325d91dbea1b62b2256b9d8966a5f935385e7a2e12ca9d721bd4383ae5684

C:\Users\Admin\Desktop\CloseEdit.vstm

MD5 9e0958c186cf4829530b207d1c90108b
SHA1 9429581044b62f840b91b23200479f399f89c41e
SHA256 23fc2b774f6c2244051b53d9fcf636e110c81d1871a5ba542ca660c8e0693a58
SHA512 1bae2545c7f51980687a718f08144e19b1dd26da8356062cfdaa050b27fdce1c209f09ba6736373d7067ca74afeff38093c91935c409efe54c4b390e1dc6f559

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 34b304614edde13537f4fe5a999ef255
SHA1 01e2373e5482da1362987e5eecac4e64422ad065
SHA256 f19cbe94d9908d80ac1e77aa907612d4473276a8365bf3634f1e85ea88e259ca
SHA512 20788433dcb0268ca8e576c71de1f40ce5f5960f242c28b0580683ba635449403e7f7d4e0775f55fc650230227d3a1962882ceb70d1ef016658216e4b3189acf

C:\Users\Admin\AppData\Local\Temp\nsqEED5.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-uninstall.log

MD5 83f3e5b21e074943f69f41182077e018
SHA1 1e95d0619856367b487aefda59ac946b1e14433d
SHA256 2921fcd68dafe7b58abdd1b1ae94406c0455a9f03130707b71e7079e9d6c50ad
SHA512 db2d8d83acd15368b717f5d1e8ebd523893f48eaa59b564a44decccbbced423b0c50d19f1b93fae72a36baeca45763c023869fd7b2943ddb5b0dd81b4746320b

C:\Windows\Installer\MSI3033.tmp

MD5 9cadbfa797783ff9e7fc60301de9e1ff
SHA1 83bde6d6b75dfc88d3418ec1a2e935872b8864bb
SHA256 c1eda5c42be64cfc08408a276340c9082f424ec1a4e96e78f85e9f80d0634141
SHA512 095963d9e01d46dae7908e3de6f115d7a0eebb114a5ec6e4e9312dbc22ba5baa268f5acece328066c9456172e90a95e097a35b9ed61589ce9684762e38f1385b

C:\Windows\Installer\MSI37E6.tmp

MD5 ee6243df5ea48d929da4790efeea45c9
SHA1 9c21d62d7ffca1c68e615eb57bcd5d4ad3d090db
SHA256 0503fcf7646daae6e5445d8c5f248384542d2eeab4c7d8ad3cd5a47759759a48
SHA512 283c6a7bf2bc0b3c2dced9ea7c763c71b6d68c57da6845985f8faaa9cb7649d945a3be2127bbc1e77be792f925e14cff191c9d6bdf821635d438f985feb7753f

\??\pipe\crashpad_4172_AMMMRSMJIFELTTAJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Windows\Installer\MSI4EBA.tmp

MD5 fccdc45ca17e5180b40efc28052bac39
SHA1 cecb5a7e8807e619956183897a64930ce56294d6
SHA256 4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621
SHA512 67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2c4c650bedb9944241918ec9d019d65c
SHA1 754238305c57257ca343767eeb21095b307429e1
SHA256 6ec0ea2e1f5aabbae1888f2a53fdb7dba2a0f3f016529f093a402bbef65e0ffd
SHA512 50627a7c3a880a1e5cddc33381a480f72f909b55768a899b24d6e2633fc64859b5140467ac8ed99614897447fde1a2e817d27014e34307f2d90149d262879adf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ebf906607b4c7878b94017fe2d51f819
SHA1 e6d33b8f5da875b38f7f2a4bcc4e86ab802354f5
SHA256 b8021284b506eae83793328c9a006c75fe00e5fa3a8b5cf4c937273b7b36a7a9
SHA512 72d7c0cf1414a5d2d81c893eb742da38bb457aff7960ad785538ed8248b163dbffd4dc039a4fbd17efc17b0c99d65fb819978138db32363efb2de735afa89e0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e7386399a791474092db896590046d2
SHA1 51caca93e611cde13981d0a131ad00384201d314
SHA256 c904bfbe22bb5216c39fab6bd37ebf1eac8949399b4ffd0799f38897362f2530
SHA512 acfc5f1196a6570f0c5e8cabe31549f95d2deea580af0e39fed158cf314710febe36529e0be58ca6d7979a3e960becf0e71a6add71788fb6c4db2db102021b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 67ce159168cdec489385dbaf2f68c811
SHA1 57fe4d434b10c176ccaf22d716ae6ae76b7175cd
SHA256 0da35bbef1f4cf69a9ab6ff5d74da634cd9e12f9e1c2abf2b578dcbc4f435ef5
SHA512 2f2cc9464f1b9d755e17f8c35a58c2d67d5fbea5e7964f0f30aa2e6ffd98c3c54c92b1f7c2bf380aa1879b13330f173cd2e8895f23d0a3c7f4830d6f32487e6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 920c001b26b45ea04c765fdc4e2fee87
SHA1 857d26d2366879cf4210a81301845d259b275fae
SHA256 62c52589962e9a35dc1e273a3408e7a3a89d614421bf255419de342bc8e1832b
SHA512 e1d310330e565d6dd9eea7343b2440f3735a9a698ae8110d22e711e63369985983665dbdfa813ff528bc7feac529781aa099297dd9c4901a2d90a6d8abf32c00

C:\Windows\Installer\MSI85AA.tmp

MD5 f15ef95ebdb50557e7d56de123dfd88c
SHA1 cf4b735ab97d982c7596c18eb2ce0dd5e192235a
SHA256 4339887d03bbd8801bf6bf531e9445e9b2f165aeed71848f46a15a84ca1830ef
SHA512 ebf6f97a2dee732fd952d9ecb943fd476436540dfda1f742ca79a7723f8128872052bd9bd8c7a2e2a062381f0fc2e92cdb8cd93b788425b261a8c77cc5ed16ca

C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

MD5 17dc54ade85613728a43f2d733527c5e
SHA1 6420a7744edb234f8cf989b7f261265baa381e94
SHA256 8c47f981e1a46a42a268f53ef1b1476555a54bed7077f7b13b1e562c4c9c049e
SHA512 632541e69c61398c3eb07ea7b8e7a21a6a765b592939f091bf8319cacbf7f294860e5f80c82e8e7ab29e2a20e67dd4d1e34171b2c5858d30ce9b9bcbe167ee43

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 f9576b11ffeb5e0c7341414a7117fb2d
SHA1 14b13963f177511076bc2220ec3ea6c2e25348b0
SHA256 c5e519cea992827a8e147b36d5d6772335928f9442a3c4be2a62b6ca5e604a60
SHA512 21775436d48a52dbf642d5dc61ff4ee53ac7102ca045093913056fd8cedd29170c83ff173525df609a8505e77c9500f1e1b13733036a16853a67b544acef9abd

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 ab74bdf3d2b099006c167782fa77950c
SHA1 7a816bcf7760e6454354544f909710dc1c42b35a
SHA256 436397170e1db07d95dc8533ea58c75b2f55a32edf4e39974d774e27c9137bef
SHA512 76af7f33543556e2796e60cf1abd034ab51845532ec03605e24f52f232ea4a662064117324d8de6203881be280c97fb41e3b9531e8255ebc3de3e6b45e0de94d

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 422fb984b6cc9452965d3927067bde06
SHA1 7d2da4d58491a692659000706a6c7a3c53f92be2
SHA256 8a0ac055f883bd5b508423c8dd441b119b70fb4827fa433a7543aaa0e78a57d6
SHA512 28e4a729f5559a6e0c49141054b27ab1e2e30d15e8750e96e5b5c2f19216098ca8c858ab0264989c9abd87b84fbe61685dafc6ce644ac92eac9ff2a8f3c96f91

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 dbe00837ba9bb3e7660334e063626961
SHA1 810a55506611a31838a193f303f18445c8e81bfb
SHA256 e932d15bcd046f5c508c8238881478367386b57faae951a217b5e930c8c91e1c
SHA512 d750fcb8ef9a7fc4fb964f7dfeec955d98ce6a2f770faf8a2457911b6548efb3edde25e4cfb19a843fc85870ef2edab0df321758a493d612e8f08b6de8c9ca4b

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 8e7dedc2bd98e9f63efe8ff908f70c6e
SHA1 226154bfc2156f6c630db058661022fcfd19d8f8
SHA256 a1a324115b127d35cec06d44a0ace447e7e3f16a400701158af521215cac1a9f
SHA512 d23cd6187834b63a4a584b9ff364f69c89122bc2332912a2fcde852582bcf58debe22c760009c59f9ea1a18ed6d5a94e494ad67395e9fcf485009af9d7d90ca4

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 b68b9f30adab4b98ff2f5e3f154cc6f9
SHA1 0551bed0b2866f6037e9341dc3d6562ae999b10d
SHA256 b27ca1264973abaa55cd66f05d546af31f3857bd8225117ab41fd1a052c8c418
SHA512 899543eca4e4288f1c0a33124b300e8807cc1062793eb280a2c06299ceec0d63eec5391e27cfa45fb1e60430a9debc6f62ba253222dae6998b78b6d3752b242e

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 b84d79b1d7de4220e8eec5790f836753
SHA1 04f1bbf05d995c07fd7e4543acf303ab0615acaa
SHA256 4f4192ea5d094a85b7e1b2142c0130aac29a31637a0a5971258f72b0a52f3d30
SHA512 22434111f7008b494d304814376d252cee5b69513e8c9daa828d6aa46d2cded9246a31ca0ea1441ae0efa36678ebb76d4bb0002e8ec2af4f0d485fdec57b9376

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 7485b3b7fc3cafe594a0b2f91d40bcff
SHA1 41a22d61ca10da6692c44b4ff150ea72e2a50200
SHA256 42b322fc0ab34381e346a866f0ee558552f9408f482f2b277c29c479c9dedb18
SHA512 8cff006b4b68864a989123a50f7466a69b3b70b38c7c1a3ef3f00fdb06a4cbbc7c69639776f4ed87fb13b718c4c7274ee5c67b61fbc5c8139c35a2778786130e

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 0850289c5af9feca9de7565b3f9ab9af
SHA1 5e348b1d92c0a4a319e5f6655500897eb11c7d79
SHA256 9bd5c7d2e06c79172eb338ebb90a3ae3fb5c79303a76807f619bf02844bc90f4
SHA512 e16497444a922acb5006a87f2b7c17e7dc7234b1dab8fdbddfb64a34f1d7893e05c4fcc8afb7b71a6879ffba0e8050d5294625a35e1ac5bbb3d4be4420968288

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 0fbf428a69d35b678694b19933238619
SHA1 f1c4e51950d9d6dcd8ea4a582beb8d6b4c6cd3ce
SHA256 c749460400a7ba3597e90ee3d8115fe5bb1e58fc88b7a8463d3ca92f2e995b21
SHA512 97e6527684776d761149b4ffa01853533b19332a5b96d086072fef95d29171a15c9c0db0cd77c26afa85439562bff743e044dd09fd5c8e911ee188ed2a2f36ba

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 0c8c9cb27f6fb9b058b3ba3397fc0bcb
SHA1 cffe133c0e83130c88d8482fd394c487b75df348
SHA256 dd26f2b369c18e7410a5f6f5e909ffda5d95cd420baf4e195eee546c3579ecb0
SHA512 1b1a528b31db1a630737ce2c891a1591a207d88d07e75d246d997019c8e75110af1c1306f01746d6cdb2198a7a07fdb0d7894c3809fa755a43354b087ee72299

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 2b79f542a951a0849fc1fc513dd9ba6d
SHA1 e625127e7c8679225af8d2d30a6fa452dd254ffb
SHA256 5fd2a8d331d7832ca36d49f7efccb38153f09ac18c8e7fadcface2dfa82e1b52
SHA512 eeadb276a70a4e4f9c30238de74f35ec0d73b8a5229c4fac3f8c95ecc90bfef45d46445fd0435badefe87826fd6f7ca182c8e5ff1b4260d74f624d0ee528394b

\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 417ebe9937fc4e46cdd9a9428c0cc8f4
SHA1 3511b6e46e9af50ef4f0a21e92765d8860922741
SHA256 3ac9316d12df76130310bd384d4d5447b1960c5f979a89ea4acb4388b8ddc2ae
SHA512 5e623523ca9c9e9e8c1c8c5927afe908510af9e4018fa7bfec80e97696dc05ede10926a42c10ac3e8e577b83ee67904ec52b993e3fcd28579c7f16198c3706b9

\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 f633d610aae580b37777624390b0f041
SHA1 936cc951785f8fcc57c3c6426a7cf0a61f940a69
SHA256 e6984e662a5325fff1046e1e0ba8707020235e4eec484204dd93776bfb98d1a4
SHA512 dae1e792ebc6f5c74532d24fc5ab779657a387110ae864ccf649d785dfccc21686514aa7ecfc3b217ed731f98d1ed23cfcbbf474975a8fb9410f2412b7e4b04c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 998781fb1fce8f570c41bb81f8a2602d
SHA1 320b5093dcc7c653cf4a02b4ef44782e13e94406
SHA256 05978a4a1027724941875aab2c292aa13e8957e2e3ecbc698df8f33754cd8bc8
SHA512 0dd623e4459e838884f725ffdc6ba3e996a104e79fcb2d55b7910d20840f9bf93df821e8209189fb7983b64d2a2567f76001d48f7ffe87c6939cf3192f947760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5d224f40-d048-414d-b85f-54d1f178f972.tmp

MD5 b467db4f1e205d8bd4ddf8126067c641
SHA1 bd884f83b06e6846a7522fd4799227f412dc8cf7
SHA256 ecc5f09ea8e934d51f2215ca1d75affa5bd7745997218f6016525a4c09c942c3
SHA512 d6496fbe2cf7d51b9ceafd0531eaac99f7cde2dc448a99eca248300ef91fbbe33b7cfb732950b557cd8dbc810b46209f502fe1a9a44ab50cc905ebf2508580fb

memory/5752-1002-0x0000000001560000-0x000000000158C000-memory.dmp

memory/5752-1003-0x0000000001540000-0x000000000154E000-memory.dmp

C:\Config.Msi\e58318d.rbf

MD5 745897fc2816625a0e5f1ac0f9af16a2
SHA1 cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b
SHA256 5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62
SHA512 7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2

C:\Config.Msi\e58318e.rbf

MD5 485f3cd5a94355f8e6b0aa101abd9f04
SHA1 a91650f4f103fdf08c8c261cdb1746aca658229e
SHA256 ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8
SHA512 31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794

C:\Config.Msi\e583190.rbf

MD5 57626036538c8abbf5bc761c8ecbb274
SHA1 f3dc829a302cd7e268b566eff47b9c5b3badc33c
SHA256 aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2
SHA512 2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330

C:\Config.Msi\e583194.rbf

MD5 b4c6016286bdce7c51c3634999f2ea5e
SHA1 c446378afc6b12c372bf4dbf33efa61e9f7fbbda
SHA256 a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a
SHA512 a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d

C:\Config.Msi\e583198.rbf

MD5 3e3b6511ef707e9d2344b320407ca1da
SHA1 af55e484ad47daeeaedc5efc0d301ed8d6a7be16
SHA256 8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636
SHA512 a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30

C:\Config.Msi\e58319b.rbf

MD5 d80746b2f94a3a28e380735d4b8a9ea3
SHA1 adf85a8d951e2ef30100f88bd072d333839462ad
SHA256 45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218
SHA512 cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1

C:\Config.Msi\e58319f.rbf

MD5 e1eeb7e26ab04075eecc7275239b20b3
SHA1 ba62b37d4233b88948fdc2ffed08f3c82e8627f1
SHA256 d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7
SHA512 dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262

C:\Config.Msi\e5831a5.rbf

MD5 c1e58c73d935540d0673dffb303aca5b
SHA1 2a95a12c512a2aaf29587db1ec4271cb92846bed
SHA256 3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44
SHA512 471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3

C:\Config.Msi\e5831ab.rbf

MD5 7273fe5d0ce6473e646ba240e3fffc8e
SHA1 af11a7b48bde2b1046779147c84d3287a469639f
SHA256 d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd
SHA512 9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b

C:\Config.Msi\e5831b2.rbf

MD5 de2943783e864e16eb161a507dedcd3c
SHA1 577774c71730c72d22a80e5d049073fc23f8023a
SHA256 6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe
SHA512 00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec

C:\Config.Msi\e5831bd.rbf

MD5 97cf058f86fa06f7e5893211dca28a42
SHA1 17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f
SHA256 742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e
SHA512 84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb

C:\Config.Msi\e5831ca.rbf

MD5 a06591a7b689e5fe00f6755a180af130
SHA1 a581485fe2c6d9acf795e80c7d6b0f3a0e721584
SHA256 6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4
SHA512 bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff

C:\Config.Msi\e5831dd.rbf

MD5 bc9a83d77cae33f9eb9bd538ab65b2a1
SHA1 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8
SHA256 d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c
SHA512 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57

C:\Config.Msi\e5831f4.rbf

MD5 d2d2a9e08ad2df5d73ca0aa0797cd96a
SHA1 f6050bc38d27c805daa078383506b93c5dd854c7
SHA256 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879
SHA512 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de

C:\Config.Msi\e58315e.rbs

MD5 7f3de6853fa6292ba17b2adf1363e618
SHA1 04656d0f71278f326c1f62e58575064d8efe60c4
SHA256 5a6abf5b80d36755c2f7277001342c8b00754a9a9eaefc23ba089f5416a19a2e
SHA512 a1fa687d67bc4bb2132a3aa869b2be875be0776b3cd364dd19c29394aac6c39243e87e4307b8913ffc6fa7448970abfa4c81d4e2c834377cd5397ae022caf9e3

C:\Config.Msi\e5831fd.rbf

MD5 d8a76dfe6188e600bd7a8480dcedcbdb
SHA1 40080e226be118c2a0a8f9dd70879467ec09f198
SHA256 a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a
SHA512 9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76

C:\Config.Msi\e583200.rbs

MD5 0a54747236663177f6ba3f81bd18864a
SHA1 0472a54984e315fae26d686d3bbae718ba15af1a
SHA256 9f83be5afc63c368e80da5979019001dea87e2a275b803459672e5e6b00bfacb
SHA512 0e25f191a95f26dad3feec331b97f073e080f760a9539ce81fca4fa8cdfbfcf780b1c1e595c3e32a4bfd90c5037a98a85536f4d2f13f7a932d44f0a3511be32c

C:\Config.Msi\e5831fc.rbf

MD5 1a063e60707636e76e61ad9784bb1eea
SHA1 baf498bac402a29b1330fcd20cfbacbc5d245cf7
SHA256 878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5
SHA512 39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65

C:\Config.Msi\e5831fb.rbf

MD5 683fc126a13b915b3ff36735ea5ca5fc
SHA1 d1ccfdf78919f51b09fbde02c2cf0f332601bd74
SHA256 b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929
SHA512 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9

C:\Config.Msi\e5831fa.rbf

MD5 4b15c6de8b0cbeb6d4d7d6e14b9ca7fa
SHA1 af3b589712be828302778a6e248ebd659fcdabfe
SHA256 7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85
SHA512 1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491

C:\Config.Msi\e5831f9.rbf

MD5 9f735917c0bba0f42b40e719047eefd5
SHA1 d8c1ef036b9d841db86ffc76d9150064ee836cce
SHA256 7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83
SHA512 65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e

C:\Config.Msi\e5831f8.rbf

MD5 54c12705dc6a32282762bbc4252e2b9b
SHA1 2d1fd38b5f3db7c7f0d7baee446a00099a506d50
SHA256 a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc
SHA512 c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf

C:\Config.Msi\e5831f7.rbf

MD5 18a9dd94b5112ea94f3fc9fc22ff8409
SHA1 97a0b82343ef1599e517946a2c3c259b61e53ca7
SHA256 55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e
SHA512 7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6

C:\Config.Msi\e5831f6.rbf

MD5 32f2ac5f45b93b733cab1865affd588d
SHA1 5062e6d2a8c1e06e19c9f0b29164915286ece618
SHA256 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5
SHA512 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1

C:\Config.Msi\e5831f5.rbf

MD5 158f96bd130a9f3a1f7e91dc611e8b7d
SHA1 207264f61e8d8cd77c7dd82e7c8c38927bcdef85
SHA256 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55
SHA512 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a

C:\Config.Msi\e583218.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5831f3.rbf

MD5 facce237d5cc5e89d8e92a36289f588b
SHA1 5b91fe97781b107df2754a5d38807a597f1d99a2
SHA256 ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9
SHA512 f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0

C:\Config.Msi\e5831f2.rbf

MD5 62faa6fe395c5810fe4fceffcba62966
SHA1 ed830d3d1156c3a5ea6502148f4347af0c4a8051
SHA256 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099
SHA512 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54

C:\Config.Msi\e5831f1.rbf

MD5 aa8ef0154efa83de1c2786ab1cb76f37
SHA1 5e4fcdf55c34538dfdda172a985731019f74898f
SHA256 db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57
SHA512 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd

C:\Config.Msi\e583204.rbs

MD5 dc5676dbe2fad18aafa6284838c19c47
SHA1 9f92db1d640ea717ada0ea4c6443effbabffa36d
SHA256 939c5b43192054c748f59da3037db0d0c07f43aacff745e1957c8f48cfa81d57
SHA512 a8b7baf45fc1c0be53d0c7874e4338ac07bfd8d613aa55afeab375978450ecdceef798bb557714722cf4947926bd1ad5bd407385210794bf12007e7d67e049cc

C:\Config.Msi\e5831f0.rbf

MD5 fca2f9f00de26d0b5af4881836d6337a
SHA1 b11dcad7c00c2c85354b131c796ae34bbbefdb38
SHA256 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501
SHA512 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738

C:\Config.Msi\e5831ef.rbf

MD5 c30dfa5fbf9f2e6d18ceb7108923fdfc
SHA1 523c4b9043cd6d722c01215f64173b9287623d76
SHA256 ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8
SHA512 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2

C:\Config.Msi\e5831ee.rbf

MD5 93030b5af327ece3ddc3518410e1af59
SHA1 4be27729a906169d2afcf025e10f308fce35056c
SHA256 ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650
SHA512 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d

C:\Config.Msi\e5831ed.rbf

MD5 218e31b07c6e07633a84f0248730e220
SHA1 47ee36529b741f3d52c487e6dad151f516c2eb5a
SHA256 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec
SHA512 e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0

C:\Config.Msi\e5831ec.rbf

MD5 9002a577c07ab2b99979435cd8b67acd
SHA1 5b3c6231c113b726ddd55fd8a8e3ae84b1526820
SHA256 c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1
SHA512 f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47

C:\Config.Msi\e5831eb.rbf

MD5 4d4774a30da56119888490cdf3157b09
SHA1 360221725daa9b7a14460fe6939d54b2173fb8d1
SHA256 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7
SHA512 eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130

C:\Config.Msi\e5831ea.rbf

MD5 7a016cec8851a57b2f0376ae6d1fc837
SHA1 f161f9d8d7b073c1f17f55719c37124969bd7d2a
SHA256 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b
SHA512 f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456

C:\Config.Msi\e5831e9.rbf

MD5 63a1e9cde10490008ba7ef47a12179d1
SHA1 5299af182b7cf08f95fcb3815149d7c54e73187d
SHA256 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4
SHA512 dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe

C:\Config.Msi\e5831e8.rbf

MD5 bd3e2c28c647533a057b5cdf8bff2c5f
SHA1 d36c80e460c5dde615ab1c268bd89309225ecb82
SHA256 f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b
SHA512 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc

C:\Config.Msi\e5831e7.rbf

MD5 2a9b706d83be29f32a28f29be397e533
SHA1 31135de80dd7b7c4a27516806fbbb13d871548d9
SHA256 db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236
SHA512 cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64

