Malware Analysis Report

2024-11-15 08:36

Sample ID 240902-1192pszckb
Target Agile.Net Advanced Obfuscation v6.6.0.42 Full Activated - WwW.Dr-FarFar.CoM.zip
SHA256 cce32abb77ab93a740d42b466d41536a1fcd4cd2512a5bb957dbdd21f375b9cb
Tags
agilenet discovery evasion persistence privilege_escalation themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cce32abb77ab93a740d42b466d41536a1fcd4cd2512a5bb957dbdd21f375b9cb

Threat Level: Likely malicious

The file Agile.Net Advanced Obfuscation v6.6.0.42 Full Activated - WwW.Dr-FarFar.CoM.zip was found to be: Likely malicious.

Malicious Activity Summary

agilenet discovery evasion persistence privilege_escalation themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Obfuscated with Agile.Net obfuscator

Themida packer

Checks BIOS information in registry

Checks installed software on the system

Adds Run key to start application

Enumerates connected drives

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Modifies registry key

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: LoadsDriver

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-02 22:08

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-02 22:08

Reported

2024-09-02 22:11

Platform

win11-20240802-en

Max time kernel

171s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe"

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
N/A N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
N/A N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
N/A N/A C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\syswow64\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A \??\c:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} = "\"C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_x86_20240902220925.log\" /uninstall /quiet /norestart ignored /burn.runonce" C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} = "\"C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\dd_vcredist_amd64_20240902220933.log\" /uninstall /quiet /norestart ignored /burn.runonce" C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{61087a79-ac85-455c-934d-1fa22cc64f36} = "\"C:\\ProgramData\\Package Cache\\{61087a79-ac85-455c-934d-1fa22cc64f36}\\vcredist_x86.exe\" /burn.runonce" C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ef6b00ec-13e1-4c25-9064-b2f383cb8412} = "\"C:\\ProgramData\\Package Cache\\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\\vcredist_x64.exe\" /burn.runonce" C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{4d8dcf8c-a72a-43e1-9833-c12724db736e} = "\"C:\\ProgramData\\Package Cache\\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\\VC_redist.x86.exe\" /burn.runonce" C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13} = "\"C:\\ProgramData\\Package Cache\\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\\VC_redist.x64.exe\" /burn.runonce" C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Malwarebytes Anti-Exploit = "C:\\Program Files (x86)\\Malwarebytes Anti-Exploit\\mbae.exe" C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\mfc110kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc110esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msvcp70.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfc100esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc70deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msflxgrd.ocx C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc110kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc70cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc100deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msvcr110.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc110fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\dbadapt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfcm110u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc120chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc110esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfc100enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfc100chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\SysWOW64\mfc100kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc120.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\atl110.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc110ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp110.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mscomctl.ocx C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msrdc20.ocx C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc120rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msadodc.ocx C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mscomm32.ocx C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfcm100u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc110rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc120chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\atl110.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\SysWOW64\mfcm100u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfc100.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcr100.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcamp120.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc71chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\vb40032.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc110rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc120esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp100.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc110ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\SysWOW64\mfc100ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc110cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc120enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\system32\mfc100kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\atl100.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Malwarebytes Anti-Exploit\is-8KG2A.tmp C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\Uniform\is-CI05J.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-M70EG.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-2L086.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\images\is-TUOJM.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-M6TEU.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNetRT64Pro.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\Metro\is-LAVDB.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-F4B8N.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\content\is-PVNKG.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\js\is-2AB2O.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\redist\is-T4CCJ.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Malwarebytes Anti-Exploit\is-HIENN.tmp C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\DevExpress.XtraScheduler.v14.2.Core.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Malwarebytes Anti-Exploit\is-E3CEE.tmp C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\is-PCLI7.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\fonts\is-746EE.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\DevExpress.XtraLayout.v14.2.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-RJTKA.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-AH3DD.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-ENNAR.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\Uniform\is-O73GS.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\is-RS134.tmp C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.Console.VMRuntime.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-GEF6B.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-IDND3.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\Utilities.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-7QAKM.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\js\is-RG9Q7.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-O32HO.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\Uniform\is-JAH4R.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-H98V0.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-DNSJN.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\images\is-BIQ05.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-ID7OE.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification \??\c:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-TR9PU.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\is-O97E2.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\fonts\is-B8BT1.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\DevExpress.XtraGrid.v14.2.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\fonts\is-5JONN.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\images\is-K93OA.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\is-L87A8.tmp C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.Licensing.dll C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\images\is-HL9FI.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\textures\is-5IMGM.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseService\is-LTTIM.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\iNFo\is-B7QFT.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\styles\images\is-3AI60.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\is-MIG1M.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
File created C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\NetworkLicenseServiceDashboard\fonts\is-S8GVC.tmp C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\InstallTemp\20240902221019409.1\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.7523_x-ww_62205c0c.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902220956392.0\mfc80ITA.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902220956408.0\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_77aceccc.manifest C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DF8481AE39EB032F96.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221017409.0\msvcp80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221017424.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.manifest C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221017440.0\mfc80JPN.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221019424.0\mfc90chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100fra_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e586455.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DFDAEB42C2D2DB23FF.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\DL7ANEUF\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5864a2.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\GKTM5MRW6W\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Installer\SourceHash{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219\F_CENTRAL_mfc100esn_x64 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF9DBAE649CF3A5CF6.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFA9659044FBC51DCD.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFD5A7F918080974FB.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBF0C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221017440.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.manifest C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20240902220958142.0 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\Y51FFJ0N\Microsoft.Office.Tools.v4.0.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_mfc100jpn_x86 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFF69F4B74CD3FB58D.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\WinSxS\InstallTemp\20240902220956439.1 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\RI3WVK0Y\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DF1C76A4F1679054DC.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF0CA822005F1CC9B1.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221019424.0\mfc90esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902220958267.2\9.0.30729.7523.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\SystemTemp\~DFEDFF6D0C9A0F6145.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\KUQ5MLWT3I\Microsoft.Office.Tools.Excel.Implementation.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221017471.1\8.0.50727.6229.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFADB2626A84B78579.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e586446.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File opened for modification C:\Windows\Installer\e5864bc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\temp\BR4UWEXH4U\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\tmp\ZFKS3YXG\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\WinSxS\InstallTemp\20240902221019424.1\vcomp90.dll C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004fbc8ede2bb95e8f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004fbc8ede0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004fbc8ede000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4fbc8ede000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004fbc8ede00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1906F94F-8256-480A-8CDF-60821592CB4B}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BFCA30D5-DDE3-11D1-B6D9-0000F87557F8}\AlternateCLSID = "{1E9B270D-5829-490E-84F5-1C25D74BF01D}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{601EB760-8909-11D0-9483-00A0C91110ED} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8C344712-5FEC-11CF-A0BF-00AA0062BE57}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F0D2F21C-CCB0-11D0-A316-00AA00688B10} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{A0E7BF67-8D30-4620-8825-7111714C7CAB}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{67397AA3-7FB1-11D0-B148-00A0C922E820}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\AlternateCLSID = "{7DC6F291-BF55-4e50-B619-EF672D9DCC58}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30}\AlternateCLSID = "{74DD2713-BA98-4D10-A16E-270BBEB9B555}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{20C62CA0-15DA-101B-B9A8-444553540000}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\AlternateCLSID = "{DD2DBE12-F9F8-4E32-B087-DAD1DCEF0783}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\AlternateCLSID = "{2BEC8FA8-1193-4A15-B8AF-C6DF6E6930C7}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BFCA30D5-DDE3-11D1-B6D9-0000F87557F8} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{21D93913-CB0F-11D0-84AC-00A0C90DC8A9} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAB97084-FC6C-11D0-805D-00C04FB6C701} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\AlternateCLSID = "{CFA7636D-CAA1-4F18-868F-8720624C8B86}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{601EB760-8909-11D0-9483-00A0C91110ED}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D646316D-0915-421A-84C1-6A21C2495791}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E35A5B50-1B6B-4C46-A323-42214F91F48B}\AlternateCLSID = "{261399BF-4DBC-4731-B79F-EF8871D7CB36}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\AlternateCLSID = "{F65348F7-505D-4FAB-B66C-D76CFFC2BD78}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{43478D73-78E0-11CF-8E78-00A0D100038E}\AlternateCLSID = "{6785E9BB-087E-4772-8CA5-3331CC3B574E}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8C344712-5FEC-11CF-A0BF-00AA0062BE57}\AlternateCLSID = "{661CCA78-51EC-4066-8F34-BA50B142738E}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6A227305-5C14-4EFD-AC52-516FE226F947}\AlternateCLSID = "{D8C1B55B-12DC-457F-97EC-4B84305FAA13}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\AlternateCLSID = "{1EAC2F2A-251F-4BA8-8617-99A8DD715453}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F0D2F219-CCB0-11D0-A316-00AA00688B10}\AlternateCLSID = "{E404CD92-E7B8-4037-918D-5A18CFD09ED3}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{21D93911-CB0F-11D0-84AC-00A0C90DC8A9}\AlternateCLSID = "{20E72BC7-287F-4FCD-BFB7-156FF242C27C}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{27395F85-0C0C-101B-A3C9-08002B2F49FB} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\AlternateCLSID = "{97992019-74A6-46C7-9CA3-7F8C0D39940B}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\AlternateCLSID = "{627C8B79-918A-4c5c-9E19-20F66BF30B86}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{20C62CAB-15DA-101B-B9A8-444553540000} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}\Compatibility Flags = "1024" C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\30 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\48 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\4a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\42 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\36 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\47 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\41 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\42 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\43 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\37 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\46 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\40 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\40 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\43 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\31 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\45 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\33 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\44 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\34 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\49 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\39 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\44 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\38 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\3a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3A C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\41 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\48 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\30 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\33 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\3E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{CDE57A40-8B86-11D0-B3C6-00A0C90AEA82}\1.0\FLAGS C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7ZipSfx.000\\2013\\x86\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95F0B3BE-E8AC-4995-9DCA-419849E06410}\MiscStatus\1\ = "131473" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E9B270D-5829-490E-84F5-1C25D74BF01D}\ = "DHTMLPageRuntimeWinEvent Object" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E60C550-7BD6-11D0-9482-00A0C91110ED}\TypeLib\Version = "1.0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E2D211D5-11E4-4D9E-B6DB-1E902C851A49}\MiscStatus\ = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2BEC8FA8-1193-4A15-B8AF-C6DF6E6930C7}\VersionIndependentProgID\ = "ComCtl2.UpDown" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{5522DB04-06D6-11D2-8D70-00A0C98B28E2}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{0B314611-2C19-4AB4-8513-A6EEA569D3C4}\MiscStatus C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSComCtl2.MonthView.2\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{83081C08-382C-4ED4-ACCF-DCBECA021010} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{38911D8A-E448-11D0-84A3-00DD01104159}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSDBCtls.DBList.1\ = "Microsoft DBList Control, version 6.0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{43478D73-78E0-11CF-8E78-00A0D100038E}\TypeLib\ = "{F6125AB1-8AB1-11CE-A77F-08002B2F4E98}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSDataRepeaterLib.DataRepeater.1\CLSID\ = "{601EB760-8909-11D0-9483-00A0C91110ED}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D96A3E5C193D6A548ABF000BE1B210D0\VBRFiles C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5522DAFA-06D6-11D2-8D70-00A0C98B28E2}\VERSION\ = "1.1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{E304B70C-0FCE-4E1B-9C81-CDAAD9F7DA55} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{D7FFEFBC-C693-4E6F-AE2E-ED001389CB17}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\Required Categories\{D40C2700-FFA1-11CF-8234-00AA00C1AB85} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1D5E3C0FEDA1E123187686FED06E995A\SourceList\Media\1 = ";1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{02A69B00-081B-101B-8933-08002B2F4F5A}\Programmable C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{261399BF-4DBC-4731-B79F-EF8871D7CB36}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{612685EF-57C8-469F-88AB-E4E0B595C5AB}\VersionIndependentProgID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{4D588145-A84B-4100-85D7-FD2EA1D19831}\MiscStatus\1 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9E07525-BA0A-11D1-B137-0000F8753F5D}\ = "IVcAxis" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{979127D3-7D01-4FDE-AF65-A698091468AF}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vsto\Content Type = "application/x-ms-vsto" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.vsto\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9738BA2E-FD26-11D0-9C55-00C04FB987DF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32\ = "C:\\Windows\\SysWOW64\\comctl32.ocx" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9E07502-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90290CCC-F27D-11D0-8031-00C04FB6C701}\ = "DHTMLPageDesignerEvents" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D88A442E-9C85-48E3-A6F8-EF61C93989A0}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.2" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSComctlLib.TabStrip.2 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{EE008642-64A8-11CE-920F-08002B369A33}\2.0\HELPDIR C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F0D2F21A-CCB0-11D0-A316-00AA00688B10}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D646316D-0915-421A-84C1-6A21C2495791}\VersionIndependentProgID\ = "MSDataGridLib.DataGrid" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{2E746494-6ED1-11CE-9223-08002B369A33}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7F1602-D44C-11D0-A7D9-AE3D17000000}\MiscStatus\1\ = "132096" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{FE0065C0-1B7B-11CF-9D53-00AA003C9CB6}\1.1\FLAGS\ = "2" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F0D2F21C-CCB0-11D0-A316-00AA00688B10}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\MiscStatus\ = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\Required Categories\{D40C2700-FFA1-11CF-8234-00AA00C1AB85} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8520DAD7C5154DD39846DB1714990E7F\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\772761216604AD738BCFA426F32D731E\VSTO_Runtime_CLR35 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9E07525-BA0A-11D1-B137-0000F8753F5D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{A289A6BA-6B23-4969-8981-9B2C28290D0F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8C4-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{F0D2F211-CCB0-11D0-A316-00AA00688B10}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSDataReportRuntimeLib.ExportFormat\CurVer C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\MSBind.BindingCollection.1\CLSID C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9E07513-BA0A-11D1-B137-0000F8753F5D}\TypeLib\ = "{65E121D4-0C60-11D2-A9FC-0000F8754DA1}" C:\Windows\system32\msiexec.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A
N/A N/A C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAssignPrimaryTokenPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeSystemtimePrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeUndockPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeUndockPrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\system32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4524 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp
PID 4524 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp
PID 4524 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp
PID 2828 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2832 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2828 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp C:\Program Files (x86)\redist\Business.exe
PID 2828 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp C:\Program Files (x86)\redist\Business.exe
PID 2828 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp C:\Program Files (x86)\redist\Business.exe
PID 5104 wrote to memory of 4244 N/A C:\Program Files (x86)\redist\Business.exe C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp
PID 5104 wrote to memory of 4244 N/A C:\Program Files (x86)\redist\Business.exe C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp
PID 5104 wrote to memory of 4244 N/A C:\Program Files (x86)\redist\Business.exe C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4960 wrote to memory of 4584 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe

"C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe"

C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp

"C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp" /SL5="$40102,74045741,1027072,C:\Users\Admin\AppData\Local\Temp\Setup\Agile.Net Advanced .NET Obfuscation Full Activated.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dr-farfar.com/softpopup

C:\Program Files (x86)\redist\Business.exe

"C:\Program Files (x86)\redist\Business.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff83a553cb8,0x7ff83a553cc8,0x7ff83a553cd8

C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp

"C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp" /SL5="$30218,2535896,56832,C:\Program Files (x86)\redist\Business.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe

"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe" /installopen

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe" -installopen

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe"

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe" /mbt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,10593398313454770566,15146908854676958531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\redist\VisualCppRedist_AIO_x86_x64.exe

"C:\Program Files (x86)\redist\VisualCppRedist_AIO_x86_x64.exe" /ai /gm2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Installer.cmd" /quiet"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop

C:\Windows\system32\reg.exe

reg.exe query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" ver"

C:\Windows\system32\findstr.exe

findstr /c:" 5."

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Windows\system32\reg.exe

reg query "HKU\S-1-5-19"

C:\Windows\system32\Wbem\WMIC.exe

wmic path Win32_ComputerSystem get CreationClassName /value

C:\Windows\system32\find.exe

find /i "ComputerSystem"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query "hklm\software\microsoft\Windows NT\currentversion" /v productname" 2>nul

C:\Windows\system32\reg.exe

reg query "hklm\software\microsoft\Windows NT\currentversion" /v productname

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query "hklm\software\microsoft\Windows NT\currentversion" /v UBR" 2>nul

C:\Windows\system32\reg.exe

reg query "hklm\software\microsoft\Windows NT\currentversion" /v UBR

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c reg query "hklm\software\microsoft\Windows NT\currentversion" /v buildlabex

C:\Windows\system32\reg.exe

reg query "hklm\software\microsoft\Windows NT\currentversion" /v buildlabex

C:\Windows\system32\reg.exe

reg query "HKCU\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled

C:\Windows\system32\find.exe

find /i "0x0"

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings" /v Enabled

C:\Windows\system32\find.exe

find /i "0x0"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2012 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 Preview Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 RC Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 14 CTP Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 Preview Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 CTP Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 RC Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 RC Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2019 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2022 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015-2019 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015-2022 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i "HKEY_LOCAL_MACHINE" "C:\Users\Admin\AppData\Local\Temp\wix.txt"

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall /quiet /norestart -burn.unelevated BurnPipe.{E70E62A0-97C9-4D4C-8E82-383649814182} {5F608A64-A987-4BAD-9A81-8AB3A6A57847} 4840

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} /f

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall /quiet /norestart -burn.unelevated BurnPipe.{2566FCC0-3F7F-4C58-A0BC-18DA9A7AC270} {3F50ABEB-F225-459A-8DBD-47A699F1EE93} 452

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} /f

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

"C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

"C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" /uninstall /quiet /norestart -burn.unelevated BurnPipe.{1563614D-2639-45B2-BE49-11417AF86C18} {1F4290D5-659C-4B3C-9503-5190A9E8F216} 3700

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{61087a79-ac85-455c-934d-1fa22cc64f36} /f

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

"C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

"C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" /uninstall /quiet /norestart -burn.unelevated BurnPipe.{20A6B35E-8C56-46E2-8D7E-AAFBAC4B013C} {F52F5ADE-B5AE-4ABC-BFFB-03E7B7048137} 3468

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412} /f

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\vc_redist.x86.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -burn.filehandle.attached=564 -burn.filehandle.self=580 /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

"C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{758559B0-9BD4-40D6-8112-9E4C0ABD8E65} {37A6A9C0-E5E5-4827-9CF3-FCB74476ACFA} 4344