C:\Config.Msi\e5831e6.rbf

MD5 775dac5f81248b14182c82013672c42e
SHA1 cef7bba712b25da04f60f597cb614c7e4b87f24e
SHA256 e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f
SHA512 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c

C:\Config.Msi\e5831e5.rbf

MD5 75e8bc00ad7da1e7628f146dc33cc83a
SHA1 b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e
SHA256 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d
SHA512 b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3

C:\Config.Msi\e5831e4.rbf

MD5 219c69df0c23fdaf84e4c9ea2835a628
SHA1 d3b091bfcaa8506d299cb1d7453fdce7fb27dafe
SHA256 e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457
SHA512 e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8

C:\Config.Msi\e5831e3.rbf

MD5 e3c8239a97601bb203b9e9037eed89c2
SHA1 75f0e5f417477d4c491e8ad81f498faf761618a1
SHA256 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db
SHA512 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2

C:\Config.Msi\e5831e2.rbf

MD5 f148286b321ed09c2d17e9e3637c807b
SHA1 b0928429f52028b512dad9c7e0996ee7ade315d3
SHA256 33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a
SHA512 d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b

C:\Config.Msi\e5831e1.rbf

MD5 03898441f5d9a8809c04fe746fd498b3
SHA1 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6
SHA256 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296
SHA512 dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12

C:\Config.Msi\e5831e0.rbf

MD5 5e1a793d9615d4d9e153ee416abc83ad
SHA1 27d231f4d1e2b473f9695daa21b22804db779826
SHA256 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090
SHA512 f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876

C:\Config.Msi\e5831df.rbf

MD5 535d9d8441e0e22aa3f407c7197f8a0f
SHA1 ec6d047e975c107a7ecdf78bf352a5a68f53392f
SHA256 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5
SHA512 f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e

C:\Config.Msi\e5831de.rbf

MD5 c7fc5f01de9577403a1ea8aafad79e72
SHA1 6422fa355184394ace02c0ba88e5b8af3db7fa6c
SHA256 c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef
SHA512 b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87

C:\Config.Msi\e5831dc.rbf

MD5 9e877ffed2e2c9a013c59581f88786b5
SHA1 d3bbb3e2c36520ec267463916d3356bf4fcd8037
SHA256 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5
SHA512 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613

C:\Config.Msi\e5831db.rbf

MD5 d68368708be2b6dac797743e23dbf655
SHA1 e843b858d72359ecf6fcdfca328ed19a7f23210b
SHA256 dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361
SHA512 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e

C:\Config.Msi\e5831da.rbf

MD5 1f50737bb92b1f71b15824a0f113d3f9
SHA1 4d78793ea921986d011a024b91ac59d6c02de6e0
SHA256 f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57
SHA512 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4

C:\Config.Msi\e5831d9.rbf

MD5 cad14a2ced4a556139097c1f716eae70
SHA1 9552115b645c17165bacc2231725b3f8073105a3
SHA256 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a
SHA512 df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331

C:\Config.Msi\e5831d8.rbf

MD5 6742f826c21773c933fc2a68ceecb99b
SHA1 dc689d3fb31e7cab6a33cd2192d6114542173514
SHA256 a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036
SHA512 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a

C:\Config.Msi\e5831d7.rbf

MD5 1c8e5ef9f86430fbda800e45c0a89aa5
SHA1 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a
SHA256 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6
SHA512 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66

C:\Config.Msi\e5831d6.rbf

MD5 a3ae8e892e025e479978fb07fb449784
SHA1 71a1641ffb0da859af5e355c5bf4a9bcf1746e74
SHA256 a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b
SHA512 e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54

C:\Config.Msi\e5831d5.rbf

MD5 d87310699e3baac5ecc0f64673fe3485
SHA1 34460b0eb74977b98d9d3e683d5ffa2aec11059c
SHA256 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb
SHA512 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38

C:\Config.Msi\e5831d4.rbf

MD5 6083b2909a6c1ab52ce84da1b435e7cf
SHA1 e851ccddf1fcb0c2fd9cfb4a357f72633452f240
SHA256 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956
SHA512 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1

C:\Config.Msi\e5831d3.rbf

MD5 86a1d818b679edbe94ab51b963ba79a1
SHA1 2b9ee6b54aa2f709442e7e514335e2548c933318
SHA256 b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa
SHA512 ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9

C:\Config.Msi\e5831d2.rbf

MD5 da7787ae5278031ef79441d29599dcff
SHA1 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f
SHA256 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39
SHA512 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e

C:\Config.Msi\e5831d1.rbf

MD5 7173d17aa9ff4cda07fbfff21a584a67
SHA1 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc
SHA256 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867
SHA512 b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167

C:\Config.Msi\e5831d0.rbf

MD5 91ceea551937cb5da627f33ef7995ee8
SHA1 4e7483605c4027381e4796345f0a0e6aa9342a5b
SHA256 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806
SHA512 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9

C:\Config.Msi\e5831cf.rbf

MD5 bc959a160882b0de0583047b1b5b93a6
SHA1 78bda837a0fcc25623b54e95f3eff76c3bd79332
SHA256 b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e
SHA512 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd

C:\Config.Msi\e5831ce.rbf

MD5 3fd311d5a5cab694d93c6de5ab39adc6
SHA1 2950e2cecaa45f46dcc443037c7a4db550533578
SHA256 4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3
SHA512 fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35

C:\Config.Msi\e5831cd.rbf

MD5 f1e8d3b056eb17b33d6d23b5dd20eb56
SHA1 7556e1bf214dca70ffec24768f3c549ab4ab1886
SHA256 e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c
SHA512 914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87

C:\Config.Msi\e5831cc.rbf

MD5 90891a2ac9ef19d26ddfae3dcb69fadc
SHA1 14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98
SHA256 dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d
SHA512 4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49

C:\Config.Msi\e5831cb.rbf

MD5 9f8ecff52bd15cff2deeb91bd325e101
SHA1 c82a0eddc66f95f0bfe1fc984671837cf0b07a65
SHA256 aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170
SHA512 cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c

C:\Config.Msi\e5831c9.rbf

MD5 070f18d93af687edf010efa343dcc983
SHA1 16858f9fd0d8ed788ec49460ca2b596c193d2af1
SHA256 89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0
SHA512 e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de

C:\Config.Msi\e5831c8.rbf

MD5 be6f4fd7365dfa124d60114095380602
SHA1 66a41958ead9151d7e61d690f12006ca8a40df89
SHA256 66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa
SHA512 e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781

C:\Config.Msi\e5831c7.rbf

MD5 8b1132f4e0387a233497141cf30b1edf
SHA1 2afb866bc5093b1281b2ad0fc4a29bc2cab035d5
SHA256 51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f
SHA512 f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490

C:\Config.Msi\e5831c6.rbf

MD5 a5c7d3197e0ac097600d2901ed4f6e77
SHA1 a459c50978c7e377f1130d7779f4a2fa41d0033c
SHA256 8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356
SHA512 f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc

C:\Config.Msi\e5831c5.rbf

MD5 aef35350473c3e263b6d8d4a76616b7d
SHA1 265bf8cadf460109a3a2d0d8e23b7b1eb18d7660
SHA256 fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135
SHA512 b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76

C:\Config.Msi\e5831c4.rbf

MD5 8a138a7c5f6826e2adec47162589bdc7
SHA1 8ba9043cc728827655406126e46950e6a6bf35a1
SHA256 9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43
SHA512 beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe

C:\Config.Msi\e5831c3.rbf

MD5 e9e2502356902589e8b0b86314294f30
SHA1 44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd
SHA256 c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25
SHA512 7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849

C:\Config.Msi\e5831c2.rbf

MD5 967be7e7a5e3cfc4902a4dcd26eda18a
SHA1 f0b364113ccd380a256a3f6217b8795300d0fe30
SHA256 071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a
SHA512 db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda

C:\Config.Msi\e5831c1.rbf

MD5 f8354171db5fc4506cd0a0b9a3c9eaf6
SHA1 f155f11010d91896161a2818815a1dc32f183731
SHA256 6131d4341986952f7343eeb984544a17bb5f121e1b24ad572ae93d928f9179fe
SHA512 10aa970372b956ee7d018b4d5d8bd7faedaef20b83ada551e7a260730d5a642c9ea13548743ebd470f5ecbc7a08ddead828c41e229c96538d93d3f0ea7cea52b

C:\Config.Msi\e5831c0.rbf

MD5 acfd9dff068c374658366e397a5695d4
SHA1 bbd33c62b022d3592e0c2a67144070ff4e2709a8
SHA256 a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc
SHA512 b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae

C:\Config.Msi\e5831bf.rbf

MD5 9184814c35561939e4b0ad91788441f1
SHA1 a5281447d62fb3acb7915e757c68b6c29ae69adb
SHA256 788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27
SHA512 cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199

C:\Config.Msi\e5831be.rbf

MD5 6a5ee23e3d7b67dfc39ce1c085d8c654
SHA1 6f9c0d88df3df2cf86cc543822b2e6196e849b15
SHA256 b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48
SHA512 2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9

C:\Config.Msi\e5831bc.rbf

MD5 af6ae18e360ffca6c0ceaeeebbf6d8d4
SHA1 0b4ee1121e9070e95147f6c1664f23a9c772ac7a
SHA256 9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3
SHA512 eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0

C:\Config.Msi\e5831bb.rbf

MD5 a9762e02d260a34b79fdea198f3e82d6
SHA1 5023fc4a74ce1eb15893cf0f724e658c9c5236eb
SHA256 15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578
SHA512 61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502

C:\Config.Msi\e5831ba.rbf

MD5 2cf01239384af6de8b712278d7598e90
SHA1 613cb264d8628008809878154f6eb17f35031c04
SHA256 51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e
SHA512 0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6

C:\Config.Msi\e5831b9.rbf

MD5 15caac1ec79f05d8aa62aaeec6903e8d
SHA1 1990604b5491cc83a73f592d1e70b41be5a2d998
SHA256 e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2
SHA512 d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402

C:\Config.Msi\e5831b8.rbf

MD5 0da2f7810a668012c630db3fa8230499
SHA1 9ca963ea4e3544609741308d71863bc86a0c0ceb
SHA256 4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0
SHA512 57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee

C:\Config.Msi\e5831b7.rbf

MD5 df0c6bb7965a3dfce5f0f158e9d5251f
SHA1 5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35
SHA256 883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f
SHA512 8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04

C:\Config.Msi\e5831b6.rbf

MD5 4f94bf5157da351f7d0089a0b72b1ad9
SHA1 c61d8fb8801a3362fcb8eb539003c996cd94e9fd
SHA256 257b042bbab38406cb720fb9b2275828b003c6be15933227ceac68e08b846412
SHA512 f75d0365f67ff6632c8d1a3745e8e8eab55b25a562841910320dfda967a5428a5afc469a211e90d7ac78930fd55e0597b11aaf15cec5e57c0f22c02da53881d5

C:\Config.Msi\e5831b5.rbf

MD5 4667b1d3fe384b97a94deb1553af2174
SHA1 e14902922748fffc1f65cb299b52c114887b761c
SHA256 705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d
SHA512 3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb

C:\Config.Msi\e5831b4.rbf

MD5 5062f0598bc909a99bd21ff77d3421eb
SHA1 4917cf83d7e3ebac3fbf3e405c4dd633430cb98f
SHA256 e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8
SHA512 ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a

C:\Config.Msi\e5831b3.rbf

MD5 da8a2cab1ddbd3fa6cfa43c0bff54348
SHA1 45268d28d4e628781f65f08612394ff7e0d38720
SHA256 a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200
SHA512 18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10

C:\Config.Msi\e5831b1.rbf

MD5 91d3ae6b71705330e73ca4159817ff4e
SHA1 a941037aa373a426e73dfb853526f150ce4457b0
SHA256 4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea
SHA512 8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5

C:\Config.Msi\e5831b0.rbf

MD5 4da7266720463186401b1ee9ae625e09
SHA1 040cf60bc1f52402d10e0b898e38b907dd9d9ba0
SHA256 2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b
SHA512 da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091

C:\Config.Msi\e5831af.rbf

MD5 e8013aaa8fea097b88d7021039154ed9
SHA1 4866c788df4739c011e62f3634989e8959832730
SHA256 a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370
SHA512 8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d

C:\Config.Msi\e5831ae.rbf

MD5 d78266c35a0ed4bb6fb2f6683c8a6e68
SHA1 7ebda40cdb602b20323e6e7d24f28f25a931b11f
SHA256 c68b82408df6d0e6f7c7ca0a5e7d1c80af6cbec57788570bea58efff8053f306
SHA512 e60ae6b2cd22614be134d06ce823bc5d31d0aaf1f01dcc4fd0f6021bd307609e8d2f47ebf8490d3bc33f0b225303b63e44f09384bc3804494f595e876e673854

C:\Config.Msi\e5831ad.rbf

MD5 6d525c5be39dd69154fb0cf297fa9c1b
SHA1 48b89a8803b7020d7a0bc5dd760c261b2dbb87bf
SHA256 82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744
SHA512 0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef

C:\Config.Msi\e5831ac.rbf

MD5 2408534b8cefaf5362700e8afedf070d
SHA1 f197be5f143eae025a5c40837b8432e89b8752a3
SHA256 e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2
SHA512 94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb

C:\Config.Msi\e5831aa.rbf

MD5 ec5a78ba8d91e89c0d9b3683d0cfd5d8
SHA1 0db33de0721fda2e302c39b98f3987ddb9267850
SHA256 b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07
SHA512 c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9

C:\Config.Msi\e5831a9.rbf

MD5 224d8b3ed1cc4f5b32e295612f1c263d
SHA1 d84f00249e43dcf21d4e68c1b2b21efed5f3c267
SHA256 20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676
SHA512 87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2

C:\Config.Msi\e5831a8.rbf

MD5 846e77a9f3c6bb2ecf5518d470b2b908
SHA1 f16c73c5b7a4b0a596ab41472a246faffd9a9b01
SHA256 17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072
SHA512 d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941

C:\Config.Msi\e5831a7.rbf

MD5 574d91266ee9fa03432cf50da30dd232
SHA1 b5c48a695fc376c174a79954a6d49280178eb4ae
SHA256 6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85
SHA512 f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa

C:\Config.Msi\e5831a6.rbf

MD5 fda48714f6a291e25a1a219e89d59d9b
SHA1 c1e8ddfc64995c0acc48623f30aadb1448bca62f
SHA256 be2885e897470da3778a661158dc21f32a4aada769996abda082cc4bb6030086
SHA512 8508ee381bfc5d2491fdd9b14603003264441222984762d14f06440afbc2cc88d80b95bdbbec4089127ec76402408a60b850e1f46ebb5bcda5aa3ef1b6ce70ab

C:\Config.Msi\e5831a4.rbf

MD5 d2bc82e2f203cc4778ff312475a1d37a
SHA1 2da7e8f3e8e4189acf5624bead6b7b983af17e5e
SHA256 e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734
SHA512 976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b

C:\Config.Msi\e5831a3.rbf

MD5 524014d39a54d3908de59807c09cae3b
SHA1 cc166f76626f94cdbabd8095286a82a474af9f8e
SHA256 f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66
SHA512 02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182

C:\Config.Msi\e5831a2.rbf

MD5 0ed609c8782c37c67a5ca7233f08d103
SHA1 c286345aae83608005c0e20aa000acdbfabbdac8
SHA256 10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f
SHA512 92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c

C:\Config.Msi\e5831a1.rbf

MD5 5f0934c524364c1e1a77db8ccb832c5e
SHA1 848eec26bf024a7c350bdb02d0e92116a4882b76
SHA256 82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6
SHA512 1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222

C:\Config.Msi\e5831a0.rbf

MD5 f8d11c60b70acd2ec9154ee676f615ba
SHA1 a869fc75f44438d9207511dc73bae976f558ba6e
SHA256 b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2
SHA512 c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907

C:\Config.Msi\e58319e.rbf

MD5 7ecb661f50f34a941a44dac7241f7d08
SHA1 772b0df3ad4a89a078cd4ff8e5f45115778d04a2
SHA256 e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2
SHA512 aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b

C:\Config.Msi\e58319d.rbf

MD5 aaa2e20588e154a10747bf1b31b55125
SHA1 03cf9f79b9cacda13aeb644a88180222240b6f0c
SHA256 fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e
SHA512 29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa

C:\Config.Msi\e58319c.rbf

MD5 5440ee9cd44616d60cde57ebdb286e95
SHA1 bb7635d6911311b2f3a637a2e9d8446fd0698678
SHA256 e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3
SHA512 4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0

C:\Config.Msi\e58319a.rbf

MD5 9473054628d25757f804cc2584a931ac
SHA1 1ec0e971be84d5e980988c16e1dba3b5323e7ca9
SHA256 6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47
SHA512 668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae

C:\Config.Msi\e583199.rbf

MD5 5fe646e5f52a6183027c87160b922e2b
SHA1 53123095d2ff679db51a55961e7efa6f3c2cd09f
SHA256 ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0
SHA512 a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7

C:\Config.Msi\e583197.rbf

MD5 f35d405459f10fd3d1f52f6dd64252ca
SHA1 5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14
SHA256 384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7
SHA512 2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e

C:\Config.Msi\e583196.rbf

MD5 2317370717a6bf28b9af805dc45ae5c4
SHA1 ae6876ee8672be7ef18ea64af2293e0d4bf8703a
SHA256 01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663
SHA512 5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4

C:\Config.Msi\e583195.rbf

MD5 dcc6434e76ccc91fa6c35df0d0d6f5ce
SHA1 ed1d50016a7db340208145d988a82ce7c126cc94
SHA256 45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8
SHA512 90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102

C:\Config.Msi\e583193.rbf

MD5 1c213c5e8828353641cef6d74ee6838d
SHA1 6e16eb31f642327afbed7b8d4ca56e791b799cca
SHA256 a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd
SHA512 7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43

C:\Config.Msi\e583192.rbf

MD5 fd580865ff5b65ffeead3da78f9d244b
SHA1 f26c08181b87d1a6979f97293413d25f6f2862e3
SHA256 5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a
SHA512 5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd

C:\Config.Msi\e583191.rbf

MD5 642d05fef3999b47e67a3b979395d87d
SHA1 0806dda798421528f8e61e81ac4aadd20cc101e7
SHA256 53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b
SHA512 7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e

C:\Config.Msi\e58318f.rbf

MD5 7e23e2abf1e03fd0d3c0ed71d3e67201
SHA1 77e9ff622eb2b07d4eb908146251d2061895fd47
SHA256 588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209
SHA512 14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 03e9b9d441af1ec29a75b98cf8fd0dc2
SHA1 4359d73bc5f4ec022ed61d2d959b7ec1da635d73
SHA256 b7679efa89b3195dd58d766fa16aed37cd40638b635a3dc8ced4b71ca33da239
SHA512 1b0e78476a7a94d5268c0bceab28c095f1fb7e917593557c3dbc41f2682e6e121659ebe8732edc0aed9e07c028038cb0bbcac1f53a1288f4265a1d68c577f622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 796964aed01bf65161f8568780b75246
SHA1 48f498ea19ea23df0304b75bd34f358e87a393a7
SHA256 7e59623c9142ea36a181840a4cab7a9d4a47794769d388923999ebd2a5f5de32
SHA512 7762e3ccc9d1cfef1c82860196d47c7ed2cb6a3219ac8e44f1bcb45a720c7d4317c92a7d88df73c5e9a19d2b5aeb062cf8fe4c0582e66721566098c3db93817b

memory/3240-1695-0x00007FF896B30000-0x00007FF896B45000-memory.dmp

memory/3240-1696-0x00007FF896A90000-0x00007FF896B2B000-memory.dmp

memory/3240-1699-0x00000215B2FA0000-0x00000215B2FA9000-memory.dmp

memory/3240-1697-0x00007FF891370000-0x00007FF8913AA000-memory.dmp

memory/3240-1694-0x00007FF7DF9A0000-0x00007FF7E0439000-memory.dmp

memory/3240-1698-0x00007FF880930000-0x00007FF880C3E000-memory.dmp

memory/6036-1709-0x00007FF896B30000-0x00007FF896B45000-memory.dmp

memory/6036-1711-0x00007FF891370000-0x00007FF8913AA000-memory.dmp

memory/6036-1710-0x00007FF896A90000-0x00007FF896B2B000-memory.dmp

memory/6036-1707-0x00007FF7DF9A0000-0x00007FF7E0439000-memory.dmp

memory/3240-1720-0x00007FF880930000-0x00007FF880C3E000-memory.dmp

memory/3240-1719-0x00007FF891370000-0x00007FF8913AA000-memory.dmp

memory/3240-1718-0x00007FF896A90000-0x00007FF896B2B000-memory.dmp

memory/3240-1717-0x00007FF896B30000-0x00007FF896B45000-memory.dmp

memory/3240-1716-0x00007FF7DF9A0000-0x00007FF7E0439000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 efa1fecd4b290f31e456f4b69508f50d
SHA1 4d071667e94b67b33fc2a746c55f44fa82abc07e
SHA256 c3fca37559dde2340fae75937354bb3e2adda0f9bccf9f6df42a81143c6a6998
SHA512 a5e7db270a8dc637f977fca680e193cdb4c5d912936ec3d465f01ae0482e526d8198f1a9e99c11abde09c49fdfc4e702fb2c1ca48a28f5aef0ddc76ec888f4de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 2923c306256864061a11e426841fc44a
SHA1 d9bb657845d502acd69a15a66f9e667ce9b68351
SHA256 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa
SHA512 f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 77e89b1c954303a8aa65ae10e18c1b51
SHA1 e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73
SHA256 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953
SHA512 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 d65585287f841896ba33b117cb80461c
SHA1 6eee4e2dd86445498e9ba33e69cc61735660d17a
SHA256 0bb3d8e093126d075bc823d1554a86824d06d31bec9b21f49ea589115f76418f
SHA512 dd0a91e6e738ad72d139f9c961f3e82cfa88124f2c914516054dd8b76f6698b6a7b12860411d3fdb67b2ffb380c94bb4a38506ef63533d93292cf7b0da1798b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41b7b5a176c5d1625b6329b33b94d497
SHA1 07b7e49e3f9e0f30c261c7d4c0f0727a1953b827
SHA256 42b4de32f8edabdc6947bac8913d7d4263c40eeba77c4478c4eda19d37b436f1
SHA512 f222d40060a069a599d89227b9a01c4e87acdb2249e1e4567f41d5b776f0facab644ea5aac5c571ce5604fb461509cbdedd88a73506d23ed4d3d71b13b540ac3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 a074f116c725add93a8a828fbdbbd56c
SHA1 88ca00a085140baeae0fd3072635afe3f841d88f
SHA256 4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA512 43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 a7ee007fb008c17e73216d0d69e254e8
SHA1 160d970e6a8271b0907c50268146a28b5918c05e
SHA256 414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346
SHA512 669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 9f8f80ca4d9435d66dd761fbb0753642
SHA1 5f187d02303fd9044b9e7c74e0c02fe8e6a646b7
SHA256 ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359
SHA512 9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a08b57c1c7c83f40929bc4ea35a792f7
SHA1 3d14c101f7e0af9dea2a9b41644395de783b0ae4
SHA256 65cd7291ec9fb2b151869cf9d2df9b6fb5a5c557305cb18103a3017038f7b1f1
SHA512 6c6c93e8ac931859067c0dda4f335ac090d92fbd84cb01b46c12d389c49c91e61e41012368b27993c1b96e235dbe692ddc1ff7331cc4ee78da2a294d61b42ffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f35c3f2250b72ac3f642de7e14bb595f
SHA1 acd174b87eace51375011db5b5c12301a8670a88
SHA256 08ec29aa4af9838da45550c095ff7f893d2df83fad266255d77d17fb62d2f02d
SHA512 86a8ba036399989e165fb59d5f0f0119d1ec2260dde929bd36c825605fc290820b70f66dffdf2ace33325c8454c3231a999bc99060b2f3731d9608764d6b998d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43fd93c935a18ce838dea2acd2461f12
SHA1 aab16f63ff0234efa43df73fc19d9370ddbc5fb2
SHA256 36f0c6262f40b8296e3bce1e9a9332ea65858fb68d206f214bad49d78dd80a5b
SHA512 aa646c6d2fc59122801d58294110489d4a62213e4cad7fc1da6f56f8a478a6b0c2acb05ed695848ce2882e49c370a1b8bcf415d346eb5a2a08253e6308fc458a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 f153cf9040cd3090312c0c73192f141f
SHA1 c99cb7d5a3ba29a06a301c57750e5b312f2831cd
SHA256 c2c37cefe842fee080716e5be26e175a07fd55bea219a3e2ddf37f891ceb9b13
SHA512 86dabd98ac25a4a9a67d2957091234e075027e118272d92088fc37118a5bccb5ef0a329dace63d3ff20c5f6dbc9eb652f1167c4e075ef2f104c3fcc8f7ea3375

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe595440.TMP

MD5 2aae359de5360c54ac99e9ec2ebe9a33
SHA1 df1bfdaec3796190b63f88a515adc35c8cc407ce
SHA256 13a6541f3da41ee840eb7e8793e0263c0b71fdbcab8df19c532c78b771aa980a
SHA512 e3b4b2e7c56305330651d4386c76235713067760b811b3c93acb2ddcb11bfae89a8d3a4c2256f4ef480be4051d5291c1deae0f15752491df4608e80608a420f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fe40a352f45d16ededd9c2640fc8c40c
SHA1 9605aba098181a2c646853ad38bfad787b4b8541
SHA256 9620c3f289dd798bb74e99b8025c7265869e488cc50ef58df3256df4b8e592fa
SHA512 79e784d34f4a40babca9efb5dc05b36a9486793f18b5946b0f9a8dadb22830efa52fb5912d17235756037746d31b5ec118248fe393b2aa82ee8fc5c661bd1bea

C:\Users\Admin\Downloads\Quick Assist Installer.exe

MD5 d4ecdfc827fe2b0e12f67ccfac9cc121
SHA1 99eafda204b7a509982ea49447fa52edb6e99313
SHA256 800129c4e7a8596f4d42f97c060d04ad5becde49eca437f4872f1d2e3af811ae
SHA512 111587b76c815f374b374515d1c3abb3c05f6f9b07c163279d760fc07db4670e6ae666cb511ea5294fff42aca8c9745d580b9c62fb09467d137173c9fa65e3fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c5165cc05ee848fbfe81d5c0061ecac
SHA1 9e8522be8fab5325f266d975972d3ad7f14695dc
SHA256 ea2e92739c4d5ee8749b28f99b37b386b4e21ad20fcc1dd3d04a9a470ead58f4
SHA512 c9759aa6a03c18679f8458662ea11c771c7602b72a318df1ba176aa08b7d6df42e8f273c29c123598e74be8c82c37a2ce2c4a31e3d4109d28e656fa71da1df16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0339fdceb150db2b7ede73d1c85a8d68
SHA1 50ec25cba51431a05e55e9d8b4c75a8675b7606b
SHA256 76d9068616bdc60ca099622dd26e7d91f8cc75a700d58a017e81ca897a22a7dc
SHA512 e2f842d154880949d664e8aadd9902a69be48fa43a2774d4ac65dbee4ac515d3d8f737f6078d34bbd59039fd5c21d68f1c609a9c388f86eb1f81a570b9d19e52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f55364dedc78c49965aa60f35eaa702d
SHA1 bc83ab8954d0ef2aeed2ee51ae18bbe449b7785a
SHA256 020b73cedbdec9ebe9d04812e30d851f9bfac6712883fc24253f021bdd1abb61
SHA512 bbc96e64682cd08fe1afe2d07fe3cdf1ede1d895b45332f00b0f19b747747db39cc292eea1bc033ba773743a6dfb937659ee70bb8ff749bb57c6c17413b6547a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cd9361984e0aeb9ed3309d3bf80c1e64
SHA1 a61e48acfb818432811fe7e761ed2e7f02d99472
SHA256 902102ba629078c42d89aa7fe4b5b1d3718cb4b5164659abdf9dfd1dc1dde883
SHA512 e829810694b3c6327e64b792d09667a47e0290d120375f80a8d71354ecbd8298d9f9038a1a5cb8dfb750302e12b9e7129fa8606f034bbdb44da3e7dad911e960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\29969bdb-305d-440a-8a91-fb7799f8cac2\index-dir\the-real-index

MD5 14c2b328720f28578285a111cb49a3af
SHA1 3af52ec0b3b277e96788aa1c1a8205cb740baa6a
SHA256 bd471de2b7240fe29a1cc648a6f8db85929809e92aa0befbfb1abf90543d34f3
SHA512 2044db0af53b0b0de279713f3374d9f774013f5bfc69f938971d6f32c241664f039877fc9ba3755249b4de753451c0d5f755363209a0283b7f777697957f929a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\c2499a54-8f00-485e-a54e-b6b264f31e67\index-dir\the-real-index

MD5 b876d82b648289fdfa3186e8c31ec5e8
SHA1 293182fc116abe16cbf8abe8dc541a72142c5ccb
SHA256 693acfff73b856aa0d9e60230b3e02819f3784bc2bcffb92d5c2fb24811eae4a
SHA512 09efd706721781a3be41685f3af61459a7252f371643898a793a407f067c0306fa8c8eeb77f9ac63fc6a8a262fe8f364c372addc7f46d41b90622c5bfd6e0b5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\c2499a54-8f00-485e-a54e-b6b264f31e67\index-dir\the-real-index~RFe597f38.TMP

MD5 ce0139a726afe28134bb9b2131882d41
SHA1 121135c577694e89588308293a9ee750cd4ee71d
SHA256 3fc5b49fe26e039c96137307045290f13455abd072ea0408936a5ea68696cbf7
SHA512 b7c9f004c715d33c8f069a3e5c11bc20cd131e41c948799f381ea5ef0ad2ec57bc30bf16b9042939d3e1ddf44bc3cfddcdce4afdfd694a671db96a8d7f3b78e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\29969bdb-305d-440a-8a91-fb7799f8cac2\index-dir\the-real-index~RFe597f38.TMP

MD5 e1e669d249955df99abd9e4773ebd8b0
SHA1 0c5382681e5254817f75e02222c05384a1e1e8bb
SHA256 33a1298a8588938b5968e0ba3272c005555efc473110821e5d09e0f9afec20ce
SHA512 5757e37e5268499b4bf395dac1fbd39549408cb1abb9177583e9aab509d0c245548aefaf09829bd3148b9ad139f5180b5e75fe1d1db59803612d7c057093f4f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6dd8b790d0dc821184444b917c61c851
SHA1 f10ec1d2748ea1b0812ff53cb9136e83318cc77f
SHA256 2c9305387e227c67ce38ed2470065d72ccae0efd3ef8b23eb89ff06c2aa8fa73
SHA512 427cd86a62f8b6099fb77120dcf9339927af95fd8dbf63c86fdebbd86d7b1c8d579c7553d1e04449c729d04df892d7af49037f9de90870f33515b1ef43fcfded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

MD5 e719fd7abee3ec70decc8ee18bbab9e4
SHA1 5e1100bd7a6d2e4a8ee4d75055b76dd692f403da
SHA256 d24fafb90db4bb5024825db4af85f2cbefc9c80c3780df333ed43d30fb6ae353
SHA512 c6eeac8339cd8bab6a19a66e5bbf7a257874b62e47bf1ee88794d7f68dc7465cff00ad8f498252e0c279b381c652bc80006a4c0d100f41738161450d41add783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4a01aaeb4e55905bcddea6645d11b915
SHA1 5847ea36d7b0a42695025456d9187caaebd06bb3
SHA256 e2cb8491ff4eab0c9f95038c7ad798a363047d106a481f37b73321f51bce558c
SHA512 7cced38eb4c21b61b50438a3fc4b0524cea6b0c5c7fe8b248e46146ddd73556ac77e4ac4e4371637deb175ee568e5b2c36e12d4693c2ecb4ae650fb6907ee0f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 6f5ac3384fe80d2a7f99fe323350e104
SHA1 54a13e086f07bbd700b0b0a0246c2916db17801e
SHA256 cdb020ae1c60543d60bd59051506cee6e8f92dbdce101f798b28f6faf2e4adf5
SHA512 67d9023623b910820a2c79f2d193611ad2a2f425c1bcd628e890261ffc799d0a3a301589d9206f48227b0715e7cd2b3cb17eeacd0eeaf0345f133ef2d7d396eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 89f10307a4e87f78ad0b6081cd8e23f6
SHA1 a26e92f89231b60cbd742d0a259d63eebe2388d0
SHA256 dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9
SHA512 5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 51df85ee691422cec79dd3d005bf6153
SHA1 a11783756d4893d0280888e281deeb83a69e74a1
SHA256 0e8e2dfc79b8a5f9d7664e48a6c3a101d86a6cef02ddc38e11750a94085f8ab1
SHA512 65ddc67419327890af74a21545226a24af7455ef7512533cfe71610eea0373f565d6919a39a2da4c705601cd9f8e8a99e57b2f1fc9f5d7f2b0049264f09069a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a605882cd00019bed3953c7399a5f0d4
SHA1 173f11175a8c907baf5da9fdda5dd3ad408ebf22
SHA256 f380e1bdef04fee80896c811b9d9b9c49cbfcdfb6ee0b81b15de733ed464ad8f
SHA512 4fbb5ad11552c4029203d7362ff56bcb1e8db14374d37e6bbd60a6e6cb0129a96779043121ae0fc7d1ccb17e272eec8d7d9e0b17891ec1684d1645b6edcd1537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 068dc961eb29cc28e851819e0776ea32
SHA1 f25f3d7cdca0a2ceb0b8baf6253debb32a9628b3
SHA256 93e0be6889f232ac1b79a11306364a4d5371ee395011b357f03ce41c2f1fa320
SHA512 fdf453ccee723f5c069189be910f514700638661630347ee03910775d2abd185202aeff085bcd04eb7b3531460eedae34fd4429f34c26748d403d6f0ae9561ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 132be0bad4f0018b3f7083f6f3f7c31e
SHA1 880269868684eef03cd265f40daea7d3b5a8bdff
SHA256 a6d7d1b39d7d3fcdadb196ed27eab171773c230ca59dc81e35d78d4f163f4808
SHA512 0598e2d52afc4c34d835e1d7b85347439c37dd15a739fc53afaa137c0e5fea96714d9cb096920190ce298b28818ade3915591d229b621bea4dc8258046df24f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 975997400e0e0609d9baf316d1394a01
SHA1 222982a97f59bed01216b6deab432f8ed408c388
SHA256 33f3dbfbf2d6343e48a91ec58bb07da8213386df95f44144d34006ed447a9a6d
SHA512 837fddd0b4a269fbf850e78a6959823c98ccea62ddddb127d6828287283fa4f59c482fe40de4652e750c956fd699c658d5b9c85ca9d3c65657d555e8906a2710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0146ba789adce69dbf089a8f7c54df5f
SHA1 442141002768fc018fb705a2c20f822bf1f93562
SHA256 346e265804c8708f3cf8b3c0b32f4e03cb613b6f75eb0c796396e57675da38ed
SHA512 eb9d11b4938f7ec79fed12d3e78092334a0136f4d45300dada06fbb323fd756dd5bf3cb8da2e7497e969a968fa2e1c140e58d2221e132f86698af72c50238476

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cdcc0be1b3536b6ba109f82128687737
SHA1 0a8577e131486466ea4b59dd14d5482b8e581fe5
SHA256 ab8f1c687f139879372eca1bf548e1fcdf9230434107f261712ce2da3a794f35
SHA512 4d98554dcde2b5bf8f0a66ee540d38c26dd1c507c424671ef71a6c9df0cadd248bb9c6e02b57b5ddf54c72f648e3cb28de4163e95b3afb04b535d580c34e6050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b6e8cc3fa191114d3069d69f040121b
SHA1 d94297f261c3e167b6508f71d4ed5ac35e68da22
SHA256 59c9e73cb69bccc76fd7893fc4d559b59fab2beaf534cfe5c2f491e7175ee014
SHA512 8776af93f24d8f84612ba519ba986d78da8952e133896fa611b777260c799b3769d030ea37663c5fe2495cec98ac7bb702d7b653b80e26bdce5fd5b77881f710

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 981a032eb335d5bcb33bc387d5d7dc3e
SHA1 da13181da7090216f516ce93dd062b59989af068
SHA256 8e6607cbe6548875144ee97c73ee3b8ec07798c652cfbc51e8e077eec10ae51e
SHA512 6e6c00b5ecbf0dc10713840ea459abe9b3b6c92e055863030cd82382f9dffd7430c0f2951bbc3d9a112218a0f8aea5eb1788d0b5bb7badce5a2a733840cc4c86

memory/6912-2872-0x0000027B2FA60000-0x0000027B2FB32000-memory.dmp

memory/6912-2873-0x0000027B30010000-0x0000027B3001A000-memory.dmp

memory/6912-2874-0x0000027B4AA40000-0x0000027B4AAFA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp47D8.tmp

MD5 a10f31fa140f2608ff150125f3687920
SHA1 ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b
SHA256 28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6
SHA512 cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

memory/6912-2889-0x0000027B4A0F0000-0x0000027B4A102000-memory.dmp

memory/6912-2890-0x0000027B4A380000-0x0000027B4A3BC000-memory.dmp

memory/6912-2891-0x0000027B4AE30000-0x0000027B4AE38000-memory.dmp

memory/6912-2892-0x0000027B4D090000-0x0000027B4D0B6000-memory.dmp

memory/6912-2894-0x0000027B4D080000-0x0000027B4D08E000-memory.dmp

memory/6912-2893-0x0000027B4DE40000-0x0000027B4DE78000-memory.dmp

memory/6912-2895-0x0000027B4DF70000-0x0000027B4DF78000-memory.dmp

memory/6912-2896-0x0000027B4E280000-0x0000027B4E406000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f03963ee3c9eda9f0ecb158952ce1cd8
SHA1 2af177e26bf11d2d58fdd4ed3a76e5550fb5fd87
SHA256 5a5840cdfa7ccc9f79a7286eb161b80fdb562ab63d55fc57d9f8f2c9efcef9b4
SHA512 1977c842789bb69881ce316fe943dd6f40d0979cf3c745c31c3621a5a39e6da012d600a569a225d834e1f392fa86024c120ec44d8c3fe5a4fad6b62983017036

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 6c22b6b93295e8dec4895f3909e380fb
SHA1 2064604c04b4b3c7dd5b97c39f589daec2bb405c
SHA256 64596fada9b7f1a590444cb9d5faa39d117d5bc7f44abf110768f8e9340faa03
SHA512 f0ea8ed632179c911cc94a46a493bf2b9fe465e5421ca17f036f9778d4ba4114da19fa2d13b7d2ea823bec3ed0f99f9516335b9a43e36b83aee05e804c485d2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c67346cf3e64cc08ef67b7a0da191d43
SHA1 46d0aaf5866c103acb1acc73f4c177b9f220fe58
SHA256 03b980c9b540c63a12f138931a1260fb6abc0a82a780a551a65417bb1527a063
SHA512 d48a36cf8d245c1e011ccedbe1cc0055ce88cce2189f376a0d511875fcd6ea31602c9100a53c7d629a7212244c1389a2a2afae189bee2a782d05f87a752c2841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12358f694a9f6541989505b5d36dc958
SHA1 7801ba9510c1a0a60ae1e8d27a23dd7b341b3615
SHA256 2db5808169d3c94c69267b537587a2625f9e6bd493c8b763b823421e335aa324
SHA512 5cb0c24c3dba26de50726d342b67c10d93a957d1d152f6bf56d1f6f6ccb33c752c0307a57d5f61b6fe59272bbbccc6b2c9160ea6e9b00f909f2f4a217bd605d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b1ee53557f44b6d50e027ce877246f1
SHA1 5d00e1a12d07668bd52d5ab4eca1e864cefa5256
SHA256 c51e7053a24f73841ed718ca91213318a5494dfb736a2c824164255c14c11ed7
SHA512 cc42bc1c148fb02c4cd46719583c4a577abac279058bf6f9cd91696e8b9b3e9be28fd848f1459d9dbf3c60c94026cfd52d10cf7da9884f0ce5f1e52b42b00e81

memory/4648-3019-0x0000023D6EEA0000-0x0000023D6EEB0000-memory.dmp

memory/4648-3015-0x0000023D6EE60000-0x0000023D6EE70000-memory.dmp

memory/4648-3026-0x0000023D77170000-0x0000023D77171000-memory.dmp

memory/4648-3028-0x0000023D771F0000-0x0000023D771F1000-memory.dmp

memory/4648-3030-0x0000023D771F0000-0x0000023D771F1000-memory.dmp

memory/4648-3032-0x0000023D77280000-0x0000023D77281000-memory.dmp

memory/4648-3031-0x0000023D77280000-0x0000023D77281000-memory.dmp

memory/4648-3033-0x0000023D77290000-0x0000023D77291000-memory.dmp

memory/4648-3034-0x0000023D77290000-0x0000023D77291000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\wv2F771.tmp

MD5 45e5ca74b9ae3c3fc6f6a63c609783b6
SHA1 f36715bea96d69bb18075fac30b90502c6d2464b
SHA256 b4afd37b9087df7e041ae749fd0fa342926d9cce533bde9cdc4283132c3820a9
SHA512 014fd398d456fcb118dfd6b038b6f96008ca209d44d9707e175e85e7f14cfb3f2886deaed0d8ed25971813035e8dd7f88142c06972f3e2c9b4a534d84bec661a

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 136e8226d68856da40a4f60e70581b72
SHA1 6c1a09e12e3e07740feef7b209f673b06542ab62
SHA256 b4b8a2f87ee9c5f731189fe9f622cb9cd18fa3d55b0e8e0ae3c3a44a0833709f
SHA512 9a0215830e3f3a97e8b2cdcf1b98053ce266f0c6cb537942aec1f40e22627b60cb5bb499faece768481c41f7d851fcd5e10baa9534df25c419664407c6e5a399

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 18149e710f5559052bf4e8d3ffec911e
SHA1 d0344a68cd57fc0d2a953fb2b71e0e5b4e4b78bd
SHA256 92db28b4d13562715cf2c2bafce26984b81cabff15df95766d182596d368daf6
SHA512 ae8cfe749260385e4ca0c61a018fb57fdf48ec1a6c99af4015d470fc10accf14f33f7b254486a29a6c421cdcb730af87a567a58886fa4eba4520034ea2226a31

memory/4016-3177-0x0000000000A20000-0x0000000000A55000-memory.dmp

memory/4016-3178-0x0000000074EC0000-0x00000000750E5000-memory.dmp

memory/4016-3182-0x0000000074EC0000-0x00000000750E5000-memory.dmp

memory/4016-3319-0x0000000074EC0000-0x00000000750E5000-memory.dmp

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdateOnDemand.exe

MD5 d0373e02a529653013865e392c417471
SHA1 dc21627a0f3ce0c987b6bfcb4b3b4115f59a64fc
SHA256 d4cb47b4444be38bb6dcadc8bc9cacc029cb73a66bc7af152c1c4ca022446aa4
SHA512 03f2a494ef10e73bb3becdea8ebc29a42078f3bd1f0fffff099ed8801f6d00720486d94bd38d52e47f2d6ddf4c452cdae46c4882af3288924cc66d0130ac7922

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psmachine.dll

MD5 f1101c00eaac144aa67f4a9334bb6f23
SHA1 c42ae165d8a46ca44d43cc2dc5088bfcf13217f0
SHA256 40d41c46a3e927e98beead383624efbe2faf2ccbd0fa8f08c012dfd5fe36913a
SHA512 ddede76e6e47ad6e93995582585344a30e292a6199ac77a9e4e627efb90dfc19928c82f3989b70818bebf2125086aebde3d2dadea4cae5cf5dc546ec8a47849f

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psmachine_arm64.dll

MD5 9bd2aceab0205ee756b607c0449249f7
SHA1 2eddc4bc2baed4f8a8e203c0013579da2598af70
SHA256 88b9a29588c6f3d89ff417848ff7b8ec02f8301058e8f14f52f546348eb1fb6f
SHA512 bfe25deca7bde07a761bd1ad2c07c30450f4078de457a7a04dbcc12d6e27bbd25dd75e18c158e43e1d62c3f6e6642b988f6ccf248be70082c8d4b1fee5ba482a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psuser.dll

MD5 c31c15567530c4b121ebec83973c6f7d
SHA1 22fcc97570fd69744623cc2179b76ff0cd1b6270
SHA256 17762efa738632bcd376456f9e0c2331cffd875208f9ad8d428bfd09785eb240
SHA512 6710247e3f5e30bba2f8038ac0363292c138c9cdfeb8ef3e2bc53d8727fab7baa7a9788b1e98dccd367709fc320b714f997bb9a2d62c2b1cccdffe616529ca78

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psmachine_64.dll

MD5 d8d6be5b6da998e0048955a7f5727afe
SHA1 52c0033c2cc6e5a2226323f0d4f6748f357cb4f6
SHA256 adf25844a96efa821cb5a5816cc61c3c41f0d6b57bca2f4ef55df808b67b7d40
SHA512 d503df22712de29208a3f3f108e263868704c4badcbeb9a7d7d817a839e7523254fa09dad469f265f23e65aedbba7460749973a613a55f9f06f2cbe439bb37c6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psuser_64.dll

MD5 d660aeda7ea2af55e9bd63ce5e8b882f
SHA1 f898b3709e7c475c4911d4c22a1018b7ed285a46
SHA256 0378e827a958812aefd59d4d5f8d02ac152f49357054b7d3d0cac439ba6864bc
SHA512 5153062431ae874223fa3642cffc867b0b2454382e97be3bf5cec34ca3d72eab500cfcf7c63dd7b09255b41ca0d76a111d64a013258f2e6b5da98f8a7fe4c621

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ca.dll

MD5 e90155442b28008992a7d899ca730222
SHA1 1d448e9709de0d301ded6d75caaeba4348a4793d
SHA256 6ae98b5e2eda22a0236434b7e952d732e3cd5d9cae2e51cd70222f1fd5278563
SHA512 a91d8357ca976db2eb5a081077304a50edc1b55b2775c00cfde05e03831f98bd04e43f0dba5b3efd5a6370afcb10b23bbf307412467502e9ef57e0beae636013

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_hr.dll

MD5 c09876a180731c172fa2532f8be90a3d
SHA1 4359c7840ddb23142a40aff85129b9920360e954
SHA256 50fd548ea12e2b72fc563bc082b870a89a523e8b3a4a0e9b65fe673384da2b58
SHA512 91cee1b10fc12a01a2a285e67dba583d6f1bee0716cc89103fee0c7d0f52fadc0f9ac5b13e833834e7279963726950d3897847e7acac61857257fc031692033e

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ms.dll

MD5 47d8bedb506470955c8a1b973e34793b
SHA1 d322b0d0d0663bfb9fdd42d3955dede092a0c8ef
SHA256 d79365e02f80694a9a2d76becc6a203a758b4006fbb521453f943ace16d24c8c
SHA512 6b268a0c8c6b2e0f26657040799c8c1ec523882e4dfff3f8d1e2bdbbe47b800e390de0a6bbac7d6253ab84c60c4103b4687b3fbe84d6e289f25c19639d25bef8

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ro.dll

MD5 4b2548668c357336794ccd8ffde46e6e
SHA1 b41d2f33b02288f7c652140fc92f73d4652b30c2
SHA256 1ea34cbbbe4b15d587eca1a8bcbe0d3c6b739c4dd49e515d22b90aa201b68083
SHA512 87ea98e616a60d6e8aba8a586e9eebda7aa7d1a414a9a0a9847cce7b233b7c3b5599e4f92a648e77abefff5cd93fd56261b3cb50282c06d9b63f657cb8eed3cb