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{4d8dcf8c-a72a-43e1-9833-c12724db736e} /f

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\vc_redist.x64.exe" /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=556 -burn.filehandle.self=572 /uninstall /quiet /norestart

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{2F5E1D68-DBCE-4602-B438-11D33F5DE991} {D82FEC38-39E5-4D9B-80F5-12DF2D7785AB} 1700

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13} /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp100.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp100.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 0.40219.473

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp110.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp110.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 0.61135.400

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp120.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp120.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 0.40664.0

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp140.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Windows\SysWOW64\msvcp140.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 38.33135.0

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2005 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2005 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2008 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {9BE518E6-ECC6-35A9-88E4-87755C07200F}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2008 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2010 x86 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2010 x86 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2012 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {B175520C-86A2-35A7-8619-86DC379688B9}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2012 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {BD95A8CD-1D9F-35AD-981A-3E7925026EBB}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {D401961D-3A20-3AC7-943B-6139D5BD490A}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {8122DAB1-ED4D-3676-BB0A-CA368196543E}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2022 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {9C19C103-7DB1-44D1-A039-2C076A633A38}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2022 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 14 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 14 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2019 x86 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2019 x86 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i "HKEY_LOCAL_MACHINE" "C:\Users\Admin\AppData\Local\Temp\msi.txt"

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} /quiet /norestart

\??\c:\Windows\syswow64\MsiExec.exe

c:\Windows\syswow64\MsiExec.exe -Embedding 65CF16129AE0554ACA37AAE79B971C68

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} /f

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} /quiet /norestart

\??\c:\Windows\syswow64\MsiExec.exe

c:\Windows\syswow64\MsiExec.exe -Embedding C14C54EB53F9051FAF62CC015B758F12

C:\Windows\system32\reg.exe

reg delete hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 0.60912.0

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c cscript.exe //nologo filever.vbs "C:\Windows\System32\msvcp100.dll"

C:\Windows\system32\cscript.exe

cscript.exe //nologo filever.vbs "C:\Windows\System32\msvcp100.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c echo 0.40219.473

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2005 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2005 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2008 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2008 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2010 x64 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\findstr.exe

findstr /i /v {1D8E6291-B0D5-35EC-8441-6616F567A0F7}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2010 x64 Redistributable" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /r "{.*-.*-.*-.*-.*}"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2012 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {37B8F9C7-03FB-3253-8781-2517C99D7C00}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2012 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {010792BA-551A-3AC0-A7EF-0FAB4156C382}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2013 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {53CF6934-A98D-3D84-9146-FC4EDF3D5641}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2022 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {19AFE054-CA83-45D5-A9DB-4108EF4BD391}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2022 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i /v {AA0C8AB5-7297-4D46-A0D9-08096FE59E46}

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 14 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 14 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2015 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2017 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2019 x64 Additional Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\reg.exe

reg query hklm\software\microsoft\windows\currentversion\uninstall /f "Microsoft Visual C++ 2019 x64 Minimum Runtime" /s

C:\Windows\system32\find.exe

find /i "HKEY_LOCAL_MACHINE"

C:\Windows\system32\findstr.exe

findstr /i "HKEY_LOCAL_MACHINE" "C:\Users\Admin\AppData\Local\Temp\msi.txt"

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} /quiet /norestart

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding B0A54A0B55DBC62DBED17404BE51CD8D

C:\Windows\system32\reg.exe

reg delete hklm\software\microsoft\windows\currentversion\uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} /f

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} /quiet /norestart

\??\c:\Windows\System32\MsiExec.exe

c:\Windows\System32\MsiExec.exe -Embedding 5ECDBF16494242516461505AF7692D8B

C:\Windows\system32\reg.exe

reg delete hklm\software\microsoft\windows\currentversion\uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} /f

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2005\x64\vcredist.msi" /qn /norestart

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DDFBD2878A3B01262D68C75A07921B84

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2008\x64\vc_red.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2010\x64\vc_red.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2012\x64\vc_runtimeMinimum_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2012\x64\vc_runtimeAdditional_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeMinimum_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2013\x64\vc_runtimeAdditional_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeMinimum_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2022\x64\vc_runtimeAdditional_x64.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\vstor40_x64.msi" /qn /norestart

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EB6B9D0DB488339D6D25FBBD1CF0EFF6

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 5B40FEFDEA2D1D9375BBA46951B25B7E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 25CC554DE5FB2D2D24D6D3994B5458A4 M Global\MSI0000

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A67B06C377E1D118F49CAA5A37BA0784 E Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding E0E931E6FA794DD19BC6C2641AA0D850 E Global\MSI0000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe install "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /queue:3 /NoDependencies

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue

C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild

C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe

"C:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2005\x86\vcredist.msi" /qn /norestart

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6A8CB6CCB602A17275EBE74C6ECC8691

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2008\x86\vc_red.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2010\x86\vc_red.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2012\x86\vc_runtimeMinimum_x86.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2012\x86\vc_runtimeAdditional_x86.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2013\x86\vc_runtimeMinimum_x86.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2013\x86\vc_runtimeAdditional_x86.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2022\x86\vc_runtimeMinimum_x86.msi" /qn /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2022\x86\vc_runtimeAdditional_x86.msi" /qn /norestart

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D} /v UninstallString

C:\Windows\system32\reg.exe

reg query hklm\software\wow6432node\microsoft\windows\currentversion\uninstall\{C5E3A69D-D392-45A6-A8FB-00B01E2B010D} /v UninstallString

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{C5E3A69D-D392-45A6-A8FB-00B01E2B010D} /quiet /norestart

C:\Windows\system32\msiexec.exe

MsiExec.exe /X{C5E3A69D-D393-45A6-A8FB-00B01E2B010D} /quiet /norestart

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vbc\vbcrun.msi" /qn /norestart

C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe

"C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe"

C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe

"C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dr-farfar.com udp
US 8.8.8.8:53 www.dr-farfar.com udp
US 172.67.139.123:443 www.dr-farfar.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp

Files

memory/4524-0-0x0000000000400000-0x0000000000508000-memory.dmp

memory/4524-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-JPHE2.tmp\Agile.Net Advanced .NET Obfuscation Full Activated.tmp