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_bs.dll

MD5 a0a1f791984f1de2f03a36171232d18d
SHA1 71f69d8fe47640ba9705725d7d627a05519c8016
SHA256 d2c7da8f4745b81874a9666c7d10a779a9956b4de0ebdaa1647bf78d4e17d85a
SHA512 a4267911846cd55eb91227b0117ccbfdf8ef6c4ed0b8935b08e5d41a91aeabd9259988c71da8606cfb2876c4d69df6ca5a246687440283f1625105624305eb33

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_lb.dll

MD5 b61c9c9ea8340b6b3a873162a2710cfe
SHA1 5017b90dbd61add602681b76542b0bd3974639af
SHA256 f3eb2d26173d9ea8e26e234c3c5f91f9eb145fdf8b2b3e5011e0f33394fd8737
SHA512 0d32f6a880509472a51ceaa9539e3169505bc6b508664d28c9dfdd1a3a72abec665574dfb89e385c18522166221f1d73741fe62e4ea0860bc132e198614cccf2

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sr-Cyrl-BA.dll

MD5 8ac38640bc115d9afeda0a38f6489dcf
SHA1 ec53c866bc456b8235009dd2258a46baa1c43b58
SHA256 05b6dc36cb6be23b9f7c577d63f74dcb477e65ae78f8932cebdc944685af05d8
SHA512 e63f0ca2d1fcf6b311e55f7b319555b9a2d3a55db7f95b0811d17311b32c2260b694a597c1b16599e4c99a5fc0d4f0cba3981df5e6c72b3f0b06cb2e85815dc3

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ug.dll

MD5 90233e9a66055b992890c087f9a65107
SHA1 d0d0b7127426984fdf7432eb0c40db32fb37861e
SHA256 ef3c2a3efe238583322200af0b1debf8e868376e67318d2c50383e857963935c
SHA512 027f6c3566f05a15057100bc818bb35f9533bd148c57c2f274fbfd4a9b60d63e3b0361dc1330a624616bd093f520d9305db9797c5d433d5c7bd53f9363495fcc

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_tt.dll

MD5 b283a695ccb78e124e0ec08896e4058d
SHA1 7f0689929c7136dfd287081c3e5f88da7c3d1f80
SHA256 12f0546da70bb844eadaab7f2ce08be9ef1514df09e5491fcb2c6629d40ad438
SHA512 3e6ce30278ee17bc0cade9df6edfbfaec07f0731a8ae99af52fc6c55262b2526611be194dfcdbb4fcbb62ec52e8d46b9e687e781ca81b55d32607fc478ed3944

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sr-Latn-RS.dll

MD5 1dc419deb5fa2c42cbac6983dfdd8101
SHA1 72532b59b762df11ba887c7a86f94172a786f895
SHA256 59fa964ebbb2ccc8eafe62e2a2d1ecc793bcace282ad7eea6174490e004a9634
SHA512 5e0ad002fb182e447206151c03ef077883c528e7774fcb1c0871497dabb4ff4356b2a07ffc43156b854cf0f3feb0744774a88b72a6c1def41ef4f6e7b5252c12

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sr-Cyrl-RS.dll

MD5 aa3e9b4daa0c3a705542fdaea4934f17
SHA1 49e22e1c5fbad1a0f9a381eec9dd442e4e44c4aa
SHA256 e0772a096a51fcaf8cc7105e086939eff2aac0871c2da810376c817c55631050
SHA512 dd2a3f063619866c366aed6f1777629cb6aa9934e36f96859e4d8771d41f002f76bbb82e12b3b6001efc1b5c805789d28f7e32f2e61cc54bd831749ce7966a09

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sq.dll

MD5 cbbd4618f02b8205f4641cbc9c62cf71
SHA1 2b3ddaaa365d782b038d8b13fe1900d85a80bd28
SHA256 9f0058887d58548825bb342959a160fbd30209898ddab2bd2675a7f12829ad0b
SHA512 77f3638817edaa9d7301e739356f4453b486b25684edeb0c8a42002618c18a6cfa0f7662aceeb0a184cc06c6559f6cc32dc29b5e5e83fc25e16fdeb9eceec6c3

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_quz.dll

MD5 285236d3e333ffedb5436cace4c92ce7
SHA1 adaa7d713f9173157bc4d3e46ad754ac6e815bb3
SHA256 b3b9dc1c3365eeafdf7753087b0ed3fc8d138e85f49ff524ce84e8e712c3e0a3
SHA512 41a9f5b515a0d111da467a42a303df139373390de5a52ee58f8c2724337f5f07e18dc1d89766bf3ae660a356f8a2aa645500a228fe56f0b8d7df079de10f8aec

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_pa.dll

MD5 9d205cab64acfd11d13d5d7a1ba80e28
SHA1 718271f5ff70851e4371e9ef1f08dcbf4c2940c7
SHA256 9889eb2c3b30d2392b20eaecd87977a6138bf8485d088ad37039f4f64331eed6
SHA512 6320b58e78697158f15f374d88acf97ea0df977d6feed3f6a65428d9c731bf06261e10629a11b6fcc4f109424e9a84d0bb955ed8f99ee4bf1efd821e05b163f1

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_or.dll

MD5 c9d481ff5983a9a4939c0eff462b8ba3
SHA1 de612d1ba7ba45eb4dbaa207a02f09ee501d749c
SHA256 f7d685df71e5228fd0274207179a34afe948651fd4810d960b37c31abe6e6870
SHA512 b65cf817c019e32c38f572e4818c0d642c7a2b4db1c9e23d9bd73ca16302d1941090b4f144422709b5d6419396cd2fa067b88758f9d00feb34d165454f0d16b6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_nn.dll

MD5 acbd3f42c78a40927da011db11ab069f
SHA1 7a40a560a0db2a69e17b14485874b14fe6592004
SHA256 3025bfd7ef55d55ac7e22fcf95f2a09511928251e199c9525f7811d2b955a349
SHA512 e3f9aff510f6ce1831add239fef5d718cac0b4da6d12e3edec697a7ebe2e1ca8d5e48c87c9576de04a99c7805364ac2655ca50d93c4aba572c80ebb81693e851

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ne.dll

MD5 584da0e016ea388d8f4f116fdd3c0a0c
SHA1 289295236c77377c48919a699bc13ec3cb7573e6
SHA256 eac58024edf35fae53dce0f46f0fe78ff85ff3ca9731b4762fab733442156daf
SHA512 2f909bd755d1d65998de79853301109805194054b5ab3c2f8b32bb48e787c5fedeec11fafbc55a858bd571e022d11b5d611443a5a68cd5777410b52c91212434

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_mt.dll

MD5 11cfc0a8eeff082d17979d3968d5d110
SHA1 c963251af2d22fe7000d1eebe76ea44fb7da6496
SHA256 ce19cc60aceaecb34cf496857dd3698a2a5dfe88cb67bd4b7fd0a7ecc51c2ea8
SHA512 97c09f6a02e4469ee0a609d9d67e20111e2abf9c8672d0fcf8275d66d20fc92e61d8dcb88b3cc9a32d46391253ffff6157c5a7cff7fc9248af55ab3d3217a2ce

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_mk.dll

MD5 f05d3aa1b51abeab311516368dddd8bc
SHA1 75ca6ae175a3ccc9f00d82afb4c6b673f396c6ac
SHA256 7aa26839a50ebc3ccb20ab5aebab432b695f0024d52529ef262f5eb8ef96d17d
SHA512 4ff88ba89823ad0c0ca2782c87bbdbc7fe738a161d5d4f674d7b9c97d491eb5aefc0430f34d3dfa7c2737f3484040894d81ac38135fc4ad3bc6cc0eb24e479f7

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_mi.dll

MD5 d8b6019ab0fa35c6e64b08f1453204be
SHA1 aea69732af642a0d13bc8feda2b25751196cc1c2
SHA256 0672e8b5be2da1042bf6c85611a0a89012496fbcf7d06a7f446b30997cd20eb2
SHA512 878dd4db34b1f501c37eacedac8eb0c87143189f7357fbd5bd97faac01ba98cebab56e2e3934af012de37d0f32fb91578b16504b12e34b5f448605a82cb8f054

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_lo.dll

MD5 6e6f49c35d2b74090529fc1d8d12eb2e
SHA1 5a0fc9397872d7d26803276292962cdb0a5e4739
SHA256 6a25fc0ab6e2c73eb938b8e0f38578b9a02feb3a0634a16ac41ebc2a9642d260
SHA512 d3838a88908b2ab9bf6018dfa4c6f784371774cc0bcc82e180761673a9e527e126fee17a150a51c6d0a1159575e2060c12f85ae751e7a95f0285e816799540bd

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_kok.dll

MD5 c1557eba649fc78356ed198d6754416d
SHA1 1ab42e71a88b127c40f8dd6d1b0660f271442a11
SHA256 8c5a7b3e9f5a3a64214ca8e9d43ea152f69fc2633f47c0783b90385e00551ef9
SHA512 e2f92c8c6ea823e1d716732b4bb5295d34da02d270079f645d9290261728bcf822b7f845f4a37dc2ef844580d6a3650a53c3e80be875eac5dffef651e8607993

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_km.dll

MD5 126036b98853a9d31937f874484dcb83
SHA1 27ffb8f3f6e966c3b79824357e79eac4ec8ce0a7
SHA256 90908e9108adcb0b4df84e4fbd9724e5e7a2d2eb54720fe49f37bdce977be635
SHA512 b384657e0ca90270b96cb724aa55c52f5c8b569fdb1a7ee7085c18d6822c39fc81a490128bd42d0aec1c0ddac1853e30718710968f5921a5331211bd33e89316

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_kk.dll

MD5 1b1202fc3e46d7b46ce3cb46cdc5ab21
SHA1 e76d1065035d86eef011feb3cad3ac38eecd0b7d
SHA256 b660a0e1d5161765881e0a7fd9d714abce341403b21f63667ffdedf7d5a254d0
SHA512 7f11d5d6995f27bb4f8705ac7310273f070a71adc73cdb70d74766c89437b3e7a10453fc55588ac223fe3b449564758a49380168d779fdb6a4fac3b5cde767ea

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ka.dll

MD5 d464fd223ba898e6fef4e485a3118394
SHA1 59c78983ce859485fea5458ba4e7803c38012b9d
SHA256 066c5c4b4c87ffd201d0dbfc43cb7566cfb03a6ed2fbf8698220fb919637294d
SHA512 6ac1d5fc59e6b7a10532902b059ac25a2bf58b0a63ab586e89b293e2de732c1d5d580c75ff28e4a2660a6ee3f0389f49e388567bcc07dd6e1cfd5d019db3ea52

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_gl.dll

MD5 295cd30c00f43d9131621baf4859578f
SHA1 cab79a6263b7b0a799461f3e6df41f815029cded
SHA256 b851c5a60cb6d1e8dd9aa161106cba99ccea047d0b39d007beaa7b9ef4a83397
SHA512 5f5c1e62e6c0e11a63fad68928765e3f504f33cdbb1d9a05cd53cbc3ed145bf3528960a10e3d57e8c83b07c030c72257f403b9a57d12975d3ef8bc255418ad6c

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_gd.dll

MD5 aea23f526ef0c5bb3d2f8fdf192a49ea
SHA1 4d7695e33ed43c3efb95f304e29675ea885b2939
SHA256 3cfe866c151a7e8a208af725c0c6f2a47fc3ada35f9ad3509b16b8d5229318b9
SHA512 412e4742ebd46ce38010b4f6a46d8d524025f929ab4658040e271d768e79115d90903403b2f1e51ab910bbdf9677b49439eb3c8afc5959477af198efb0c7c3c9

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ga.dll

MD5 5bcc643a969559317d09a9c87f53d04e
SHA1 3602d51cde97de16d8c018225a39d505c803e0fc
SHA256 b48f57e90ea9db6d6a296c01e87f8db71e47ab05ab6c2a664cfa9f52cf1d2c18
SHA512 4c65772f77e61e64d572df5b1f62733aceb02a5c967c296b303ff17c5d49831e5b7fc3d662724ae3ae1e88cd0fdcb704e838af5d4ae20f2d82b9577f57159159

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_fr-CA.dll

MD5 8993c0784111fc7cd6a90a82303e5f44
SHA1 8d1ff2fed98ebc608604c555ceb46ca628afb285
SHA256 3d0ba88267018f592141ea86592757cf1ecaac1a3a18f99203e0fc5c5eacbd62
SHA512 124d16d848dc8ea0a93b292b10ce1fbad23b56b13771d904cf14c19d54478614d214441b05f6cd9e1999b8310fdd26d1c6ecae784be00aecee7e80c96ba4ac88

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_eu.dll

MD5 fe73dbc305da6223d1e94e1cf548c000
SHA1 b16f2c40d68cd9718eaaa9b6db9c8e5c4b6acb9e
SHA256 1ef64088a613a4e10b4cf4206f95f5414ee27872798747234a6574b7e5c70a7d
SHA512 d9900720d89defffa52198dbe63515995095c94aa0cbbe4f32a1c09d26809cec480e92926d2240702604b8c13fcdc0032cc46910ade8e4c1d2fc9a4bd1b63858

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_cy.dll

MD5 29f027d2d5fd486bdc20386ace925603
SHA1 66b8605f23871b4a8302bef0aaccb36ee1e72755
SHA256 03c8566f749e8fa349d97101849bc3b2cc0b7561b565a2b0928bf8fe901da813
SHA512 3348bdf10b2d964b34b791a774e28c97d3caf28d7f90e36b948cc2cb6c21e84cda933b7ddbd51c8fc604a450361cb834322c15ddbe0f4851154d05e5a2a2ea42

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 897712b508931dab76d39b209611740c
SHA1 9d80e07c2dc744e2efce3b67aa9876949fb9edfe
SHA256 ee64fdefdb3381ce61fc445190cc44b015e7b65a3a16d28f3477f68de6079f1b
SHA512 3329e37318dd9b11f282301e453af106168d3d10beff1ed62ffdcda60c6b4edb6b9c69ac6b9bb8abce3c9a9686a0152404524012dbff025e571de2cfcb3b5d56

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_bn-IN.dll

MD5 051c429fa2beec9c2842c403a86c0e7b
SHA1 0a06a45200a1f5c81c48fbd2d03549fc9fac3a58
SHA256 1a8465922bbb05a97a24f6c2200fcc7afd8bd0ace245c2eda9d9d335d4fb9353
SHA512 bb59b41804328f27ba8861af32824266ca69ddcfdaaa11551b1edd4e129dbba630da8070abedb28e180045f8d0ddc1209cd901919f6b9aa421c457188af795c6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_az.dll

MD5 d3345579310f3bd080b406de47b2305f
SHA1 16aefb27ea6d81c684f041aa50ebb49fdd403d83
SHA256 b4ea3c63fa0104093a2b2034f950428e66d2cf3d55f0fc5bd688483392d60d69
SHA512 65e4aa8587bc579b5109d91e02745f6de96a23b6ac2962cdeb6d9d536b51abab12b2bbaeca72572c3ae1971dac5bd24430eb2ae5ccf44a7068427594e4afdd7a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_as.dll

MD5 1fb14c6c4fee7bfabe41badb7c5acff8
SHA1 953d94cd73951943db14c08cce37b2d3ac821b02
SHA256 cd32339fd7e4a5959e93eb5bfd6e009e4137e15c5e6c2e861d7891487216da49
SHA512 a93b081935fbe48fafa8071a9cd593ae7b19205c70eaf48c724397019a04161460c66d6d8c6ffd872f4d52a4a7aa25ba1cba04181b9ebaca04b76d111ea588d2

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_af.dll

MD5 4f860d5995ab77e6efa8f589a758c6d2
SHA1 07536839ccfd3c654ec5dc2161020f729973196d
SHA256 9841d787142dd54fea6b033bd897f05f3e617b48b051de0ee3cf5865b3393150
SHA512 0b9a661b76360f1fb2eb3ee25c6bf2cbab7ec74e2363e0af321dc4d0afb3cad301dddd16ea367d588451a40a2c2ed41f21d7afae48307e1e4a4ec5b24165b378

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_zh-TW.dll

MD5 3ab514d9bcf47fc9c6467e85b404472f
SHA1 065cd0bf6926f9f1aea9efd454e0ff8f1acee0ab
SHA256 0121a58bed34c019610990ea330a85b0adc164a7550cf6c413943298da96bcf1
SHA512 0f938f173eeab9c069833c4dea8e4d38b6e754986931750454541616f9c8f8183452fbef5588d264e4f8d5bf76c0682b6568de79a241951059c65d9644395516

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_zh-CN.dll

MD5 da52d8d6285a8517146e8ff386f6d482
SHA1 b9e2e75e7196efb4c8e14a7205b01df7c96c79ae
SHA256 b8a305c792ffd85c6c8c4ec358f55b5787136c323a5908d8f75a4308843bb9e5
SHA512 862577d3e93973ac685cb2f4a45748f7599b95768eb73fac7329a3043074505eb1638fdbb3e2064d8a3b4e3ca69fef882b6cc9bf5307322e738172558c662b4d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_vi.dll

MD5 007d12952123dc9e25b41a725f78a29e
SHA1 5e12501df10c26cd2fda0843502ab6eda812131c
SHA256 d34ec87c4d08f2b83f260290d171198b72f85486f20926998f8552b5b0194f9b
SHA512 7a6f50324efc2c2a481a78922b97f6b1a47bf35dfe2a51dfa7f2d7006c182732a42fb5f876401baf1cb120bf9671fd1a37155d7a365e216155e084106ee23d74

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ur.dll

MD5 0341f2dbd8497319b8bf517a65669a27
SHA1 e242c48be3c6fb30df97d26189e5a67d9fb2e515
SHA256 2a8dc8c6c32203f004771fe956a998e124f06adb872b68deeb087bf06d1b4774
SHA512 af1884abd0a6775d9385de11499e4052eb7e93b4483875bd85e617aff05d0ddc6f528743ecd64179bc0b8e93f477b4f0b2bfeee1b54961dff29db64f9dd308eb

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_uk.dll

MD5 8f41e85518ead62b331f8a65d68b2fa6
SHA1 ba92e5fe81a16112b7aea091ba6cd16e2b6bb56e
SHA256 3924ab330a29df5a992a1673abd6403481635270abb6e85fddd00240403f15dd
SHA512 66910437c5602df37ed7d6f092434b7d41c03d60646b5e7f9b3de7e67b3cf24462478b7a3f05429081d7a776f58b64ee9bf1bd0026b0788e26a92eaf5b157c23

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_tr.dll

MD5 acf5da7379b6e07f55bca547f5317f29
SHA1 a0acc14c0c6cb639b31499be1bb893eb8f8efc7c
SHA256 77603b88f6c3b88cb6ed2295e2af19e968d6746b6aaebb3174e0d42facdfa921
SHA512 8e49c4f6124b313f362d9faab2eaec168925589fa9e9d7ee122120c9f06c5acdf0b42fb112ad6eb0945efe5fe21c7d46867d07cf4d413529df866215fc0097a8

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_th.dll

MD5 6b51b46293892c8f34cd3fca999077c0
SHA1 86758f1a45e1bb1b5475573831e78b927092cbdf
SHA256 81eaf169ebc38d20d85d5a266c45d5db0df9286d77f0dceebad56f646e83646e
SHA512 6d0277ee6700959cc42930126cae18bf51b375f1516e838082bc640964660294093b6a8f4e1882d8c10574e644cdd59519e63f3faba4a271f4d1039ad0a895dd

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_te.dll

MD5 84c8a461f997faae6ff68ea51bace06e
SHA1 d1cad88e32245d9156cff151df59db3d3f18368b
SHA256 232299372d7026a5ee05b943c49283a6e82da639be47bc71d998a142bf30abf9
SHA512 f9bf55cf5e9b07d43f8d444e885be68e78bf3f0672f7c29ccdb91ea9e64d396eaafcbe67544eb2f4d3910bd139b25d8fa9b2585bd42f277838cf5e4e0f35005e

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ta.dll

MD5 5b6eca5f4e73961550669ab8d926a51e
SHA1 75a9876b34736f31a53ec688cf0ccfc5f9a20028
SHA256 a98bc38b9db5823e0fad7b43b5e8dd55dc7f2c47fe00d61a6d0224e341313267
SHA512 d9fc2f2ab559b873b928bea634c503a87a501c777931483cb1103ecabd065d151ebbaf4017957e2f50a952fca49a11e12b02a2f8158786130c9abd1e0c374508

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sv.dll

MD5 13b4b967e3f097b7ff7722949c62d0a8
SHA1 aea4073bb8967da7f948dfef9f0a78d39c011a79
SHA256 3635aa8086dbd29caae4a8f8bad7a245d7f6de6fc064863054905e6c89abfc86
SHA512 e127bc06e2a7b00c26998429d5c162498873d3e7a68b91fe2378f09e313f06c18478b47de7a189f7e27ed8d02ca39d6f2201f3ecf51e577731fa913475ec1b09

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sr.dll

MD5 107b417ff112ed93e74443d5752f2a4b
SHA1 91a04086c597ad0307fd395366581e5ce2ae2ba2
SHA256 0e341d501d72038e90956274d475bbd58da69bfbe9d2b311bccc6041e0959786
SHA512 2e7c2d88f72d74802c43852ba627183833ce6e1902d55d2d4c4d023102910e00ec7f2485ee204a8a2809c6b13a46b84328ad806bc501d59fa98458a7f00e8277

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sl.dll

MD5 1b6bfbb9a8b6f7542edd6ed32c287907
SHA1 78cc073cea4686bb262a40cfa2a72ce7b96a202f
SHA256 1d005ad5c97a096a621c683287a9c4942d7b0d985866c2d6bbc5cbc9ed0989b9
SHA512 a2f08544d5126e227ac79cafc9e9a421e2eff5cc8b8d15fd549df3f227c79421e88d5fb99165af3ed4843d8cb90a5ccd0d8725ac3a58ceb6c825eef85854f248

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_sk.dll

MD5 32413890be653bb54a63f9e491d29f71
SHA1 6e22238722b325fab9a73b984b75afa94c7c4d8e
SHA256 48922aebeeed62cfd1d506aca64322f9461ae841877548508f913fdc809918f8
SHA512 15fd8566b39c43e3e98ae8e4138533846700afea7a358c3098f4772a50830e39cd40d4e6af29aba6f73528a8f9092e4c0e4f95170579911bda849bf4351ca5dc

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ru.dll

MD5 2bdb1c80a228da57f91f3bbe8c0bdc5b
SHA1 29e1d30a99b5632a483e5a5a69157196b024d1eb
SHA256 42d9edfc655442b396df0f5555fbdc70224bce54967ffea7b77fa86b6828ff04
SHA512 4dc9ec81ccdb84ee2bed3c23e6006dcc1f1ca016ded42f957dddcfa49043d99eed260ee3d67bc83f21fbd5a005ff01cb07041ddf5e6a66ac46878552d1c067be

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_pt-PT.dll

MD5 2178f0b65db17586a7b11603105d3239
SHA1 4e6983da783d16db2e8b5522e7557c76e2e5fa09
SHA256 ecd9a6e6e676844e309280834d249ca5b91d43d65e3661bb23cdb6c52681cf4d
SHA512 4e96362e0d82bfb93673830a1215cb2f0316ae4311db84628bbbbb3c37d450dbf2d3acd1473f14ba78197ef65d0e662cd5349e43e974062f04b81175004acc54

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_pt-BR.dll

MD5 5dea2642b39943014772075745a70b6d
SHA1 3738488d8676f2527258fe60c5cd2f6d1d5217f1
SHA256 e26c4886992bcf831a4be4bc9dd88374baef41d7915cdeb2c53c56b62bb7b571
SHA512 d2e2e7f6bcc1836eea6ef6e143f9d7d1cb9f7553bed81b19155080fb15383f4a3f4394ef41b9b4abaa55d6fae8666740e246942484ea3a181ee1c7fb3b2457bb

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_pl.dll

MD5 820f80b0b29786043b4e37afb242f20e
SHA1 6b5740d7cca4daec14faf067715a1139d415c39e
SHA256 fb8dfaf8eff075cee241035ae0de1be286506f07b9386c283aa0bda86d6649c6
SHA512 2ba24eaa0afe0deb0cb95433512189b5254dc1705ae0723d679cd02cca25c6db0a7a9eeb110899155beb68aff0375cfcd5a165804fc0706ef2015937e1252a0d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_nl.dll

MD5 46c568fd2be28bd00e0d12fe2e5caa7d
SHA1 ecec97e3c4b9e1014b57eb27713eba0dfa7c3372
SHA256 1cda0438fa1a1290f4805b049f47f2fcdee4b24db820e5827a518e336e4f934a
SHA512 3d4bf92b1189841de5a515f5f24192474daacc54ff5325a484da7f006ae18dce961409632c29859f5916d1049f43f10e566a3b3c0c5f685093742da666235d86

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_nb.dll

MD5 3935b82ae4c40d32bd09a740907bc3f1
SHA1 e52535f18d6d610b0aec93339002631def952f81
SHA256 50cdb14be79006c590fbb1b55c389c11906593f83ccfdac3b363920e592f82d6
SHA512 0fcb1877ac137b391a2014113867091e2c618317186afd548a9f6248ffd828914336d12bc10d264279441c07d7c9a9d349e35c0497186bd48d5d5b6352cf6e6a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_mr.dll

MD5 f94262bdadb5903e2e93a6cb6218fbe6
SHA1 c066be7fb4a1459cb62288e4799e268fcdb13ab8
SHA256 9e000d271d96f02bd0baecae07ef5b9a7f5f17d33733e2c9bb50f13e4c6e84b1
SHA512 11543d93e28e5616dd3aadd5e9b20b22b9160fb4117a0cc57971e5e46b52150c600bde161560410322b1db1c8a26e0c61cf9fdc761ca461a22f0c4eac16340b6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ml.dll

MD5 dc1bb5db270c494456f49913e26f94b7
SHA1 73dd3db577b7bd6bdaf047cd2012c75cc2213bd2
SHA256 155abac08c35cb330d20aef6375dbe18421c042a2533da0c63535ec59009cadf
SHA512 2cff374df4f8f41961c6e26ce369fc07ad8881c2edbe85173b6982d393402e32a79c73b8c17cc786d27a1f0ee79475e4ef9b3238f8770a099bdb9c422caa1287

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_lv.dll

MD5 bf10592aafe1b8446c005ee9e5c305a8
SHA1 19b81a238e07c958f1757488440e42ba99b59b53
SHA256 5cb166b350b425009080d39efa3b6ff5c0bf78f4276cc1ffce3043d4ef1a687f
SHA512 b69d55757047170a7583f3f0525307e09e670adfe05906d30bf208dd78b70b3e18a19adf59aeccc861857c2e37cb08412e4729d597ffb45960d285e12357b4ff

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_lt.dll

MD5 071ee832762aab532c59b858c7d3a46a
SHA1 0a976bd2c76d8db1f831a8912184d43e02ecf293
SHA256 a47e46963fbc7020dfc9dd08eb5d7d8c4c2a9f0b0a8f51f1256453058a6a19f2
SHA512 50ec7ff32da6f0d022ce067bcc160ccec00c4676ca56b789bc6ba1efc7f34ad485297f4cca6f6ed40be1c59018a7287c7fb490e6adcdd74f3f72b4526332a522

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ko.dll

MD5 f7dbd944a9126dbe568faf2489ecf053
SHA1 16ad534b4fa48d95224c74b8ca4d3d4533c76425
SHA256 b1dd9c0fdd11a5f83ed5b7d1fbcd417bfaa94e42035647ca45f20e332b531703
SHA512 0b6843fd208ea9448179e63b485c01b5ff824d555cad57cdb6575234bf43d6cf253e9494fa74150b9fa9ace9d1d1ce749e1a77c7b342c10498dd7bd3953d9a27

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_kn.dll

MD5 e20f7a758cc9bab3d458d89d828521cc
SHA1 cae0a6d29e5b3f0aed0db2d66fe19d5463c09cfb
SHA256 92858a377f1ddc353b51bb44ec04f571ff2b4913d3c8104aa01359b72f91f2eb
SHA512 8bf9b8c6765820db6dd95303cb996b97649796e14e67b465fded3c24ef180891d58f9fdcb06243ef1d4c5cdd4148f58f64d74d2ceb2cb214051718d33efc9707

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ja.dll

MD5 b89ba9ecc6d4c77abff61b1c75fff16c
SHA1 f381408f26be2c77c7b59681ad6280a701ccb472
SHA256 bbd2c970f747a6ee8e4735939225f607ae630ddc6e2e39954e0300ca9a7a88b2
SHA512 53a3db82f4cf5a300a5eab7692f4084451b987ad72ae24d9118d80f18692ac3604981c0e871c7a7625c5153803aea0e093d91822d33af0c10a07bcb6e766a5b6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_iw.dll

MD5 98f79d77ab05304bba8d60e50914418f
SHA1 957590adc0f8a7274e765e2a804c1de7c76e3040
SHA256 3764941b873ed59d5bc1097f6b9382ba59c06d443a96ff71ba6b693f161da522
SHA512 9ca6af5c14193dce7b50251f1b9205870435e60b5495ab1a9f0d42ca14b98b78fef51bf3cd4165394ca5ba28d0e98bea7642ec67039c0f146383136145c7de59

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_it.dll

MD5 26cbb965c6976f59ac385ef9408bf81a
SHA1 16bb0530338e600fdfd13a7b03523a715e633bcb
SHA256 bed996b25f77c7d4328d96147ed388f1b457abfc0510eb8956be4339d103821a
SHA512 1efb1bdf0276de17f8516cde4d435e0be8fd066f52fb5d4c9e2fe2e17a135296ab6b34f523284941beae438e97d7e65de26f0541b7c437bceff229b60da4bb0d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_is.dll

MD5 19d44de8f930e07f41f9343478ed5c1d
SHA1 83ee0c5a86997dd491bd8312d221dde2b2e7d44a
SHA256 69d3a21b7723e4df8b7b97e39493081e41231e2d3a3f5a4de462db41339987ec
SHA512 4edb82aedfeca743a03815a889eca766fec8083afd0defa098593297a52edaf1780dbd5ad1d3325c614d815d34d8c57ec2283a0db215f94f42819f1890089c4a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_id.dll

MD5 eacd4638369bf96ccc7c23af37e15b5d
SHA1 15c4878b78c06095981abcc589c4a6f265ef96a3
SHA256 a53c0fd74995090dbf48bbba4a00560e3cc344ce8120b8b2bfa1f9b953b536ef
SHA512 19cc8d25bd8fd84481f77d301f79636208df5807647ddc6cb6beff3882d94672db49daa4ddfff0c334b584742f9d2fea3af73977032d7dfccd0cfd1314af4ae6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_hu.dll

MD5 ee19156c12d2d7cce9b12e515f9ac6c5
SHA1 19ad46e40b3c1cb6195231bfcf45bb68ee1b43bf
SHA256 c290883b4b99758792284755efa52c12eb09039f0f8027d8ba3b1d4bb2f3846f
SHA512 631364472a450519ad8959971d6c319610570ca37b4486ea12d6af5b46aaecbf336aadddd1f3fefba841534ff82adf905b1e1a008638ed784bf08870a3b86ee1

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_hi.dll

MD5 a5544f517f7c1bfd1ec6a2e355d5a84c
SHA1 34a2a4a576300ad55b6757171bcba0fab005daa5
SHA256 8274c64bb778b55d912929625cd849adfe733b2dd674d94895d53af8dfaabeca
SHA512 9069bcfb736e13499250844dddef40e2cf64937e33ee1f81fc4968f024f7d7b89c6a778866bf1bff98d770686569e4752a473c0adfad4d4099cceda84da3cac3

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_gu.dll

MD5 c43c1ab37cd93e54068443bc330fb3d2
SHA1 ab51a2cbc51b3c17cf184c6d99ac480c02eb63af
SHA256 0c26a367355e766402c31fbab102dd1c35300d4a1301417c75be5fc4b3d54680
SHA512 ff0193189fb846eb3c4188bb599dad8e6f415ec9612da567d95c9c513defb148b6013208371798d174569b46f443a744e4e8b83aaf139d68c31f7de0f94e63f9

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_fr.dll

MD5 a640aa4ff33662e06a474765df0b2a8d
SHA1 c6265225532e389e48c6057bd717b69de2125b61
SHA256 078b1943bf7f7955b90abc40f691b27e04376f8c43dd3abc4791614286cd4f23
SHA512 59791eef021f94efd9c18737d6c46fbc45add582eec92d5b997cfd66993abc7da872720a037766c3c70862f0654ccf30d122d4a5a6b305151bf8bf1c053a466d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_fil.dll

MD5 84c4736cf301b93998028ed7678caec1
SHA1 3b6f1f6b9eb3dd7d9a13c11dfd3ac56c93f1b10f
SHA256 3c8dcb7e982dac3159298009a86909b1e1000ccf6f4d333341f16d4d6fbd84ad
SHA512 5a1b77ef9450c32802e94e473a5b4e43e892c923ef368ee9bbbbb5b0090429320263cc79a4da0b281930c1a60861519211abd0bd67a9d9ee370bdda2230d2e81

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_fi.dll

MD5 5a30bc4216af48a493eeb0f3a9f02607
SHA1 2fdf65a4002d91818d56a23fb8bfd08ab715002f
SHA256 5131c23915ad6b5b469bcbff31d0ae31ef34ded28ca0ffff9f1eb998bba98aa1
SHA512 34b3a4865f31ebdb8665780011b384ada768a0f71bff77f91706b140eb8cc07fff8787f710cdb1ee14a449cae8f22ee5fddadcc501cf1c921eea078e97dc2f89

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_fa.dll

MD5 367ea715e942c81dd3cb734274969a0b
SHA1 f92f1ec2a5be9b775e67c4252a07c37ed0ca508b
SHA256 082da1c09782c026c9cd73456dc12539a226f0bf5d113e59bc93b29c1e98b37c
SHA512 c94e787ba3bdb56d1827a0477461cbba6b7cc68986722275e0d04ea7dc70db83b5d03887eec810bf9b67f70b18bd3c7b7d28f0e554938b81d3501bc11f97830a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_et.dll

MD5 ae9bdf6416c3630c4b0b5b119308a135
SHA1 d7218c677b098d2a93cc91ead39c83d3a2c653b6
SHA256 62da90c9417a70632aa190fecc17c31ecf433c1f84f82b08d7d7290669cabf32
SHA512 4333ac6cd3737f25e6e1d429b195da781ced4340b89808cbd5d5d2aae2e79bcc700419d613123d632252e31ac44d95b7718f23da5b82ab5054407e80106a64a7

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_es-419.dll

MD5 8f7f515d78d2df371993fd70f863ab8d
SHA1 dfae1b47e80f91abf2d9c2aac009c0a1767bc59d
SHA256 ba57fbb9d3a32b84d6a76054b9ad180b6510e53206b9804bb9ea18ff73c2ae3e
SHA512 308a62af00a4410551eac967bb9f2cea7adf7c13b471dd28b276bda40b1e4c0b4ebb60aec29b6165069d40180bc45b4f5da5baddc374ce7bc5a5bb223afb4e96

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_es.dll

MD5 6af05d448c842027f876e93f8ac58b65
SHA1 f34c988e3875a1d1b267b082476fcfb8d7505a73
SHA256 36876b14a214cf98dda5100a7e7134d7ebb78e895535d6bd7562099574607867
SHA512 412031db59de0367a102a026f73072244b33d726adc5bb9fd079db3dd37b5d6a24d7420a9811576d0a356933b5ba15cc9e2a92046d2d6e6d6fef37e9d840aec6

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_en-GB.dll

MD5 74d4cf3b8efb6cc3d0acc3eac38bd5b7
SHA1 9337803aadad9042c895b6f418b4c733b81221e0
SHA256 b83c8981d8835e4c78250bf265faa6d64693204b77764c8e349abc4365ae9871
SHA512 e6112ef60d56101aa16327042162d6ef43519bc56668ca8eaa7fd3e1aaadc75c7df75c1e41583a292ff1a9bdc7d9ad9f5c0d97fa84964532dca2d5f3df604c23

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_en.dll

MD5 19dc1f6d1f309eb7abf1e0c8257f41f8
SHA1 e2d3e86fe22c6af6b8ee5b359315dfa6ac4d52ec
SHA256 046f6c532fcabd969c6e63bb7ee0d7a83d806fa659006508e1c3a9485190d6ef
SHA512 478d6a84452cfadc48547930e336ad459eec188dd3d9e4c778cded4ec3d34e00b2b8c0538366aa644ee67f878b29c5c73444c1406c66e8394761bb0979c6483c

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_el.dll

MD5 a7e64339a5314e3576c0d170171fa52a
SHA1 6c12aab6c97c30aff3245b78f7a3afeea604215e
SHA256 4e9ccecb8e4383395f2134347fbad00521345ec9c857d8fa102d5257c7bea9bf
SHA512 a4ca3fb60a7f4bda50847544dd1289d750f0d4b3565929290a8392b92822ef1856cec15a1f63f2c6fe1ef2e7cc0936a35bdb38ee5d904eb08cd32f05addc6ee4

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_de.dll

MD5 ad5b530eabff0540078c5d17f27b9610
SHA1 7e53dbbf64e70e561d37669e69f50eb0da8e37d1
SHA256 49f512316a51e51027b4e70de4ffe8c8ecb188e126439a90a5d12d52a0393966
SHA512 e1cc853d96589220676d39d91d4108633ce56304640f770e7d22b97a9b3be9452d5fb94e4e7fcd1400b62f0c398da8255c53a31853194a9e7b7784982b5ff40f

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_da.dll

MD5 b0ae9aa0d5c17ee7abfc57d21cdcbae6
SHA1 01019eb6ba9c123be528136e12192b0bb33df407
SHA256 d10938919e3d28d71e8e3ba2d8e02e0f9dc2faf148cdedc21c166fd994c603e2
SHA512 4cba25c8159df865231b08fe650eedfb92d54c3037d28b2b9af010c8a59fa23669041a6c393622fe69b0194c2532f71f02b740f7e26e0bbf7ef34a421d6747b8

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_cs.dll

MD5 1de961b662a374c3af918c18225f4364
SHA1 e8f1c438e57b322f43b4b851698bf38c129eb6ae
SHA256 bb1365c5770dacbb918af27b47b02f269504f4d2396cf3f82bf5ecb2551c5021
SHA512 c6bf62b684039f62744f1aab07f4751948e0c175f7fb7fe126f20903ce23fcdd2e284f1b794922621dae7eaa15c6dae0177ad102289a18f967721486f21073a1

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_bn.dll

MD5 82711e45d2b0764997abc1e0678a73bb
SHA1 47908e8885c86477a6f52eea5fddb005ec5b3fa3
SHA256 2bb7455999b8f53a2a0834588ca4da4703f4da362a127d01cc6bd60ca0303799
SHA512 4b517796edc954ab7f5a26a5d6605925dc7e84b611bcf59352b3b95f719cedc72c77a465fb1e7bc2d2f422d596c97968dac5b57292c82967d5cfaff980128fc2

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_bg.dll

MD5 ecf3405e9e712d685ef1e8a5377296ea
SHA1 9872cdf450adf4257d77282a39b75822ce1c8375
SHA256 e400415638a7b7dcc28b14a257a28e93e423c396e89a02cba51623fdfbdc6b0b
SHA512 37e5f1b3bdd97a4370718dc2a46d78ab5b66865d3cdb66a20a7dc20a9d423ccde954c08f97e574fbab24e8dfa905351cbfb94bd3e6692a9b6526097ea3dc911d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_ar.dll

MD5 5de3f4dabb5f033f24e29033142e7349
SHA1 5c446985de443501b545d75f6886a143c748b033
SHA256 2533d443b68c5288468b0b20cc3a70dc05f0498369d5321368a97dd5bf3268c8
SHA512 c96296e6f67edeff2be5dc03014a8eb65fc287fb899357d4608c36c07b4610827aa18cbec6ccd47b66230a12341af488aca8bd02632fa768f84ca7b1d9c9d065

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdateres_am.dll

MD5 f624de37750fd191eb29d4de36818f8b
SHA1 b647dae9b9a3c673980afa651d73ce0a4985aae6
SHA256 e284453cd512e446fcbf9440013f8cb2348ffd6b1acec5366f2511cdf88b1794
SHA512 d1d65e29ed59e34d4ff66df11a2368f1a724730e32eb245022d4f3d1fadf16d445ba8532460afb0e6e91f8be60a7240d13577403193042d1e912a67e4bf23b1a

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdateCore.exe

MD5 b07ab49ee8453853021c7dac2b2131db
SHA1 e1d87d6a6e7503d0d2b288ea5f034fe2f346196a
SHA256 f8535d5d73ebebed15adc6ae2ced6bb4889aa23e6ffe55faeabd961bf77b05e4
SHA512 5eaae533fbe71430ae2a717f7668fd0a26ec37624e198a32f09bfdbee7e3b6e93d64e4fbb78cbdb05c4fe390a864490ea997d11849ecd371f5153bc8bfafccc3

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\psuser_arm64.dll

MD5 8794441685051f17888531456541fa32
SHA1 7d2639415a96dc238d5a3d4f2fd831e65c7cee30
SHA256 a5e702a398c0890447e01047cd0360caeaa6a3b8a92e0755b807858bee4b9c0a
SHA512 8a919b0248108dbcc38c649a2959f958a162b36ce52c748baa3d348adb06576ed006329c39a177cd9927f06509bbdc3ac34885c6e38687e3ccd409dfe191f0ee

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 b69894fc1c3f26c77b1826ef8b5a9fc5
SHA1 cff7b4299253beda53fb015408dd840db59901a1
SHA256 b91bad4c618eb6049b19364f62827470095e30519d07f4e0f2ccc387ddd5f1bf
SHA512 8361e97d84082f8e888262d0657bac47c152bd72f972628f446f58cbeacf37c05f484dce3fb0d38c4f0da2a2dcbb0813639d201d127ec7f072b942d43b216755

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 205590d4fb4b1914d2853ab7a9839ccf
SHA1 d9bbf8941df5993f72ffcf46beefcfcd88694ebd
SHA256 5f82471d58b6e700248d9602ce4a0a5cda4d2e2863ef1eb9fee4effcc07f3767
SHA512 bce1447d5d3210c22d52dec3b846db091b65ed03fd9d7cd11c6c4dbd2aa5a943d881360bc033c29abd61011581ff9354b35cbe421719d92568ed99997bfbbae8

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\MicrosoftEdgeUpdateBroker.exe

MD5 31e1c773732a9cd1ab781205e39cf865
SHA1 606babeb51356f847344baff2de8225e927194b0
SHA256 3e90c66d0d00e294b9b51ec3ed7f846975d93736d424da3c253a2238e63cfb33
SHA512 1ef369022328cee44c3671a26b9534239389b3efd2fa45f73f7811829cbdd55b6dff421745efe957e38e6aa50bd8e63637e4c66cee4505391cd7af9e8cfa821d

C:\Program Files (x86)\Microsoft\Temp\EU6088.tmp\msedgeupdate.dll

MD5 5d89123f9b96098d8fad74108bdd5f7e
SHA1 6309551b9656527563d2b2f3c335fd6805da0501
SHA256 03c3c918886e58f096aa8e919b1e9f8dcd5a9f2a4765971049bf8da305476f44
SHA512 9d8190e5374cd1b4adbbfb87c27fa40d4de529d7c0a20654e0ce189a4cb9a53d3708c4ce657a7a5469b015df7efbbff495fc844579d9cd363b329b7e007e85c8

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 2d1770eb99f0a795e7dd5e775c86294a
SHA1 74d17a2d26dcd5e372624fe12d0c46b9e749da7f
SHA256 a97da349faa5966af5500ff3604b9686a68a08aee517600d6011f07f7939b9b0
SHA512 1b772e59ba00ae77dd08500a16ed40ca17da853790aa5a883b0a8c50d12463e7b53bcba1e0798378bf6ae90606bd1fec20369efadbab72b4f1df4b0aae032477

C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.98\Installer\setup.exe

MD5 527503f430c5fd4a542f8c0f163fde47
SHA1 6b4db644895df6c71b547d8b147ef3e327418f9d
SHA256 d1d9b6fa51141f58b95191c8a62cc5a4c9568ba4b70e3deba4e1929df9a97628
SHA512 ece940340ba2216966b6d4b28a950826b55f8987998c101c534331674376b148dfbfacaf5c78695944bf940dea07ed4887f9572e09c118e307752036679850b8

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 ebac6d4a783058eeea5131cfc600e486
SHA1 4cc25d32c77a89eece0a55ceb14549d76203af5f
SHA256 a22bdb144f6554e064b6b68815e029e4f301b8cf746f9dae17c5271c6c952e30
SHA512 5f7ad796afb8d7517233159d7962886a87988858b7398f43d331c044e048efb4b9967ff0d8fe99ae41c6d648980deca41eed68eca1e191d41e00fbf29da0d941

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State~RFe6057f8.TMP

MD5 4ecde5f40c4965296cba98b10429b6ea
SHA1 2d3d7e1cf15cc5f53615dd6dcef4d7d2b22a3ac5
SHA256 be78aa149c6ab2350be5c00f10785adc64e0d7f6b3c6c33f67d40a0b3834042e
SHA512 cccfd740ad2cc53009604415d5a93dd39fbad922bc7851c2a0ae5904a7f9193628500eab3f74a6a13e35dcbfdbd00011f08a68e372fb41bb78c425e8cc126650

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Extension Rules\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Crashpad\settings.dat

MD5 3b4b11fd5d75318bf0280b3c14caf699
SHA1 d16db6f84281dcbb3cc5deede7771559e4b6bc8a
SHA256 1242ed7a82d97bbc40c4a59af9aa9cc22a1cad24d8746e3fc0ba7b4c95a318a9
SHA512 8bcd3416154d954df93044e5c476e266905a33631a5d469bee271c56965b834ea7a75e15abd851691ab100f10d5f049ccb5c62a7a1c0a39cd742665203069917

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 21a326c196955cb78cc5d1b28e5aa253
SHA1 19510416993badae95bd580c2ffa0c6317d8b657
SHA256 8640dd7e211ae238e398f175129f4f11de2b0d90e02cb21b64fd0d80e7f60a16
SHA512 48bf76f5545ff6facb1a50edce6a13396e16647d48b3202ccee81b51dbe65fa0fab2822746a5669a9226576a0dceba0643049fb0d8315d28d324c4491295cfda

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 3d02dc9637105272049b4b7228ae3d8f
SHA1 754338b4659cba0eb1860c56be301c9029f8f75f
SHA256 cd939d40d4b0ea46b049eacc1f64e8a2d6d56d0972b2e6c7c298b042402b1cb8
SHA512 b46bfc08cd66393663dd20804ea6a5e9a36f6bc40d2d5070d1f57ad389e63fdb640f778a6adcd6b2b61b7a33e094265bb8d51c05c039349cca182eb28dc76446

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Shared Dictionary\cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 ffb83a5a1f094623346458350fbba867
SHA1 ffb671e581ea78da1bb9cd8ab2422ef530d87df4
SHA256 07abe3934c1132a3d97916fbeadd8f9cce03de3978c8274212a0241db16ebe75
SHA512 364e1ad41505a2df474f0df58fe220bad90921bb58799c5afda8666268495ce4740adaacd4324d0e7f7c60925a1a6b5093df1d35d9f422454c2b9641d98e2dd8

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD73A23D-81C1-4CD9-A9E3-BFEFC8B98CBD}\EDGEMITMP_AEF72.tmp\SETUP.EX_