MD5 49d0d724609d720235e12663530ab50e
SHA1 fef5801f8052ab3d62024c1529021590c683f676
SHA256 76bd65dee7fe0bc680d3e0eb71c9d040cba6700358e7c2dc578fefc1b705a463
SHA512 d3b22c41dce96cd45a5eeb39e6ca327b991eb4847a77d0f8eca1a6b08f98e8644cf93e8e2f3682bbc74e3a7ca893a716dee760f93ac9ebfedc75a58dae4bbeef

memory/2828-6-0x0000000000400000-0x0000000000743000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8V7Q0.tmp\VclStylesInno.dll

MD5 b0ca93ceb050a2feff0b19e65072bbb5
SHA1 7ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA256 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA512 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

memory/2828-12-0x0000000002F00000-0x000000000321A000-memory.dmp

memory/2828-16-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-15-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-14-0x0000000003380000-0x0000000003381000-memory.dmp

memory/2828-28-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-34-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-73-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-61-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-72-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-71-0x00000000035B0000-0x00000000035B1000-memory.dmp

memory/2828-70-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-69-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-68-0x00000000035A0000-0x00000000035A1000-memory.dmp

memory/2828-67-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-66-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-65-0x0000000003590000-0x0000000003591000-memory.dmp

memory/2828-64-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-63-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-60-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-59-0x0000000003570000-0x0000000003571000-memory.dmp

memory/2828-58-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-57-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-56-0x0000000003560000-0x0000000003561000-memory.dmp

memory/2828-55-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-54-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-53-0x0000000003550000-0x0000000003551000-memory.dmp

memory/2828-52-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-51-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-50-0x0000000003540000-0x0000000003541000-memory.dmp

memory/2828-49-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-48-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-47-0x0000000003530000-0x0000000003531000-memory.dmp

memory/2828-46-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-45-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-44-0x0000000003520000-0x0000000003521000-memory.dmp

memory/2828-43-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-42-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-41-0x0000000003510000-0x0000000003511000-memory.dmp

memory/2828-40-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-39-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-38-0x0000000003500000-0x0000000003501000-memory.dmp

memory/2828-37-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-36-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-35-0x00000000034F0000-0x00000000034F1000-memory.dmp

memory/2828-33-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-32-0x00000000034E0000-0x00000000034E1000-memory.dmp

memory/2828-31-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-30-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-29-0x00000000034D0000-0x00000000034D1000-memory.dmp

memory/2828-27-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-26-0x00000000034C0000-0x00000000034C1000-memory.dmp

memory/2828-25-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-24-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-23-0x00000000034B0000-0x00000000034B1000-memory.dmp

memory/2828-62-0x0000000003580000-0x0000000003581000-memory.dmp

memory/2828-21-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-20-0x00000000034A0000-0x00000000034A1000-memory.dmp

memory/2828-19-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-22-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-18-0x0000000003220000-0x0000000003360000-memory.dmp

memory/2828-17-0x0000000003490000-0x0000000003491000-memory.dmp

memory/2828-77-0x0000000000400000-0x0000000000743000-memory.dmp

memory/4524-78-0x0000000000400000-0x0000000000508000-memory.dmp

memory/2828-81-0x0000000000400000-0x0000000000743000-memory.dmp

memory/2828-131-0x0000000000400000-0x0000000000743000-memory.dmp

memory/2828-130-0x0000000000400000-0x0000000000743000-memory.dmp

C:\Program Files (x86)\Agile.Net Advanced .NET Obfuscation\AgileDotNet.exe

MD5 5b0f00f24483a99adaa455fd8166c863
SHA1 0cf0b987a975a4002b9d86939b3a7220d68c7f10
SHA256 2f4bcfac54c540736b43235fc1cf60ad916308698c718093423b2d05229c3e75
SHA512 066be11dab00dad2fc69a593ae7cef6847c19dcd8ea8f21ee9aa505e8101f3b50de36211c668854accb5ee8d8b75852291766ac0219381e3662ab66f05a25c21

C:\Program Files (x86)\redist\Business.exe

MD5 c5cf5afe1b2c987c2c5ec72ebd512c4e
SHA1 675206dd6ca6a2359395ab75ccba23301cf330f1
SHA256 8e3b624bb7edfc529134abc00b1243672435e8785f4c82699b53abc4b1e86a4e
SHA512 a2af0d58bdc954173f460cabd31eb27bbbacad22b9423bd3edd94516cb6f9046da93d25f714ba8fd19b199b9b95eab315124a1170687e04ca26aeceb9d960e3f

memory/5104-391-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea667b2dedf919487c556b97119cf88a
SHA1 0ee7b1da90be47cc31406f4dba755fd083a29762
SHA256 9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f
SHA512 832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

C:\Users\Admin\AppData\Local\Temp\is-3JTRU.tmp\Business.tmp

MD5 a2c4d52c66b4b399facadb8cc8386745
SHA1 c326304c56a52a3e5bfbdce2fef54604a0c653e0
SHA256 6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a
SHA512 2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

C:\Users\Admin\AppData\Local\Temp\is-UCLQL.tmp\mbae-api-na.dll

MD5 1577a94bbea38b4d7a19720911235dc2
SHA1 338dc6ccc1633a4096542f56cd5d03113c359bd6
SHA256 caf73b77eceac575a5efde97a4be1d17d268edbaa85ec9e7ddc264169a4334cb
SHA512 1a28f61a869d4a82cfc80b5bed1704dc784a909579aa9e89ae7a6e0748a424cb21fa5c3c54deae7de23f53e825a90ffb308823015d83fe7a7f525c3211e759fa

\??\pipe\LOCAL\crashpad_4960_BRBMYUQNEKULYIUD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2ee16858e751901224340cabb25e5704
SHA1 24e0d2d301f282fb8e492e9df0b36603b28477b2
SHA256 e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c
SHA512 bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6a751eed2b15f0c52cf0ec251449b45
SHA1 8501bedbb89c044941436eeee2d9946a8c3a833c
SHA256 0af2d87ba200d22b649de41d765e4dd1ac9e450e054d6b9b5935ed617ecd947b
SHA512 e07e2e5b23e428d46f6e30a05792e03ffc676483596111d4fc1f04aa99c740e89465e97b2367f896cfb2a48b8f6fd0288344bc3ae72d6229a05657d3e27eae0a