MD5 2809c98eddd9ccdd623ff84b87e74005
SHA1 878cf5743a862e0a3e69742bd1a02201ec766773
SHA256 b44f0840029e770338bb3416b713ebeec8fdf3c30c4977de87d72d8d1c91e272
SHA512 4da568417881905dfbe604887962f92b1ada3018815ab75cdce6f794c271e86fe4eb48a62959a8f463807c70f307b29e415246ef3f92face6849f94cd317afcf

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 59ee72f6dc2bf3348022b0e567b57504
SHA1 5800b76803345ac6ad346763ab1e52c85101705f
SHA256 0df6d876a420c79aef2c39507cd91fb3520a5f17d1bdbdde360f793d3cfa1c3a
SHA512 e26b612ea6587eba5dfd36c1937c30e7dec7014604cb52b50e2c2050a1c268b376b33a80ef5da79b5c3c460ba779e772f7f88867c9824017f9ac51fffdae2483

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 b4951820724a7573386e34bdb2f88b5e
SHA1 c140fe52d4a125b4307568b9acf042700c9ee742
SHA256 1721b541816295b830d1f96f2865b2eb5251be9d4ab15ecfb8193b1d3ba2a0ba
SHA512 2eee5dca4a3f1f7feea5b8c023cef36277c2060ebd24df99449a434665c1c38a67fd2084088a0862e179c82cde2a6b254f62283ce3e609a1a1898c93d8129534

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\b2eced04-0268-441c-b6f1-c514748c0635.tmp

MD5 99ece882153c82ea003b0976e805eff6
SHA1 92141c41aa360a03236cbe785a8b481292d80158
SHA256 7b6eb32b06ae899513c1113d34bcd1e801fbbff39f3d0ead9e447c94a83e57fa
SHA512 c1134114b13f8f766535a87dd1607b741e1cddb158460e37e07e13b27c8f621b69d266d7294ab4312c86afadc170b7e6ad3cb83e182f7f201b0f2e0fb056494f

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 cc3a09ec2575434044aebd0d45818a13
SHA1 eee8c58101a242d90db1972fdb5aa0484e750a35
SHA256 81fc6cc38f8e123da800f0b66bd3f0eef2bdc1f3ce62fea06b767d03a0a258d1
SHA512 b712ab363cd2fabfca0292b728fd0afb4ac854beadded1773515e5fa41e666f4d8b25772175390a96d9ab635a5a44a0441a78c6382b3779720c9290280fe1f08

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity~RFe610270.TMP

MD5 759f4c8765f3672457558bbbbab9877e
SHA1 80ffbeda84238f3027feb6856d0c1097d4fca7c9
SHA256 74026321245b3709dbc673be80d79214d848181a7c1cd038e2ecaa2d2f43ff34
SHA512 f961e6f9c6c4e8a10a6abd2967da500d6c3edcf61b34f8692acbad825eabb3809c35803e40c11ebb67560cfae0ea290537f76c6485554f06bfcf93dfb85d446c

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 e335a3a8290baddf44a415bbee9faf4b
SHA1 d47d53e8f16c2769b019f5b453f1238c9c34382c
SHA256 360d433b7a1b7485b92daeb1d736f94473e371e64e72016421e78c2c63a066b1
SHA512 babec70d351b8e833408f7e0c940921d45aed20c70eaab177c9751f57ded23f0a273bcc9f48748c04a20b9ff0e1a039ad62a192969f62a6b21fac7281a80e97f

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1475112657\manifest.json

MD5 b6911958067e8d96526537faed1bb9ef
SHA1 a47b5be4fe5bc13948f891d8f92917e3a11ebb6e
SHA256 341b28d49c6b736574539180dd6de17c20831995fe29e7bc986449fbc5caa648
SHA512 62802f6f6481acb8b99a21631365c50a58eaf8ffdf7d9287d492a7b815c837d6a6377342e24350805fb8a01b7e67816c333ec98dcd16854894aeb7271ea39062

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1475112657\crl-set

MD5 d246e8dc614619ad838c649e09969503
SHA1 70b7cf937136e17d8cf325b7212f58cba5975b53
SHA256 9dd9fba7c78050b841643e8d12e58ba9cca9084c98039f1ebff13245655652e1
SHA512 736933316ee05520e7839db46da466ef94e5624ba61b414452b818b47d18dcd80d3404b750269da04912dde8f23118f6dfc9752c7bdf1afc5e07016d9c055fdb

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 10a214210781f957e4aadd3e4c125809
SHA1 0fcebbc5273efa37d031bf318ef52bf6d98fc114
SHA256 d68578a4600d21501f7ae84bd4f1c503f1f7b2fd4cb8a3b29a99c665c29451e5
SHA512 d661d80778f19cd8e8a509b48a96d0348c875f95cce909da73ddf6eb7aa2179e51591d886d385b4ee410aa01b8e6f62f3ef1b678fd6b5e1da30b4b92b2d438a2

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 b0e3088db80ab2ed8b10bff7845d24f5
SHA1 4a9be20fd41bd007f2a7cad1570e4da2ce0fba50
SHA256 a1ccacb85ed3da406b7146897e38721588894486a8d3d7a843ee0e27c8b76c50
SHA512 e724caf074823a1ec9646acd9d7509a49ef0c98ec2edc21cbe184d88d0542b7d25436f4562777867ba0f1bb221014aa2dcc5641a486bfdbb3cfead9af9c88ee4

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State~RFe616b6b.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 b1338800f7f6f6105200e222c548078d
SHA1 4221e61031b118029062bffa23e0a8343ffba334
SHA256 2d8e7ce774ef236b9ce4655e2155188e0d5a4e8ebae7fbc67160627927d5f11b
SHA512 2cdbfc45b810f4263bdf3699c7e848bb665ec55e7c93c1cd4ce13a274f5c244ef9cbf3bfb21a17fc82d864ba9abe7698d687b04f6b57e740b677ab3d3edafa6c

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_583101115\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_583101115\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_583101115\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_583101115\manifest.json

MD5 273755bb7d5cc315c91f47cab6d88db9
SHA1 c933c95cc07b91294c65016d76b5fa0fa25b323b
SHA256 0e22719a850c49b3fba3f23f69c8ff785ce3dee233030ed1ad6e6563c75a9902
SHA512 0e375846a5b10cc29b7846b20a5a9193ea55ff802f668336519ff275fb3d179d8d6654fe1d410764992b85a309a3e001cede2f4acdec697957eb71bdeb234bd8

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 14b11391bd4e1df77b9470710acc99ab
SHA1 299a30ac1deee6e640f4a77904fb5ff055543344
SHA256 06e6260944ba9ac3b59c16faabe1ae5548b80b78956711f69ac389c0e318a3eb
SHA512 78101b60181f18554b37819d39c37b84cdf7346d7b2e8da377bcbb61e0b8d2e67d802c8433f507855038a55aedbb14b6d99c82354e17897d7ff65f27889fb107

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_2081726265\manifest.json

MD5 55cf847309615667a4165f3796268958
SHA1 097d7d123cb0658c6de187e42c653ad7d5bbf527
SHA256 54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877
SHA512 53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1546456367\manifest.json

MD5 58d3ca1189df439d0538a75912496bcf
SHA1 99af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256 a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512 afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

MD5 6bbb18bb210b0af189f5d76a65f7ad80
SHA1 87b804075e78af64293611a637504273fadfe718
SHA256 01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512 4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 edb93d4139a6a67ff2f24d2d754f341e
SHA1 97cf572488944d7de9aed372a6f51620b0ae7f4e
SHA256 a9fae72f8a8ca73b821bb0ac7a4a7847fd62cb991cbe609db374bd80334d059d
SHA512 41b77ac7bcab6447bb7d5b656546127324d1529f56459550ea148e12820756e7e05c8c764ecbd82ce9ff510d23ad7e826f31babaafa653e6533875b1adb088bf

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1479659603\manifest.json

MD5 0885280b67481f21a4b786c84b15119c
SHA1 3d945bff68725bf178792f33b967237ae56b8bf7
SHA256 92e9ea5d08b9d0c77d3b296af6f47bdff891ce9a6261bcc5b96fb860888a2d2d
SHA512 cf1f179d02142f5bdc7fc271a7f1f76fdc55a8a9e4f457018c953d34dd3ada207c744e75ea21d28f89f9592bc975d6b839b018e9e5435466c31cc5f2eda08444

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\TrustTokenKeyCommitments\2024.8.12.1\keys.json

MD5 639f90345a2e5cc648f0bbb8b4de295b
SHA1 112e59edebfe70c9ff7a1a8d9b761ba0ef77f21b
SHA256 c53d2bd85ccaec7969ef5d0c1ce17b67b528814e27c65e5de2a0149c93861ce1
SHA512 5b21a35d5e0b9d3a8e209e5574e8743d37e3a880f85eed25266d4131b60f25aeb01310eecfb5d5d276ae5feb698a8aace6926f6670194c1dab7216bf7d9a90e9

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_1208949932\manifest.json

MD5 1b8cb66d14eda680a0916ab039676df7
SHA1 128affd74315d1efd26563efbfbaca2ac1c18143
SHA256 348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c
SHA512 ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\Filtering Rules

MD5 a97ea939d1b6d363d1a41c4ab55b9ecb
SHA1 3669e6477eddf2521e874269769b69b042620332
SHA256 97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f
SHA512 399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 2d8c1268f6c118cc0731f208d1083662
SHA1 cdf67b401c8cb157b52f8de0efac013a3bdd5e66
SHA256 abd79d9b8e797f164838a95f88ce6e5c59c5369e259cefd5f25aa44c0613fe53
SHA512 6d220e7af3ed382da651ab7c4d4799121e824400b41cd52b4e5573c501e1eded4d234a9b3d9433e5012efc8cd6738559e2b530f6d9cbed46504654e58c8affe0

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 142e7baf403f7002db7655ec6d2de61e
SHA1 f41a1245a617ed0a4613c324cdfcbdcd6cd73cc9
SHA256 257252f2a82b2cafe549ab84c4093580911990f16679b55da3fc9a8780adf8b6
SHA512 9011b58feab16303a093660dd94d668c4c40bc77e2899da816c62a211219d06e557f5ab03eefb9405e2cdd786ef2adb2d8906d14702af44bc8971335ae32e08b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 2395ae2c10e54aa34cfb280021a50287
SHA1 3e1cc23ef9cd1274d9a3094125b976c9812ad469
SHA256 4f2bbafe0376620c516e4a891a02cbfc50445817d7becea2f1de531c26fb582e
SHA512 43c69261f57d8278ab614595bbd39c957c80080a529701fbc1a60d84a0798dd594d56f81b270f3cde42e506c92ead82105b8d8ed474c11de4c530a3d3fbf33dc

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 8019e22766f84533eb767a429f54236f
SHA1 374222fa6acf10957c3e3bfd2f1065b424189721
SHA256 1ac37af4a9aea91b87e5f2a2e394fa55a913d42dd337205f6612827aab9e7dc0
SHA512 f48e3b2ff5e403894fe3cf49938d6c41904a3fa531f77965c46c4bb7ac000a42470c5ab4b43b8dfcbfaf419b4a8f9fbd00c6e9de1c2a12d68d8432f7b887d12c

C:\Program Files\chrome_Unpacker_BeginUnzipping4136_281870395\manifest.json

MD5 8062e1b9705b274fd46fcd2dd53efc81
SHA1 61912082d21780e22403555a43408c9a6cafc59a
SHA256 2f0e67d8b541936adc77ac9766c15a98e9b5de67477905b38624765e447fcd35
SHA512 98609cf9b126c7c2ad29a6ec92f617659d35251d5f6e226fff78fd9f660f7984e4c188e890495ab05ae6cf3fbe9bf712c81d814fbd94d9f62cf4ff13bbd9521a

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\PKIMetadata\13.0.0.0\crs.pb

MD5 981a9155cad975103b6a26acef33a866
SHA1 1965290a94d172c4def1ac7199736c26dccca33e
SHA256 971393390616fbe53c63865274a40a0b4a8e731c529664275bdc764f09a28e2d
SHA512 2d75ce25cb3a78f69f90fbd23f6e5c9f1a6ed92025f83ce0ab3e0320b64130d586fc2cd960f763e1ab2c82d35ef9650ebd7ff2a42a928a293e0e7428cc669119

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\PKIMetadata\13.0.0.0\kp_pinslist.pb

MD5 d43d041e531dc757a69a90cb657ef437
SHA1 09138b427565bc276cfd3ba9f59b0c8bad78e91d
SHA256 9431360a5534ad2f8eddde157cce39704b99da035fcb6d2cca11220700b11ccb
SHA512 476a98122059b9cc19492b7ae557c61381842c8c347f85c686e0a493bfd0e8707ce3491b690e7978b3fb7d7d2a4daa2767e4a590398a50562519bf32e8d12ec6

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\PKIMetadata\13.0.0.0\ct_config.pb

MD5 df3d937079b894c891f9b0b741874928
SHA1 ed93fc386807b3a28fcc7988a88ae4741bfe1b15
SHA256 c7cbb0db6e924cbfccf4a6e8223e3fed4d93f5d78a3122c30213b6e38ee195f4
SHA512 5728bdd930283a4906e7e07acd3eadecb813a3154ffb41729738444bf13aab27dceb01e05a27c77bb13cc498c1d5c2d492ac653ddbfe4b14004b1c7a5bc54f1b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 69b693bee3235f52dd23e52d05c803f5
SHA1 b7b556e54f842c072102149ff3339b446c4b38ab
SHA256 88fa13f58d9a007c3b4474312ab68cf46cb997a13af4341cc3e1077e6847b965
SHA512 007058b02c52c1206a76ee72934db216261fe347cef3df8ddb51be2dd06cbf1dc7ebe17ef5847f75f40fbc479c8b2426511c1382de64122bec5886d2c6e2eb2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bf946c00-e870-4368-9b29-204e7913f156.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 f27cc70a31e40e21b2209080fe558cf9
SHA1 c7c883ac4c18ef25c1be3f0541554ae0122652f9
SHA256 a4ab4b3e30fc1003424c9a276e881fe25c0293560a25247f4a77dc53331ad548
SHA512 8cb87303199bffb52d6d0cef7996f2b039ac871db428892602b3afe3919f069221824d0ddf6534e445f1167445511b4490d738f1ac99ad03d03f9eceb69605aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e8ae4a880419e9a49f210c52f60f6bba
SHA1 c53fe6c5cfd08243a1ddeb8eddf210fc6061b441
SHA256 1ea95d1ad0583933e55bd0af1cedafa334c1170c055c6bc63b1eedb742a5ebba
SHA512 a16217464e882732de1e3213a18840e7304c788eb148363d18b6eea8c935a44b705d47ad1661eb0f4a7c0a6d2027d356ef592b5a933c1fb736c4da81179e1a4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75783db271ce4e7ae3c26a8dc70e8fb9
SHA1 ed2ea03d0035165d8ce872b23cd2f086044e62d2
SHA256 9139cf0150f789d60fbf0eec59185fc7351cb73bcf9baeb005fc9ed684785a91
SHA512 ea5ab48d79abafa8fd656c292bfca053adfc66efe21468e2b0363a40847a4b66a1ce7ccf1e5f9e177939fa476b55e83e4a9d41c2c480cc7287a3b13fea3b88e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce01cc8d3968669f966901080d629eb6
SHA1 f080cace696793d85a8ef54a7ac0db8858d2fc1f
SHA256 69892eeaa617aad7240f68838d87b3ead951b7b7965d5c70a96d0ce4a204c41f
SHA512 a783cf5711626a3b929e677b84f5800382bf1eb21bd39fba41edf8e9a4e8c92c6f532dc882d34776c99b3303131ad27631cbe8e53e922b1770d91559d2aa9705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8ac19a8f7f466e7e439326b3e7722f4d
SHA1 a328aef8dfbf939d6c97a4ba8087c701ba34c0ba
SHA256 613297784eade3e421d9881a0ecd37bcbdaaa10cade99a28a467b30ee29cd488
SHA512 eab6f5af1b49224e26c7b141e5100171671480ad320cd581e316582a700e91f6378bd12200dcf104865b0641309151025e5f3c2462d42239057737b595374b7f

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 4ed64e04d101e5840429eb3dc051b5c1
SHA1 81abc5b8eb8b07fbfa2858fb57883bd55f417802
SHA256 fa004171a62740c73d71bf3dd1300460fda36e2677624cfbf595ad26664eec6f
SHA512 2c2861e5fa42ae6f0fa7f415852f45d2abc541b8e1986a0b9d736a6ed1aaf9941053cefa391efabc24d00e87d3fdb466e3954a8e783c368e895dc6b3fdce9e13

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 32c948238e7d94c424e3b56e55d19a6f
SHA1 5024630ea7322328e592c7c63867ed1aee26de7e
SHA256 c9995334217d952427b898a9038c62d820034acfd5db3dc6ccafc8598fc162ce
SHA512 0a1e7f96db458fd1699bd77f931d5a7be7a3efa20847778573bf86d41caee5ef571907bde2f78dad63f6d935626e0302c2d06cdce24ed27eea14cd1ebb0df4d3

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 aca3541526b39fff74dd99372e7110b8
SHA1 85c5435856db7af8e10c339ab7ea2e06c5f1f6e0
SHA256 f4edbdac489df16b11022ea91f7568bab2a013db0285c52f13cf70e75be9f9b2
SHA512 5f7271fdbe75585dd232a288586f66730b4ed4ae82a8882bb3f15aa84c898268c2ab1991dea6cf09d0efff8e7046f3faeb35d8b7c0f3280a47e228a99def9022

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 d6ea361a4e32c830781888360f419975
SHA1 a147b6f820a71f76b172e4564634da855a172914
SHA256 b3a753b1557f03f695c3d1e3be18214e839cfe5fca00079d1e8f0fb8332fb128
SHA512 089aa90086939558e3cd93074924700d60b0338e2590809182a6fc1e4ef50afe64efbe210192e37f0021aabf211302fd2dbeba790a77b4dd3c6c66f00c2be5b5

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\DawnGraphiteCache\index

MD5 10206fdb7394f4823700ad40d2a18d7b
SHA1 5dfe0e0217bb088e48d09655ad809c6c454af030
SHA256 984c0ba66c0ab0831139d739217303ef81391053f1526044122bd6edd84496b6
SHA512 1a10b9c43fae74696edbd331836c073c2470473276206c5c9aa65a14f2b4f2d7130d62702eeab1b195c56f96cfff3cd49a375f809ba4926d88c449865aea2619

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 84770ab58cebb09e361e0d259c1f61aa
SHA1 f4dba257a4dbe3fe030b18ca4d3f0d5adf5f1919
SHA256 971af7e18174553c7f0d2f92b7ceb5722ba6fa2c67cd96140f1c339f4c29d61e
SHA512 120e1d50b2711c2776654d68b9d2ddb53af8089f475c9f540e3005cc90f4104732c05e5e1f875e67234619e05f162d91a42a38b4487f5b3909d783efcc5bebb1

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 ecd2524415b6e603a91def92835eaa79
SHA1 3b01f6b24283102b7c549fdaf08138aa52662b01
SHA256 da157b03c64ee0f28bd5bf3a4e97550affe0286462d866379f4dbf4461765dc3
SHA512 3586938a62aef54dc92c447e16127c7062152b78f901b8eacde69379465c4e2ddcb5bcd7433ede7b64689b0a55b60b8e6c40550f0b52ae69abfdf65fb59294b6

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Crashpad\settings.dat

MD5 a67b98d64391c6ec31ece975a09d85ec
SHA1 7480e8f7dbf7e523886d429f69cc6633e1f4977c
SHA256 5119bd18963936b9f7897a992bf5bd401f4199eb66f2e4534beb51daf37596b7
SHA512 24fb49e923e9050580ddc77ccedafecff4efaca8c982defa7d49f8f1ae01981815e4bfe3f906f908422dc2975094a158a4026233bb74eb5786833710c78c60ec

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Crashpad\settings.dat

MD5 ac022971ab100ae8e0f3146fe35e6a4c
SHA1 6fe3cf09b8c77638f47876aa69e299448b1e70c3
SHA256 88b4a626fd51f71f3b736b9be18b84afbd2c7b27152dc02c1359c5e650e88055
SHA512 a40529217e7853daad1435d4f6f264363351486de6c47691f028d06b08ab804b285512e98b0a06e2cfd99277ddf7eb39a063b719903f6f67e80d75495f4a1000

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 d98d96d7b34a376a231d4c2bb81dc365
SHA1 61553ebb5e61e08b9c3a34d05212463e5cdea44f
SHA256 173f8c354dddaf1af09b18d1199703616c004277cfa8f7d73cdf3599f739ab96
SHA512 579929c3e9f0f8906aefc23faab0ac7702322ecff62d0f5832e7179c48bdf10c7bf4ed37868dc8a9d94f793ec96bab069bb0e5d2fef9f69b66a2ea962382b4e9

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 53b969333fd5263a6395d2f2b3f37bac
SHA1 30c3b9f9fde26738afab80e8518d3d80673e3be4
SHA256 6eff1177e7ba7db4219f5a2391b43ac871d67e7cc3516163e231364b6c5d42dd
SHA512 3d1941a6f484f079d9ba0cca3ff2e1ac5d06ebdb7e1e53e4ba78021d79389f63403f609457a1fd3aaca824534c7bea4f80482f4ba1ef8dba0b82743b0cf945df

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\bd968206-718b-4064-a849-b843ac4baa0c.tmp

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 bb6db8894897c3d3eb897ee15f7bac19
SHA1 9fb74255f754931f3ba872c942d1dd349e639c49
SHA256 829301427e42aefe93f96b4d3e21e6f9960e45dc764e05544126865aa1256938
SHA512 85d3f9cf7e7643b27f877a361a28eb7fe65bd145fd0c985461fe6282ecc875e83b793cb5686e7090123d19feb516b4233c86a0e1ec1c2aa48bc52e9dbc88492b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 f38d4afefb5629d5bff3cebf5c13ad77
SHA1 15c117dd51b6513c2e845b81625efb4af5ef47ca
SHA256 e2a843c334da81131dd0f9ea70b53e9293e2f2e78e19c3dce84a8e742bb0b3f7
SHA512 087669bb0defa9031528f1d8fbe646ed28b1034f0a2f22998eb90c3bffe5dd488a6350f3fdc4d5385e8390c029c95e472167423dc52c1b9f84e3579127dc8c5a

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 a35eca3eba455226f7e4c48407d8989a
SHA1 b229c1924f14ae6fd97d8b1e83e7779c7e6617d9
SHA256 8721c49d34d71e4455fb34645482bb8231b833dd42fb10ea2103895ab5df3801
SHA512 6284c8331bdf519703873b4815a6a35fe8845ebbec3437b78fbd627c311e8dad7eaa13cddee9410fb38d0033173fd1f4af289a5ad49c56162524d4c22bc9028b

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 e59bc632235a887c0a74e83f0c8296d6
SHA1 ea0895ceaa2892104b6c69f6dfb533a9f1cba3a7
SHA256 0c5fd0df1729e4b68ff90ed9227c2d5331b5c991b05d3d2d8ad973ffc2b5ac49
SHA512 5234c76e8861ac07886bb969c04edbb73f5c258779316f69f37b1a2c7d0ced04f43d2c5662c1457f77c1e9e490e38754bd6fc053a52a9993594ae33d0fabb7fc

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 3a379948ebaeac60df350dfdc6fb92f5
SHA1 4e4bc4e2aee861a382aba57b0d74c12cd3ea19f5
SHA256 7309249f308971b7fd5fbdb0ca1fb88a34b8195530ac065e8a898dc80acb5275
SHA512 d67591344cd2db704ed6f6a0a6bce56d24eb99e6087e025053453b067f5d472b0920719b5be650eafc6217c5ae50eaca7ab6237bb42dffc2decd158accaf21a8

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 6f59e8485ff7108852a92384206242f4
SHA1 84da09a6ee09bc7014ec9c2f098036d9713b45ba
SHA256 9df9f66c79da57ccb04209ff4b38dd69cfd1a6fbf6105dfb618772bd10f81b01
SHA512 dbb74a5c858d0d240e27365731cfeb67749314597a6716e149e4f49e882f7389d8596622449739029ce46793be8be3ec0255845b3f6a7f69e06ea64f96b58b79

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 1baa0d857e8e122c6b9e5059cc22c828
SHA1 3ecc6e99f02afbcdeac2dd150e39f91c4dd51f44
SHA256 ed935c07e2331a3f829f216693678fae990c966d0ba70bc39206ccdb6dae51e7
SHA512 e28deb198d2ba60b1cb52d7b6de1fedb5e6e96eda17c114ae18340edf0a104f078612feb967eef3e2450007b57b20d04db3527b5014bc8ef767f48748d486a37

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 a64eb8782d15efb97856798b45e740bd
SHA1 f9e65dd488e6a6e7f2095196961ec70e9c39f15d
SHA256 c7f861a2461dfa5dc0eb2df8e292081291572d67387ba538742c163ef1328f08
SHA512 fa8e54f2fc74a659f449c75d43b3dd366e693932d3b814e31a47ed57ce44144270f8e1360ca439940e6d16b82bb164ea6ac9bab7966747068f554e6c64efb286

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 b6bca6f9145225fdf2ab7090970d26c2
SHA1 3b3d7d6acede0d971dcb03d4bab9cfe4ea35c095
SHA256 870c4dbe05168dae66a4432e7c77fdf2a7a60422b8a47b6c6a9a6b4bd1b6a5d8
SHA512 eadbaa4b0cd061d7c7831d79673337d0335c51895069840dfa33f5ffabb572d899990348a4137aeddde0ab6c55281e76397e8eb3146a674208c17c7dba212cd1

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 e5ff180fc7414a120fddaa2125f236ca
SHA1 ffdca6c2b05da42851d8591aec6014b156a4c95a
SHA256 74d26741eefbc407ebb7647c094ed1362793d897846f31e1ede7cec46fb88fd5
SHA512 eb96d863d1e28a0332b45ad94ff4d437642048587b30d6f9414e651ad7791004c90f944258ce877ad219a54f04ca16bbf04eea158f91665577cb64045a407c16

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 aad3cfc7397ba4a3eb5a771f4f3b6f79
SHA1 e105fbd701901ea15fc1194d756bfb8d2153e430
SHA256 90491654cc62bfd9dd442835ddda15aa7b8f14d40da6f0e8121a789780378b03
SHA512 3a12d4d430beed6fe893e26895f9764d764937242e53c94602c946d9f0ceff7c7861df3e8e285655d38661b9acd99f1926b632b91e6591f0fb71eb03b2d12f89

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Local State

MD5 953a01743f6e454fd67a6bdf1bba5923
SHA1 38a23f62f8f809ed7f079cd3a152993c954db823
SHA256 df4345e14ef51116e810a5536edc306f2cbe6b6e7f64550bf51e0375c5259fff
SHA512 9ce407e16c5e9339c21667133809805170d02b7493704ab2f5f319fb691f7f442bacef07a967ae9b1d4409db71e93fa21f352d2c5b8706cd53a93ceefd0068d6

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Preferences

MD5 f3a25223affca6caa6496362c86cdd1c
SHA1 18cb6ee265aed401a99f08813b94adf74b65b7d4
SHA256 840453149f6a3890d7ff6cc342aed605831a05ed216a95d2832d6c49b8bdbd38
SHA512 bce6821b78fb7189b35089c9e771713e97c0b5b60670ba750978551b46bdb6df8847d62bd8ebd2e31ba85b0870c235385e56244f97c8c5298d9cd010c4089de3

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 e8329c6fa2f283619e9cce7fe48b9169
SHA1 d6a21044757039e100d980fb54c44db36fa0c347
SHA256 0740d6ebee959c3a665ed17e48ff39b4cea1b33aac67d6ebd9bcb7c843f1f01f
SHA512 0627e14cbfcd99b57a254aa09652af6d15e3c05b05786f6eb93d2eabb8cbfad1c6606f492f1b7c67ee8a3657fd58c6583c2b998eadfd053ee374af154000d246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

MD5 a548df864bf29724857dcc037fd3f020
SHA1 762aa07ec27dc21b0103467330d62fd1c314890f
SHA256 ddf97a8984de6d3f66c53279eea67560558c6e4c0da043aaff4cc27964b0cc55
SHA512 fa1cfe6a9fd358f379770c89ea1bf9411f7704383edbdcf9712a4a085e9834937a679de14bb6948b42daa596241a48864d01b11e8bdbb2585a7567a6c49cca90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 1f7e0e65d8cec192703ba69fda146b48
SHA1 be91e1478c4114d7b29ec167b6f3119504f447ae
SHA256 74a9d37a5a1764a83de101c40df9a8827c274b0f003f711a04854986b547eeac
SHA512 386b1d70679548d6dd04c3fbd011e6c095311996917749bd5d13ca2c7f4ea90c65997750b98d5ddf990d88d493a14e53410d3f6808c1e113f9a86915aea85da9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aafdbfa7e012ccccd5af77b47c192331
SHA1 6416bbf078d33de2dac648832963a8329a1adc2c
SHA256 0d75ad1fbcdb38c2bbcd359d2c277e974b9497987c223551f8955e1125b2dc98
SHA512 7a920d43e205e962c888ca9ec5e044b1f16cc13a32890557b3133d3e94749c8f9e2d530c39262c2f15666ffa0bcefe7678945fccc6d29bd72e8d5ad9c9a6c69f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 e6fe7cac3ae500291d099b686e74a0b5
SHA1 0ce313cbe0cd3b95e8970f2cc4ee088e0f0878c9
SHA256 5ae9b74fa3408c990133751e44f0b322f2ed555e266e5c13a23d10033a914d57
SHA512 9a540cb06a95ac5c187318ae87ab7c1f2d1977118d07a4e024b3e5dc6c88800fda85b003e7accbb3f2ea5676c06d456ef79538bf50eb8afa2d8c32540f1b743e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a80ea8d28c5a4e7427457de62d1f7b62
SHA1 609872603e2859e41e7978aaea93b9e7fe39956d
SHA256 d262b53ee6357b404e2e9d77828c645ca5adb7e4e10f4dfa97958fa44e598ad9
SHA512 8f9fb9b448aae83f748333ce3faaefd1c9cecaa86339ae3042cfa1135e1b3fda736ce043598ef86710d243a8538e7af6d307140088a9f6e017c034d0f61762aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 b0ef887488dbcc7887cc639271a2de3c
SHA1 0154f08a87b1737011bd63a3a38f86adb50c0a97
SHA256 1e24c0a0caed75a581f1b3d0a69a17d4003e1c60c57962e9da7588c463728c7c
SHA512 1e6341c406c7799a0f0e98e667b2f993f84018dd15b505bbd0493cafff19a3adab52511ddf4c7e8df4515564b9f1fc461dea0a328b4feadfd789a3520db46f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5be7ef74a7043e2063bef0d7fa83f94e
SHA1 2409eba2cdd02204ac73cdf52cf18f9b6ab90daf
SHA256 aad510131d4eab213e770384bf8eec2723ecc03a692a3b62909687c34b6a0fe2
SHA512 7cda210797cec1f92e13fd6cea208227ebb03f822a97d3e9fd5629537effbcfb0a136eec6f32902ab6cfdb76d2087101ddb9cca9961831d915354e8a4c04ef95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 a34060cf7b84f64ce191d86b49f58127
SHA1 30386537bb3133dc5847f6e6f755060936df5848
SHA256 aa16d9a317eddb2dec0b3d30eb6bd1e07c44203acd6b2db89d07e11f2e0e679f
SHA512 8f298d5f02165cbc9f23649e86b12a1ade6656545b2accfa52edf54d92b67cf1256b7987609ea533726109bd365140c10acc8c048459d85ff74b2990c287a3b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 db10ebf637fb508a4e02212f3adabd9f
SHA1 22a965d265efae98b9d68681c1c0a64c5d4f9b3f
SHA256 79f2de075048ceed42e041cbdfe4b349a612b47aac53efc375314fa803841aec
SHA512 8e62f5662d19b4b363a711734a6e23e5069b0e4d7346e7edaed2773237d1c289447e5f94b1d4da01029beca8488d58dbb4d8963a5784a9238fbffb84545e7fa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

MD5 de9ef0c5bcc012a3a1131988dee272d8
SHA1 fa9ccbdc969ac9e1474fce773234b28d50951cd8
SHA256 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590
SHA512 cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1fd11eae6d2b9e807b987dab61e99fb6
SHA1 da2657b44fbb2450a978b0345850470a1b2e0604
SHA256 16a53a2935447a8acb7a0f0e4eee2b17474f26694150cc6aa9adcb751ca9d9c2
SHA512 daa6f9495559d30dca51704706e5f4a76de3415be4d2e9c51dd344c56641037d0dbb36cb36e8972255836721071f8cffca04a7a3ba8e0c65227e2ae093027976

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9e0df5363775bb99edbda2307b5fe2fd
SHA1 6b2f2839d9e9187bb7c0a1683836acf697c281ac
SHA256 1c3148195da9e585ee3118e54d0121b8dadbdd0bf55012cd9d3a947cd808ea2b
SHA512 6411830baf97f538c0c4666bfb01cd7177ea2e6f9ef9dd179cba6ec9e73ee82a6b3f239e05a8c7307d4f4d78ea141906b875eaf566ac8ff7a715b97117a155c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b09eb77bc021086de1ca2f409ee9fc6
SHA1 0fa552268ec2360e049d12da73a12798ebbc389c
SHA256 3e3e6703b5a1108a533e396d3eba7df15ad5d8a7d1b8ed2198fe57efc56719be
SHA512 8df7aa770c26c1fce938a36582e5183daa562b3bcf8ea60cbc4bceed8811c1e9c07d99819bacc395a23c47b229f5d190ef25310b09834299c7a7910c4f449ea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b512e999c249f804eab271dc8e201854
SHA1 975b22a10fd766fad7963bd81c081f809084a2e4
SHA256 27359a1834d2399aeff24a12fb885711e7e4059fdc61cd9cbf0b1cc4906c6739
SHA512 c6ac45e5b0105ff19a6d53d997a7a942764aa34fd9c8facc2f5a53a6fce269334a98c563eae3fa61ce6933bdc0904fdd4782171f375e76a40325a695763d5da3

C:\Users\Admin\Downloads\Unconfirmed 558883.crdownload

MD5 6e1e7280baeb6c2e46fc02c9a42e503f
SHA1 bf2ae7eea9e97cd4ad7c80d5b8e2ed9eaae514ec
SHA256 5075cb21672238e103ae3b7c584e9fbad8de49fc93030795afa2e86c37ae9189
SHA512 55accda3a3fb3fda3894e5c132debcb43c75b824a58dcc043f3925a42c724f3c079830bda9e1588c74411da22ef3180c0f74e6a9dee9003eb2fa8d8d92619f15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7d83dddfde80147a0e67dd45be5f9d11
SHA1 340d4697858b6e4d1ff3c840aaf09fd980dd6530
SHA256 36b40ff933f496fafdebe1928a30fb757475298bcd57c8d8b2b7136bc3f99c4a
SHA512 447efffc3dc05b0952bc539ad5969b9212f575a7d6c49293c08463eb3d49211dc498def226782437288855a23bdf13f92b384ef04ec831cf526329a4813fcd87

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 d4927578fc92dc543365aa4e43b202ba
SHA1 5e1aeb950ac6ac3f071fa02f90a4fbc0c8e5304c
SHA256 4ac029c04a6e82f4c588237f57a798b4285c818bdbb4250c20f11a5b95d4ecd1
SHA512 4c6cbf4bfb4279edc6d6bd816ca4d1d4dbc8b7f06d875493ffeea3a8782568f49911db28aae743a41962bbe4fe34afc531e119be58888a2acf0623e99df38e95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ce88b9249e4f0bc6d5be19bf16d388c7
SHA1 925bed67afa7cf4f2ef81cc7d6ee8af5f647d36f
SHA256 df5b3a9cea13a2fd7e997dd49c3cf020a31a5ea1eb1d2ebb155debba383afaad
SHA512 bdccabe80bd1b050df829a05bc132fc8983ae82a17d3a9f259d23b824530933d0ac7ca36cdf78d1cd0e9dfca119b99a58abfa428dfe1f9e7c6633faaa48c19c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000006.log

MD5 a3afc42d97f51e3d1a50fcbf89d1f1c4
SHA1 fee493cb0f5637abc8e62edf87b698f6746f5162
SHA256 61730e537ccdfd7ef0a57f475b41d37377de055c3d6fd70024a2868aa85a2c96
SHA512 a5bdbbe806431c4ec3d43155d0c5f5139fc2c6f8c7c303e5db5d598b62d3fb747238a047dc0aee920f1b1fdce24be4b34fa842e19d4977e31a0b64a0257d9a31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7c974c4c374797d37ae7c56a7cab4bab
SHA1 8fb639d824986ef95253bf53607e0beae2d0078e
SHA256 5665514a24879028403747f4cc95b5ed9bc08e4688fe1ce6e143bbae52bbf6a8
SHA512 e1aa440ac612757dd939c8f0685a847783dc74d844138120ae077843f6872d3ccf24d2d0a5426f53d7fef747e98a29fee52db3670be0f2dcfc94362923d8655f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 c2f0f5f819d74f0cf38dd7aac85856c6
SHA1 34df3ab897cbb8fe258f3dfab65b47153a305598
SHA256 032a3de6f6b31c83d92f8dc476b0c42b43347942694b36a177be6490e50cb667
SHA512 0d61ceabd70738fc160942efd12d199ec2b5bc064422a3ecce7a23695d8c668772e5ddf5595dd0bd24adf21eabfafbfba8ebb84edbc2066ebad23abc483afe97

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 a676b5c5978c3de40b7b002b86da0eef
SHA1 123ee5d02d97fc741f7fff71862f3425cb15a6b2
SHA256 9c334ef7760d2406025b1395fa597fbd188572202794407ec8c2bfc34d0d20ae
SHA512 8753aa563b3dece8af1f1a2ed02d2da535f467bbc2599ed94ff016cac7ee3b645017e242aaf389b4ae2b002d617234b50acc49f3ca43fb41e84955b2810608f3

C:\Program Files\Google\Chrome\Application\127.0.6533.100\Installer\setup.exe

MD5 b499c472671954ea2e05ebb0bf36a9e1
SHA1 56ab7b8252650c96bc32a78a7501d865a95f49bc
SHA256 f575182c29331b37a74a3bce16d11c4a2c9d53794117ea75d09de45f88a22deb
SHA512 d2120bd35ebdc5109d4709d65601527a6eb1f69baf1ae9aaae5d96e708b91944df5cde18d3b5c65d24a0502718ba1a552f18d7a7a2b1af484f1288d4bdd1c504

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\Network Persistent State

MD5 5375c7322bfaffd01f574169f27dc595
SHA1 ac57dc7f99392957632e14d0de3f15c0b30bcf75
SHA256 bf00e882790e96a710835a28d839b3e3fc1757444f966035a06e4f8217293eac
SHA512 097b91e456dd57007410d50f46c9b0cffb43fdf5c60f47f164a4367ffefac0030fec957f2547b73b42f3051ebaf826b9a9cf1f0be24e374dfd52d37b952abdca

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 2851a45cc180c3c32192cec9e434ee2c
SHA1 418abe6b75e342fa25bdc03fcdefa8cc47dd9685
SHA256 774628fc2f2a164804c746adbfe508877c588fb6514079c8357ec22a5fb58b7f
SHA512 bacd678e271de864525cf455609aedac8d198918da5521d01c3a2fd569cd7769f74ab82e3a3806725bcf6f09a22b912ba4259b2bdf6a9243761e1ddc22496802

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat

MD5 7b86ca421a529c4d40cbac6bac77bd16
SHA1 e303d8dca952d006034b923bea34de1c20d8d614
SHA256 3c73233165eae80995c96751907be0d5950eaf4f8da94ac5a268710650564fa8
SHA512 cc9cb18f8a3d9dbc202ce317ea99fd2391f382d28c9d61215d84dbe600ea6f5de6800726abe21779f09598b56b5916f67a31aac64279aef5b89f62746ae3c0da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d8c8512ff0090081aba67163b1bf6001
SHA1 987a83123d219c70df54ac4eed092142a9cbec35
SHA256 d67cc27a1aa84fd40a1e303b7fff04c193ed1a616cdd58f8e3e23a281aa9fd88
SHA512 4953df7a8e507cc1d50e415d7fa1cf28bfbbdee019e251429dcd9abbaa3ea5aa91061b4448eda106b38b34d837b6c69a9aa14e62ff437b96c25e724176a26428

C:\Program Files\Google\Chrome\Application\SetupMetrics\8d9a66d0-d752-448c-b44a-1a860bdb365b.tmp

MD5 d7bdecbddac6262e516e22a4d6f24f0b
SHA1 1a633ee43641fa78fbe959d13fa18654fd4a90be
SHA256 db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9
SHA512 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7e4d8253100789ea231dc8e3cc2e3b49
SHA1 0cdc3ce236d479fd7765afc5ad2613b970324733
SHA256 3ba7af6b8f1604b5c2dc4b75d2945d08f5a2e94b1ebaa592fc5afeca5c54a535
SHA512 b349eec4040c9ff4bc196b21e3290a42ddbc6a86a8498297d75122fd4b9114ad6e9c03f9a4e8cd954566051bcfaa9ca4a2af898a38496861920bca8139f0168a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c035e90c21d578b75f7aee7ffd7bee97
SHA1 59b7f8622d286488ef359fc8fceb16e7a140c614
SHA256 4c90dd564e5d8be81d203f3dabfd69c1c7b9e82f22ccdae6bf968a8c640011bc
SHA512 8e2111e979cb499b207875e102572a17eadb7d4a53ab0ecdbc4adcceeaf8dc41623c81276b02b28b5e470816d5819351c312df49aed7ebc25a91766643a9935f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6ccf7b2e6934aa1cf734ba4e6d0ba620
SHA1 17d31533e91204f0dfd244e2ba244f0c2853ceee
SHA256 b211723f7c86ba0903383b567b325946bd65e94d7c3af9e7c67a58f3b9be9e47
SHA512 29ddc1301734fc50bfd57ebcbb786e46c694e185f5c5ffaa646106636fc276b9f6f2dd166c524a5b61e1807d4131f575032ad0eb795172da07289ad0b873dcfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Temp\scoped_dir4048_235134800\44f0a751-79f8-4f14-b3b0-508b7ff8c471.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Temp\scoped_dir4048_235134800\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust Tokens

MD5 af2bd5c548388e8269392cad8af3c770
SHA1 298eb69222bf517fa1e38295e1ab3df7a41300bd
SHA256 6e37358e17f18976714b5ca8c14cf2fdfa5651e528bf1d94b93392df97757fbf
SHA512 4a62f9d0f01fb647aa6379438a89e73a649e4afedf8f0313587a6c619d814710bb0d7c3b1aa1c8ab50361a27ea236e0f0cd61277d9e177de7ebfe1589551acdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 76eba58813cfdbcd6c61a67c36bb76aa
SHA1 256f67ff0a59148a10b7075e6316f9bdd54a3a8d
SHA256 9837688d26dbec618f7bb5dd38c161909f39039f4386a194ab0a455265ed72fe
SHA512 1cd5d2011a42c3a11999e0787dbf421087441504829ab6e4e296e6c5c11baf042199b3c75a3d47e0fa646009c51cf58936ee98de7b6228c0298d1089510c6082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59bdd4d75318745b95a1d99eebfb687f
SHA1 b24a2f6db6c73027d2ef666ef187fcde28ca0887
SHA256 71cdb15f1776ce945677a00ca6d2bcf88a3f240bb44e856dcf4c9fcdbc34b5f0
SHA512 3f84b33decf7d0c058eeffbab4e18f40f163710b104e83f87d1079e588bb1477472839968af1ae892355938fc22840f9a6a27adee7d49714e6d700f580f9e0ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2625f3c53fa1f1b1812d15046d04c898
SHA1 c66d82047eba1bf7af3e2b48699eadced765c033
SHA256 65d31d6e23f7bab81915ff5cf6991bca93ebe94dc7795719872821d98f26f11c
SHA512 6623fee6fb3d8c0d1e29e25c8adb81f16770b6cc425ea8dbf7e659fdc392a08690942a2a5bc86645cb17a6f402ba4d3b7b38f42bd100ff04584a563599488b41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5790032130ac3a399cc31ecaaf8b8ae3
SHA1 0d277ad6e44e3ef6f38ebe5925cf9efbbb28d2f8
SHA256 4449245efcade75c3cece2174ad73787c569cd467f1a377f5a9eeed9d8b0a3d8
SHA512 1ef325cf55fe0f1d66a935a7c3b1a0adbb9cba3dcd137788d0f9f89c42778080e65a3f9832ea4556dc22a41e70208bb50e7f4fa5d03601dfa06a83d0feb592bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\index

MD5 151104f92cb9c8bef57bf6a089407b18
SHA1 497a583336d58bffc13efafaea02ea181b34a02f
SHA256 66fde88cb81dbb474447dabc02eacf7585d3e51cecf642813aab0731c5fa03ed
SHA512 536dc94908f09bfa4d1ba5206bcf87821610c768ffb6839d50c0735831ed4a45a2f0d40e00128a86c7d2c477ef710e1910d9c32bcd6b441fbe46e54bdfb03504

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 67c21f1ae599d415c1152f92f430d274
SHA1 d00a32f4e416fa8c68c4deff0dae7f3090e9ac66
SHA256 681ea095a7419bfe52cae88dc4be65ddbe4cc0afd5647d0deda71c37a4789c86
SHA512 8591eba186d066ad84354207ec93daaa082bd2dd15b3f3342456559c0e0ff3307a9c27c8aaf99ba386c40bcbd4999eb8fb478b4ae3b19fb3afaef6950b75eaec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af6468c6cd7636022ad46b2ebeeb4305
SHA1 d4185ff52f3765685f3084b20c92e53df80a2234
SHA256 effa9ac06ac07d702bba7c833c14da19a0b7c6c2275c51b0337c07ad72d2bd93
SHA512 59025fe26d45993a3ad2cb8853f5572e261d9dcc1ac17ea447f9c61a630867ef534dcdac9d1b50cc7b3347f024a19bd64d6ef9a38b38fada90a6af58ccbabc1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

MD5 506d8058f6fa01613cd73e40d2003475
SHA1 0b87ea8aa10ae070252e277940ad01b606ef059f
SHA256 8c78e1e6c67e2dc732ba4bc48c1d4dbb8f98fbaa83c394e6699140000dc8fbb4
SHA512 4ba9f622b4be28695dbf94670290d320bcce5d51534ba1277bd740952f7a3c5eb6aa59ca5b6e934ddac01ca0cfe45b4769a5c8a5823fe96ac3cfd5a93ea5f106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

MD5 772887a6772396deb0e454fed35dc589
SHA1 9a9d372c2ae39821004b5df2b302915c3e44cb42
SHA256 b3adaf7ed8316fafbf4943cd0cbe3558a544fd2cbd6a0ead5828f48c615b3a4f
SHA512 7a73cb3f1a61b275733197387b2fd5fea28b729a0d56b95f92baeb80981ea5bd5e7c8e89bf3dbe876cedaf689542d16d4e6aa057589ca1ccf5690512e0bf02a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51008c2f76973aa010992990b514811d
SHA1 90384b1fff1c466474c87c3eb87b60d70d6bc687
SHA256 2df0f7d6c4e9c8dedee395abe981a5edccc215a4ba39eb970c54afeae7a84695
SHA512 28882b69b414df47970fce0c0e1b4eabbdc9517a188808b29b3f0e716c32f846181a810bbd4dc734684c87f66df8a5907d03b4a5d3ca0a4715441ea98dd3fe64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 304b5351550edfe71ffd1e853cf72d93
SHA1 7a8c82348cf200d153b77be50b37e1452fb74dc1
SHA256 7d76edcd4c84726d82e14ec9d03eed0219fadf1cdb3d4390e621aadb79e674c2
SHA512 ecccae7f7b9a3fce2c5294bb400c451f53f69db5ee357b8dd8fe23e17291a44bf2f2bf7136b4257ae6df13cdb5384f23e465cca6b867e11252a7a91ceaeafabd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8e9e5675b560e840b8e258bb4323eb3
SHA1 ff85b291655cee01a8879fce7e59b44132974e45
SHA256 2d5e16de50ed54cb36ec879d93a42dce6b9bfeb738315cdf02fd771e5e148601
SHA512 16792e06cfda21a1602cabb82d981b2f7dab45e9bacce215e3477118dc1a41c406955fb4588534bbc724c2e4bed3eda93407ca412356edcdac6d7528d1f1d305