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstaller.exe

MD5 a91f5e518c27199ce0066912a8b43a53
SHA1 d8ca54dae06c404d80656bd064dd895bff4cf097
SHA256 836f3c1a5aba805b340ddd63ea84420357d741d439f48795702f63a0818c8d2d
SHA512 43dd44b11d7dcd131acdbc13d1e1c9126be46ce72c9f85ca5fa3d2582b7fde84470edb539b7d8ec3558eb79051298da55e4ad7300fb3ee4533b10cc9a6d4c239

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae-svc.exe

MD5 1773a8b85df143f546ee49b7a6b82151
SHA1 655121c27c3f57b090a2400e05d043aae2cc1618
SHA256 80e1b3efa41abe61caf9194c6fab5265f128b60306b2200d187a885bbbb9feaa
SHA512 c57b01fdbcf41536384cf4db8fcf1c84c1f172836803d3c5634b267a2969ef3b653e697e4327f3f01107ce00d200984e0691246c03dd33240d6faa211eb86e3e

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae-cli.exe

MD5 3a2a259b1966a2416a5db40114558cb6
SHA1 30206694cc4a8bf59eeeda68b1236025acd12f72
SHA256 ea071f699797975ccbce51eb3aab5d8a499b7a59edcd025ad6c11f59a6071bdf
SHA512 de2b15afb63b897ae20a2085b31acdb667d2bd25f01baeb3583c536fadd247f4258ae4d830dde9eefc0dd76ceb35e120e3066cdb994c05f3de84dd05ed7d94a6

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae64.exe

MD5 252eac0e361e266219ca9c80b808fd29
SHA1 5347051ea53d63dd477d3c67a689e20f9c674ec2
SHA256 2119cf4280dac7328f196cd5352bb9974395b185e40a3e582a6f6ce74b6c09c3
SHA512 66bb2d6b15b14a195b0db1ee10c7885280747ce2aa4bb7c8f414818a68e55a07c0bf3ab0deb36341cc0f09d4104bb152d91919aecd635d815cc0b1a2efbdf129

C:\Program Files (x86)\Malwarebytes Anti-Exploit\license.rtf

MD5 1fcb3d5c0ea9d42ccff9302f91fdf7cc
SHA1 f5b8e5ad4c55ba66e6da2eb704ef2a8882b28456
SHA256 4fd3fb4f6d2728dbca0e70fb1c0eaaaf0bb9307e2f18a35ca38a1c17cd73dfbc
SHA512 1eed978b3251a330124c054e2e6d10268eae7b915001d71177eca1280c202e12d95af270fe938c620e17ce8351e61a378b0c7b4c77538759ef2520f12247676a

C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe

MD5 b7fe199c61755c2805a0b5aa6ad962b7
SHA1 3a910da724198ca9df76200e61b5c9548b710dd2
SHA256 c01894a246137a9af4b3b016139317bb964e635fd2009e9d8fa358425ab7e47d
SHA512 b8b7f1108c0a6993284c3050975c3e23d531cf3e75f0a02bf57e41f6b760e6752e20bc5f3e8e295a3cf981e0dacb05276f035b8a02a5510503ff23df74e93d19

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.chm

MD5 48ba3b03047dff5689adee91bcef7424
SHA1 61bbe86f6924f7a82105513cba925043015cb3bb
SHA256 91df8d715d7cb155e48ed2237521af444f36a5b13c3f33ca4e0c8cd9e3662def
SHA512 e25663d19fb517647d9bd23293d893c472eb12dd00d132e8b3966d31f1f807e6f5143f46df2282220b2fee2b22285c07ea2fb6ddb5997048b94a2360a2cea332

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-uninstall.log

MD5 d56413b1c6e691bccc002ed283363fed
SHA1 552956ce4f810acf0bf0a6235f705c3bf87270d3
SHA256 5efa181ca726d2b463d6a4bd4bdefd7a08ed12e8a84e422b366c6c33904abfbe
SHA512 dc961cf38f0dd4c87ccb122a2747d2960d4a27d8bb4b56d7e99cc991297a420940abcbbc63ccf52723e052048ea35304804dd53639c634a1e0073de9410b9b1a

C:\Program Files (x86)\Malwarebytes Anti-Exploit\changelog.txt

MD5 f9d68e6b3cde31d8c828fbdf73baf8fd
SHA1 e58e0a4acd0556c5d95ee814bc1eb3cdea62efa0
SHA256 31ca0edba7155c489871d45b172654e5b1cca57e94758391db4c9671ac44ef4d
SHA512 c8e1a9717d7b002690f9ccd08dcaf7e30acb7822b808ca1716cefd3925b7040a97d7b40c8b561924460402cf5517ccffbd26bbfff4fd6a6251bb2cf595520208

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae.exe

MD5 80547d42375d180a38b1e56366948bf7
SHA1 42cef18b3f93393f7486c3674b98dd87729eee0e
SHA256 bfe3910d9c19d9bf8a262c61c040fced562aa34365dbbc431355a6163e0f75f3
SHA512 b708a87d8ef5f9d497c0dc64820a4f2f65296e790f106f157961db93145fcf247bcd0dc5c6b9941d5d41cc7022443acad3b254daee37a35ecc84611e97523b77

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae.sys

MD5 21e53c8f45c4541e4596fde228dc3d72
SHA1 c06decbaf78d9e5dc3e8db5e0157f55668ede95c
SHA256 495dfde7e3c1fde8f0a55da1e986132d15a586fea1fc0f966a05729190bb61af
SHA512 2f5e060a0047a85f7b4993acd9007ae474ed673f7cccba892d3b62816b593c349a9f2a24cbff403e5f0e6ac4ea9ff5d6bdcf12196966681d0c49fd5286ecdd4f

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae-api.dll

MD5 1d4469a1cd1a7cc04e768fc7f696c514
SHA1 5a919e5240068c1f95742cdd4df6fd434547f41f
SHA256 4e4de211f891d66d7b7005f114f0c2b8d011942a047b8d0d71b65421de1fa722
SHA512 3e4d8abc0a0e8ee68bf62e836eee11e2767578a64c05f512afacd1593be1c798c631937f7419868b4baedda2c0a1df63b39ed303bc9874687d32594519fc440f