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1fb65badb7651a87e401904ef916e2b9
SHA1 76d260a209dde3c05137de20d23360d5ddaeccdf
SHA256 9e6dfa955077d4bbc9f0ccb849a3b0acbb77f393d5a27555ce84615228ff719c
SHA512 da897d252fc3fe7a36c8b05ceefca378323ed5272cf797c5fff38e0d8c191f5c8423319c8a8daf00b185b63495da3762c7868135216438128c5625c40b06fa27

C:\Program Files\chrome_Unpacker_BeginUnzipping4048_560338181\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Program Files\chrome_Unpacker_BeginUnzipping4048_753391475\manifest.json

MD5 4c30f6704085b87b66dce75a22809259
SHA1 8953ee0f49416c23caa82cdd0acdacc750d1d713
SHA256 0152e17e94788e5c3ff124f2906d1d95dc6f8b894cc27ec114b0e73bf6da54f9
SHA512 51e2101bcad1cb1820c98b93a0fb860e4c46172ca2f4e6627520eb066692b3957c0d979894e6e0190877b8ae3c97cb041782bf5d8d0bb0bf2814d8c9bb7c37f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.49.1\Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5653121b061e4ab8846df6a926955e32
SHA1 c8228b82a3d97b6a24be52c443b6abf6a5db83c2
SHA256 32334ed4787e538d2fec9ec9a292454ff54159f9d41e55640ef9e74d81d33ecd
SHA512 32a3acb70c78222c821f8005fcdb6c8cc550ef609853b61e89ee57aacb8ad6d45a805726c9849fc1cff44425f4e11f4d9c9b0fbf462624966536e0ec5ff87943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a87e79666390fa8cd33fd2d895fcb253
SHA1 6fbe2fddc1541167aa1f3a06e6ab0d19bda1ba85
SHA256 7ddc6ca2a9a55c0df92e7576b6354bc653db392f73fabf61ce62f4779a2ceb27
SHA512 3c3a43742daf8cc311910745a5b21046b835f70ac21ac29db1e2850ad8ffbdc2058548f9faa05d735013094bc24e170dd991b58f8ffc9160523ae18f26101ba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e9cbeb65e6d2b6ca351ae184eaa3087
SHA1 756eb37c16417f9b103e85fab83e6b4e5afb5cb3
SHA256 3304bd8ab4cfbead3eaac5c6d19163567252374c85d34a9571e7d659fbd942cf
SHA512 78890984572e9ee348d111c1ab668edfa3ba914687b57535088b89dd48418408dfd5995875f1a13d8e2cf3140bbafed82847860e51b13f9b3fb5265a3d395f02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 64e65a37deea01e0185273ef97c9dcc1
SHA1 0072aa0ba467bf5b7c44da7a180ec541e33888bc
SHA256 882f60820fca9458150489b3eb1b963088ae4790638314d25413471de70d7225
SHA512 0c0614abb716e6075f0d335f504e35aa900e008f88eb0f4e568adfeb128f451a4cb5166bb05d35ffc522a6001396808027e80bdde5d7753975dbf66fbdbc1237

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 f478b1ed647a0a57e5127c9ac9e59d82
SHA1 63bfdf601d9b08a7d16cf08f4086c2754d640d62
SHA256 9d78afc186a9b5efe883135fc4df7e769d34f167c2f0d4edd1b033cba60b8211
SHA512 d54c282502c95576669e3e91bd0ed577243677298aeea2457ea46d3d2e7a0600327e085260983c86b93aecc7ede3620a8bddb71eecef5001b00de9e0c29b9f6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a21d0cd21d15c1e950328c033d4c5f2
SHA1 4ecc75e71dbcb14dcaec17f80f2358ed7d750d9d
SHA256 977ad085008ac38018d47d7a9ab658993e26c41d6ccfa0e980ed3ea56aebbf93
SHA512 24ab4bb2aa290a7f8a040666b918dff046e2a620510c94f883382516469f78d1c37f22c608d90a2e03f91f57e878b0dca6d3d78248ddd157e84b1200017873a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b7f3a0508d2fc5b0f3f4d5b9c5679198
SHA1 5393d806c591f329fce532b0d1de2dacf4b25fdb
SHA256 9f5432c09a6da7f2e1ef9486ac7070827b6737f3e6196977feaceffb7f5c3e18
SHA512 a13af4d8fc1432cd59ac45080944b4963a2f1efea6131be6abe83d2c0b936be29bc7a9f0be296192caf6419f6b51d26e218465baf9eca4ffcec6b1c1879431f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e533df34d4b7259092a763754afa4c79
SHA1 7b0f7e00c64b7eaa0e435c09ee1da6cd41f5899a
SHA256 3c036f66bfce6c48577440f852eda2cbf807ba833d4628b310224a0b0a19c50e
SHA512 84898123882b929b4511aa3492eeb418c8837538b10f54ede067730b7624360ee21fb28a8acfd00afc3a596a775335a309735f05c1f527bdd92ab9b5cb91a840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 538f59cb34020388a6942546d0e461ba
SHA1 8464c924c89a59dc150e71733ada210c96425b34
SHA256 e41e72675563e00bfc6f98e1f19777b49d65b5ad7755bc9b1f354d43e5cd4059
SHA512 92fc0f034a8a4cd4e7af67f5789d58fd44725ab406854ef9c92f711d502764907cebf24599a5a28eef5919efbbb954b14843c353330f3395a39b3f3bfff49808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86ee6cd54042874ad5e8faafc0d43265
SHA1 f77ab834f3bf2bc4e4ad516cf982ccf93e94280f
SHA256 aa35b35a3595e15556f03602d046cf462a8d845fa83ed783e7becc3d07034be6
SHA512 4689e403271ced684ee170db0d662d3b051405ecf22ad4177ad3854b866f4953788a4636db8ce7ec27d888c5b86a6b6fd7a063c0b202f22095c9a39df28f34b2

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 3a21af56077aebb8e0c0e502fff9a398
SHA1 475c66ec182cc8528f5a4d4f60d13e510c7ea103
SHA256 7ee9241986bcc9d37a30fc873290b6e3a01fdc131ef8508e82043f261efe3a3e
SHA512 90e4d8958796263e465f3ceb3e2249b8583e62653e2f4b4d0f96f662951e744447de0cf78f6ffb82e39606ef370bac98021b5cfed531dde03981e06f84576beb

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 2dbd21a7b7f6d55de76678d6e7971400
SHA1 bd850a553c2fb59ef2942bcc88b7afd80dabb096
SHA256 e5f79bb49b527773e0e339cf152b1f800b766477a238f0d3141c20f79a383aab
SHA512 89d29f439f9711f71f78b973e64a47766b14a96ede7c32fb32c9c5d3dcba6e24b201d68a6fb0d6cd4f7cd161c14338116c5b1c8563d262639f18f611fcc55a8c

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 2400e5dffa9dec7d7c2e6f210d547d69
SHA1 4fda160604fb50fbbdf698036311102ed479e579
SHA256 a08da32f7fbc5c41f692434b9211e250979478f39f1eba69aa3797c0810eb881
SHA512 02c5457e975867646519bfebd991cceae835215b3f8c9e2a7f907fdf79150abb25882b2aab35851b929c3f2d080b789a2a01eadebf1d44d2c51feface34feef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b02e9cb892e7c6635fb26d2c3db60dc
SHA1 7dabce966008adf9d13b2b40c61f0a544dbecb99
SHA256 10ae0dc57af502e6b15080eef0f0b38c4a33537f1433a2e988c154cfcdd96b76
SHA512 2e9b249a105fbdd4f612308ed71e6beffff82c3ec80123b207a781e01d564de3703077047dc324acc56a70615d4f98a51ed758917d9256213d2eb057bf0375eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6385c5d477e5f3ad5e3e273cf92fe59
SHA1 f4df0b3957caf54b4110cb8249bdf1667d321b17
SHA256 bea39c39d3f5a1dc77230c647d58370f562fbf1291b18b2a057d6622c40921f9
SHA512 8a0258ec92cafdc7de9030d2687758be0e821d30f425ac121ae11525614b7c3972b56835952dd1e68da3ecdb940598d23d58c4e4a3acca1b04517e578c5f2e74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8db963bd17b7594b144a27afb36f687
SHA1 9e8fe9b23c308a997a639f4554c047c043cea188
SHA256 0e2b9b97c6c3fe6ea59d8806fe26684ef2e64c504cb536091dcdd1e2b81c0c03
SHA512 7612657264e459b3cd77fb184f6d47f126cb50007874ef0c2b5f298cd18db1c9e9629b57f91dc76699cd3082d2614ea73c14fb829901fa41ba742e24e225e2c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7d5fc5d3bf46f913cc2f1ead987f562
SHA1 23530019e7a39471480142279546ec11f0620931
SHA256 48e00f486c456c8a03a4db78d76a9d4761d2d90f7fc3f85391f03bc0268e24e1
SHA512 115f1c34c622ecdeb3e9a580293689373dc3643120b81199826559085acbf014ae9856faa161a378c6118623c3c2f0406565aa64217eea44f8f44dd0ef0bc268

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a96536f6cba57242e9a057ed97935ab
SHA1 7d61dbad392ade807bd9af4bc1de40630dc8342f
SHA256 9bbacec182819eedb85849d17de64d21e21f1c519bee65e9d6c870e8923defc3
SHA512 60ff2995227d066a489054b9dbcb9e2c963af31d1a40fdeaadcbab755797389809edb58a9a89b2205c76140a60315661a9bb9c8bf92060ef3b17c6e5cf3af608

C:\Users\Admin\AppData\Local\Temp\RemoteHelp\EBWebView\Default\Network\TransportSecurity

MD5 84b952634afc2bd508fd9acd5f2c803c
SHA1 45f89c7d642348551ce3d81044bab09887124e05
SHA256 735d91af04cc72bb6f97942709ce25ab5188d3ab8e5e4cab4579ae33b17d571a
SHA512 04b8b1cb06dba81efe6fe67c2d155bb16f9ce71caccd801937b09b854e59e8e2a64dddadf5d4d77868148265d9290381768c7013ea6abacb8801abbe0531ed13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb5d5ff67763a3efcb2202c87bceda4c
SHA1 0217e38ad26fb48950276f403b00158b3282eea0
SHA256 a46483e3306b8b874983d3d02e26679c621b6154618a5886b8663964293c323c
SHA512 28eccf74a49d0b15cd9a4923a14234bccbe1d52f42f9fa074d204acb8b7ac8a0dfddb543671bfa6d1137650916988ecadf93324148af56b8c1daa1a793244716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 373876de930466b04bd5996552927818
SHA1 3782e4c610ba0fea708035101c265cf8c4c932a8
SHA256 df954bf4bab340eef6590c44df7d764e757da1a8622ca5ef55d86d5d05661613
SHA512 87fd18074895802dfb2e8d255c55d4e47a764e331ee0c1d7745d2b4d32acb1e5de428af06d44cfdda5b230a61eeca76059bc598b5556a54deec5642623fd3013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 888d63f00cadc46667c679a9b9ed7c6f
SHA1 0ccb2aa8544004cbc88027339e12459f383b2611
SHA256 cc7349b5dbb332e6078d7f24761c50207967c3f436458241bbd37a83a9d3fd23
SHA512 5e977cf86918fee0338c63bddb30246b6859ca12fafb6a889d71f618ad7db863bc303c9354c28c3c5c79b64018310fb3f6554058a788a71a4926b5f79b18e839

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ba2664e4f886536ed6fa3f8bc9444d5b
SHA1 5f29d57d69778916d84f0b42ff349afd98a6516e
SHA256 c47612a3715095dc7bfb6ea6afbabe05e334edcce35169aa3bdcd81aeb23c588
SHA512 33f2820da622486db5cc2ee0d6c85b18e3d05d055986c855cd5a29c9d704dceca2786f57305c78ad12af66f6dd053b3d89bb7ee5498f440971a6937176072942

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1db976e432b6e3e5868feb9e9fb89892
SHA1 c4aeaf0f3e4fab503958798ad967914fa64c9a35
SHA256 5812f4df3bb60323a6cefc4e064e8a4fa888e47528e21ebfccd6e490f33a4605
SHA512 bb03dddb9dfc64f4bdd30c6163b8e9b6bd256aa789fc13c17cfaa487e0a9ecedc04c418385922b463f0a17292911a5f3f471bc91fc225b7007667b2d76c5b600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f09adb841218802651345794b4b914a
SHA1 cb7d5112bb013fe449de27bf44f0d5e442b694c2
SHA256 a40d190615132c9d08a3109651f39615640787e0804f56e2f718eb288b5ea098
SHA512 60cb0fdbc6baf9ba4ad4c383701aaa30bb7c4b07313bef7683e910fae8d77b9d6914b3ab61b4f4641006a1f1e619aa303dc2d60c9f3f6bea913d363a638407a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ba9d6528eb63392f859b9cf7bb419813
SHA1 712b5efb60796139d6f5d36b7659cf2ff0d9c772
SHA256 60b595a850505b59ffc5a45a0aa475ae830922cdc141e8d2a02c72d5770351c7
SHA512 776b493cf9bc3956679e3f980cfec4b026c23b9f00191a18b416904a6d35fdde0936679b8cc5cb97e20a2a6576409599ae2abf66df2537561c70ad9f531741dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 def613d032aa0aaae686d0ff0c7f7aee
SHA1 2d03a248afaf2adf6205303faadfcf73547b7093
SHA256 e48b0d0041f4256ea16048ffa562f58c27d7efcde40f54564db559650d334999
SHA512 cdb6ddaf6b75115c3470e4741b8973550f9a4f071dedaa36ddb7373476981400f5b6832fb510a935b8c3fe66e60e0563f685a9853bce2bb1e9f4b4f7cb25409b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe8094848b9b29d2bd230fd55932e1df
SHA1 ce7a577babeb93fba472967f2b12b9f2ab232e43
SHA256 d7fd0399493b6d60330a1f56e01aaef69a327c122f5bc6f7449b05a20e507ebc
SHA512 45fb69318c6386caab0ae3a4f7424abf4e758a83531c06763661c45dfe91736fddb4ed4e5c18edb520f8a5f52717bf5050c09e8813783abc6043656367c1a33f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b2267e03ad7c5f7bd09ed29cec928d37
SHA1 7d2e033a5adb1f0c5081abf6b0307e883306d0b2
SHA256 d331921c34d0a8c8c04c24c372d1245bcb4475e8440b1f0b6192b6475ce619bb
SHA512 fdb8d37bf1d6ebf62ffadeb91bf557232797aa813cb7220e6f7dc223eb5fd492aca1efe1c42526602195bbf26def2c41a5b08518339da854f3cb675cdbce672c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f64e0c0ff475010646c45a283c47b9f4
SHA1 83a310bf78543670cf48d1cbf62166e157dbeb00
SHA256 492172f02b5fc756e8ce568191c1613ab6b2ec253ec2ee635d9dab7a2a2c62ec
SHA512 34481a646d3756ae6d95464997110336a7ae5194b54bfc66209247ddd476464d54d0379ef49171b67127f540fe33a692e2f25fe8a9108808950b2d4cbcdf0e48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f67321382df88099b46af6b0946af64c
SHA1 e53e5cc970928128df1f7c3c8db7cb14b4be197c
SHA256 8cb20e3c5814854e607ac3b983923738485b1e6856743b99e22d518eca7becb4
SHA512 fad3b6ecdeed33a5961043553693cb315298e866bfe97b2353f2e0e58ccc346683e36a9e236c8c2e92e4855100c021a16969a9ff0d68549ddb13248bbd795c17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5f22e7f4f0b53e6b29e1b454a342ac68
SHA1 c3fbb0a22896de804fcf6473dbe056b5fe3bf198
SHA256 00b904ac4dcceca6434df264a34c8cbc77f107e378a540ad817c107c82457275
SHA512 88814e30a25bf7d4010693fe1832a876236c19cd6abea5c4b99a1e346730df0b6b799d79be562794269f16e4cb35bc22756de1b09b3189a20a542e83f1c7f7ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ffbcbbe08880743513214a9e2b5fcbbf
SHA1 e198e044bf5f7ebdea82714b5929178cf973810a
SHA256 17fca8ee219566763fa93a7a6746d64e452ea45453358b10998f7bf56e0e6775
SHA512 0b6e139a367418a8637a9fe2205e60440eeab0d41729d3af31de5b92f833badd761d801602ebc6e05ed4f7e1c9109704fe92aa962e139a1bb0d4e34e4af9af80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c0a510c0b19567a3ae2cb6e1ef4dc5a
SHA1 d01529b03cd5909aa647ba96a1eaa9fedf293434
SHA256 6f12cc984c0a0391a9af4acea1539de9a3003b66484ec45b643ba653f2bcbc99
SHA512 3be7216ac3ad97db3f6565c1e0ae33703c89e5a15fe3820eb5504ae200f3cb3396b73fdc2b195dde16ded3e86974ab83ea90021af70178def40b15750d1e3f8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f12eda343270c67b197b246f6feafb6b
SHA1 e867336974af3d6ac757e16f0ba398b473532c91
SHA256 cd9e5b54c33f43c2e37fccfdf2e922a42e1b19405d1367c2bd6083fdd3a34173
SHA512 348081d244cf99b97d47669ea129db06eee14d4f199930fe1da8fc3563b33981f763c33afc7d3593399a0613969e11c516b76653ac6af4a10b5059cb444416eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3daf94050cd47a299cec18ac0c488b7e
SHA1 a58ec5a437e30f0d01248d9a466f702b776bd258
SHA256 65d2663a87980da306282619d64f6104c264ef33afe7e37235312b6207279826
SHA512 1cb8677827e57cf35171efbb74dd6eef1349e88ef096a0c298483aefe923da0226768e172afe029943ed8a18e817783f511f7b69cd704eadb8b279aeeeae3054

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dd186c86f884929da6bf43648c6874df
SHA1 afcd80e8133affdc4aa558d38bfeaa921ba70e69
SHA256 76d73f4cba8fc53a0362ccda42e7d2611e75129a096492de0ce80631a0830af1
SHA512 fd9cb92af449547eb316a9f68866c91e5983fdf8fb57218f1daaa5452c1d13bd537d7890f1015bc9f6996738dbf73dbc0cb730e71dbe483445d4a7b7b8590f78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 f048b5680facab1a3900ec0aaf718def
SHA1 ada2bf1370813c9b6ffdb164d3241ff3644b245a
SHA256 e3adbd2711d97683ee756104f209ac776d3ca104eba9b6e67e7ff9e5eedc60c2
SHA512 db290b86c7f816ebd5fe83e0a5211f891cc279928e7225eea7d27d0e87b6316e55ee35e3c8060fef0cd5e469cc91484aba8d2589e7663fa9e7522ee4b4289cb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 038b3064f04d5563f22467cb5a88e6d3
SHA1 4a41cd32ba03348eb31ce6e1ad884f67b2c721d3
SHA256 d8e3c90a4322bad5bd806e929a41f51a8c657e2f13581c9741120cbe7a0af488
SHA512 b885b0a00f9ca571115b5dfe06872a524fc1e7dd90c50074e11e178945920f4d126019a6cc671e7ead274e7ce2eeb301e6eb95a95a95ec409aa25d577e798232

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50dfd414f2435e06663c3f701f9e9aa1
SHA1 7f1170f0822bc356ae96e7ba816aa86e85ddd4c9
SHA256 97c6bb34660c7b0c97e0eaf43d82095c3a6511f5ad7966a701e7ab9d247662a5
SHA512 860b80be3c1051d37947b8b397c08c4f3edda30c94b78529be047bb3febb9a70a0949b1cf984166c17dfa24dd79dfa4b2922ba0871483bf3a680be1b99bfde5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6fc6bfdc3f33acb2e475188b14a0241d
SHA1 6971f354e5fb4b95bea9cb5dfd2e34c6279ce544
SHA256 427f3a0e8cc63e8a52719b0214cae0563c70ad232c8730b85a64cac3ea502446
SHA512 ed245be6f068167d618342fe35547a60ef9919c8d39ecf03fe6e1e5ae2589170af288808822215b6182fe57a0e3cb08d1edcc909f26e4b922738256c223832d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\df576a33-200a-4634-8a3b-deb2c926bf6d.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\52V1H4ZF\login.live[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json

MD5 a19cd759b78f0257278ea48e6b417618
SHA1 2994a307e3609c3dabc52b7ea8a2cba0a0257a3a
SHA256 89e4e79a21e5bfff3794d477d0997c976a66eca9ad91276bb08c77efb9953cf1
SHA512 67f93708e83a73c52259503532ab9a46eacc67586080a4b1951f5e093685cd6fb26aed7218cc7d3b831f9afee0cd18c03debbbd8af6b71983c8a05b6ecada0a7

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 d448e7b9b1f78794d11868b029d94c71
SHA1 6d8eb94f199bc313a1d76a0ca9f7d745806daf0f
SHA256 596c29baeefd29211c6a230d0911687188a197f99e6a1805698494daccdad639
SHA512 bbc60f18ad666642a4a12eec36f89d218344e50de6bc8a3a1e0f0b625dfab092c45b453390df3eda26e4962629d965c617caae2e3df2e848817dcdcbe9e7a97e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 ddaf8eccdd1a511b48b511f34f10817f
SHA1 b2d85345c60bb6f2a2354c0666a78b468d41cdbf
SHA256 46feb1a047e11aba7e5bd334139ddadcc44d7bc126e4233981f9b9a1ed62b2be
SHA512 b22b4c7dc7b9f8f8d9de170348e7dbc3d24b3fbe6cd406d8feddf9081687d8a8bc5c0d84f3dd0eea032d9f8389b21a0027e8e483cf087a0a79a505b6984dee76

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 05ec80f6b605d85b4808c7b09996514e
SHA1 2f5f199b1b08c8017da0626d3b17343f7d98f355
SHA256 7119cf8d4d3469bbec474db602e2549a27ae2a0ed2b990302acd89b2ed783c50
SHA512 b12f1bd6495e51cc0defec042bf7b1bafb254b52b952ca44e6fedd483f4d94103a54a2d818cf99be2262a6aae276b132ccbf49803e80f215351108f51aca2251

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

MD5 3fef8dc6550598ba66fb6dfd6d66f111
SHA1 0ba61325db145f17d535bbc90ad84556ff0a8987
SHA256 873bb842799a18acf275b3587433c422e06cd006120c9c82020d46a77b54fae0
SHA512 d8f42392845ae4e8e548a715fbd60d76f567d6111c66dcefb0f54df96700de51492d89211e70632237035d43aee5cd1635cafb8f91c030a5016d3287ce495e1a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 ec4a66f15638f1543c8ce4a0c71683d8
SHA1 ed93dd8231475891ca8d371c9c3ba6b4a7948b2a
SHA256 a4f27be3f9662709510ceafb479d539fde5abbdd8a73512a6deebdfac9626ea0
SHA512 041d0d9ea9ee096b2dd8a7db5dda484ba26ed683b652282b02037f0f8bef1e70ec51cb2700d0c28e4b5a9165064b40049f9283eabe2cf02e771f8d3ea1e54ccf