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae64.dll

MD5 53fb90ddd7e9caa56d64228393771ec3
SHA1 e56684adb94dc09b390f2b1b3461ef76e1f20633
SHA256 d19f961491d08003c7019fe2ff24a901673932acc4f855273790b847a9bae185
SHA512 6af730ec29ba25adcc8b1b5aaf6119003e80f5dd99ae3d557aa700fff0019616f69e425ba8812f61f8541f038fdc4775e5562c9af2c63403e2520cd3dec60415

C:\Program Files (x86)\Malwarebytes Anti-Exploit\tmp\mbae.dll

MD5 a084a20c651aefd97fd27d3a7915ed5e
SHA1 3914c15c0ef5e4c034c33f7625f9464bda96fc11
SHA256 41d43a0ef1b45a9aea6318e658ba77c7a67f274b867321adbe6c2fb9690fb1cb
SHA512 28e2a11ab3330f638de6868ed03c91caced90db779e03e38b2bcda6f1ef35b49c9889b269af45d71c4ad12ccc4cfb1200bb1f21a52569e2ca34c47e48ed21179

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 e7226392c938e4e604d2175eb9f43ca1
SHA1 2098293f39aa0bcdd62e718f9212d9062fa283ab
SHA256 d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1
SHA512 63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

memory/5104-517-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Program Files (x86)\redist\VisualCppRedist_AIO_x86_x64.exe

MD5 d1899aea6e78fbff0563c7001f2a60f1
SHA1 6cf5ba822d4646ffa72805872c56087ebbc132c9
SHA256 68ab06ae1d19045d1ea9ec87fe67c2102c8b09aca2c7ff3de897aebe7fe80f11
SHA512 c68489c5aba8b04490920791030e80056ca213d2dcd3fc8ffcbc5b89db58fc3aec06994a3f8ff7017e7ddafd1d665969bfb7a534a7e7b028771b9c046ad3b4c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f2e4741d5b9e231acbe5e5c53e6c0d7
SHA1 81b84a7bacf9932418e91c56078f04c564cdd63b
SHA256 60f4f6bc5da53e4918dac2b0261a0b104ec090fe65a8f73abfbd696d38dd352e
SHA512 a67d59d66110b5f19ea2740b04cb42784c9071c534953aa2b9a4744ea464c059335f76b265c40a7c39c9262b1ac778c783001462206633d8f500522f660896df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 723c8a6dd760fe28e1bb6a1a5cef3a60
SHA1 f5630978d841f82ae648a4d727a270af28fe90dd
SHA256 4528643c0a8e524258f558d89e92c4ec38d1ed5caf8bc3d1c7baa7e973f48cae
SHA512 fb033fc759cfa92b0a68b9f8ac2ee0c15cd5dd1d290cdaa51e8e7e313a902b458296cc231bbe57bfaa1423aa0295e24c7a104838d78f564aee8c90554c5580c7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\2008\x86\vc_red.msi

MD5 824f1f188704d3de77660d90fea6b136
SHA1 9bcad1428defece9f2ceaf647d9571ca41b3f40e
SHA256 72a46f29c780949c1151efadd899806ee192b6fb4a87a9646d638df95f3a0bbf
SHA512 0e67e74d11d9423e5b8c95f35e66f173d051e5863466837c3f9a4cc2064d4e4e3e1213437c29374abe6a888f48280ac45da9befb8e90ee3bf111f695916cc972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27c074493dcf4c4914eaf5178042e27b
SHA1 dfc7240fc1d24289ad7250155790c274fcb6d324
SHA256 ccf3f35a5b5ba28de184be164d189ceb64544ab309feb02f3fc87567ab3779c4
SHA512 4cb2f660e19db1b6f486eed239c46ae077c4f426c44184de29933ea6f59ec10319bcffbf515f562c64e1e1931f9e5d282ed7c3643002a9af90f6119f2a5c7be1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8eef3ed1372eec048ab9b682ecdb6ee
SHA1 0a58160c46d691d224c674c9318450630959351d
SHA256 8ac13477bf6e59870bb62f355758a4676b1425116c1cea64f53a2cd9e64bdff9
SHA512 8d2c0b273868fcc6901c3a84321e188debfb2fc8203cb0b6a687459900507a63980f09044b25a69bf9f984da89f2df88792d05e14f321593660ac47819e98980

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vbc\vcrun.msi

MD5 02a7a8f705fb831559baac094a0b4269
SHA1 d47da0b6572514af57c3246059a4039df059f72c
SHA256 15684d42d6107225e93cba6c6a3311a7a86d4b515027da263fcd949d818532f2
SHA512 a68108d6a35a91750489a6c4a599187c3af5eab390744f3b56036a092117a6befb5cae9df56284ad49bf97aa99ae3bc6c1bc31a52a00e89e26706ab25ba7c400

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.Office.Tools.v9.0.dll

MD5 3a2be55abc357cf94721d4c4e56dc1d3
SHA1 4b518eaf0311468d8afa07bc40c70b007f96a531
SHA256 408386e17d4c20bc2ff25e4e63469b1f089aa07726586ccafd6bc83f2910456f
SHA512 8e103db985f8efc2cc6e6bb300542ffa0cd79c33fedbc45dcd0498e216969e4a8c37bc5dcbdd6a025729050e793fa2ba56858b077bf55d9c74a5bf18ca1ff5b2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll

MD5 e3799982b9b14b4aade990a3dca3f46e
SHA1 828a8dba5778b5682a19b7f32be155ab6b264c7d
SHA256 986c35d252077e4feecde7ffbd758d1324d589447992625637427d989c0e3234
SHA512 dda5c605f45b24b565fb006ce0a23e9991be9ec22dddeeaadde3883b591a72ef1fce7574a57c9eaad94ad904e2e73abe2d384815e8bb2d54f04394fc70e3c6cb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll

MD5 4ac5c9714bf108cfa18a30ac045980b8
SHA1 94bcfb74222e30a250d06952c2d336b7359dc191
SHA256 c3f1195c1e25a7ab3f202e78d1a653a5a9955f88780c43526027d50a87ca61a7
SHA512 d8631798973c17a2ec930d7859c1fedffffc78abbaab3284eed9aac852320ebd524195d45b008790c89e2aa2ae55c4cdc51b2309fe4b7691d91ce79fbf0363af

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll

MD5 ee1ad00cc1f9e86a03af73334bb198da
SHA1 d8eb6282875b94c6cb0667fc8970c768e1fca040
SHA256 4258dca13af72afbaab2190052cd78c31fd60c1771a15bc718ffdb74cfc30481
SHA512 be4dfacd19f76087e8d3e0ae9a95ceed5b73bb1b8dc3b3276b0c3ee2378a459388cd2a65cdcd830498d993dde650f459ac151119bddce842f68f80902726f59b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll

MD5 32c430b1bf1348ca75656e3e8207c89d
SHA1 13b9c1b34b02a776c0067248ecfac5277e46d864
SHA256 698d79a05387757a16268ec99a296d6417153340f3df77ce76e70210563c6493
SHA512 1a6877ff69d484a50c64e2a09fbc7a0d3ceea149e30eadb59845b0a76eb4648d0ac6b9bbf7a76fa4ba4330d60fc51cee2eda4f6954da27126f73d78ac4427923

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Win\Microsoft.NET\Framework64\URTInstallPath_GAC\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll

MD5 e4b08f20d60a58b0c6728151236df043
SHA1 dde2390aa352f386eab74294c1ab27022a3d80fd
SHA256 c14678e8f41b6acd9be49aff9d06dedcc23ff7b5de51e5f6a237a92f9e9f6ca1
SHA512 dddc3d34e4d357b0d5ae48d830390ee0b15e8642888c8f755a96170ac32753b79f316e9507149565d0026d65cee37de279ebcbb23396f1159648eafd16100b62

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll

MD5 65463144c1fb623b0953969db41bda91
SHA1 5d6dade8cbc813ece4cdbef4d299e02996e8e2bb
SHA256 221cb5eab666a82d54b94fc03837f6fbbd2b8ac21c6d5be21ca4ecbf1e8618b2
SHA512 32a2e98d5221f88a69c3d12d38e975ca852e6304caf4a54219f1029e696d48b52b89b434dae6c5167e7133d3d484431c5236fbd1d0dffa655c7cdd94ed6b7c91

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-ucrt_31bf3856ad364e35_6.3.9600.18144_none_408c082234f947f6\ucrtbase.dll

MD5 3df1d7da8c1493a5a00c0474323fef20
SHA1 f771c2f2cc1b0fc8534c7670f1633e8316f62092
SHA256 a134a1d4e9143bce04a4bbefe4f7ee5ad677da1913c1186e021623df01ba28bf
SHA512 fde8e6a06b13ebc64e42e09583e1466d32812b907274fdae8a5e04ee27f108aa311646e62b65aec30db5a9c150fdfe478b1586a7c413101377de50899af36582

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-ucrt_31bf3856ad364e35_6.3.9600.18144_none_9caaa3a5ed56b92c\ucrtbase.dll

MD5 1eb17f650462eea820f4cd727d2d3ab1
SHA1 688f59160589ffa293502bffcd5c0e62e1993903
SHA256 24968e69daf49f58e812ada3e4cb24a66d6fb9ef14fc211538dd992b08ed1c3b
SHA512 4b2fd6f202d2c697d10e0a2751ec05128071c7a3f1296c9f41fdbf07b334d8eb48dad674d91150966e0ea925c8e2aeceff904bb3d055989de2e1f94dd7d4bf18

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Installer.cmd

MD5 16d16a4f17b3237db400b6a6e92274a1
SHA1 9b88979ad530b27fcb31801592d0b6b9bca46b24
SHA256 9cec220d05d4d851ee5dee8fed85bfd30953787fb62d3f1249d0749db9d1d0f1
SHA512 eb38032a4e3603370c58a45af4e0aa79b315cc7434ed367c8a2c1f1608954052431bb961fbf50ad789e7d640ed4335526dc96f847acef590e8973d7876f9a304

C:\Users\Admin\AppData\Local\Temp\wix.txt

MD5 bc66f31fecd60ef1960dab28cebf95f7
SHA1 7e01f8d33a08288e4b5ca7b3a2da7ba78317d5f9
SHA256 9fe8569e638d78207063ee60211f6cfb7bbc3bc2c87448e11e0eb8baf4094a3f
SHA512 7ebbdb300500a99ea1b6cb7c68940bf2c66372af7bd4402bfee229bd27537ad75816bf10690c7818c7ed00702927731c4f56597cf4d37251bb182c0caf76d8ff

C:\Users\Admin\AppData\Local\Temp\wix.txt

MD5 39be2d03301ce9c94fb217b1bd117c0b
SHA1 7e28ca09ab9cb687bba8ec0d3c0f2ac2b8cdabf6
SHA256 f31953e6c427fbe7669fa058651d5f248ef93e59a7859d5797865a54e44c9642
SHA512 fe70a9ecb8ed84ca2fa8cb9a5adc55fb718955ff68d4d9e52d52cc4ffe76fc9ea1aa06d6d35632a6ef9238c26653b0e4f7c9eb14a13f51c44cbbe588b36aed97

memory/2828-2081-0x0000000000400000-0x0000000000743000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220925_0_vcRuntimeAdditional_x86.log

MD5 c2d58785ca8170ee42b966dd7c2f8dca
SHA1 c5f962b9272badf61a767e1eed4f414824747172
SHA256 1d4b477e118b9cd7cf8454b8335c9f3cea29f2e163f36a6b9d3f33c34ac86337
SHA512 b33c504f7e28155d58db7188c14f3fc047dfe00e51f5cfad452121030fee0f1191234190092a3b8790479e33333a28e770cd91af9c429120ce330d885e26795f

C:\Config.Msi\e58633b.rbs

MD5 bd5fdb22fa16f3f127c11594e8d49000
SHA1 317e9c6cf8c9f100f700b972f56ef4cf0a80309d
SHA256 11f88a14b91906515a13b466204ce626d7dc29cb38079fa810f54f0e0fc2e895
SHA512 48d240c6be62c1a563f03fd703ecadf7ef31825055a8d9ad1718f8fe774ba17cb5b05a0f0a960af960c36df6306a7f0cb7c408066c8732a2d17b4d2389cf0986

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220925_1_vcRuntimeMinimum_x86.log

MD5 94c677b5e34b417470899d418cc0fe0b
SHA1 d11bcc070ab41d41d20c32050f01118cff222f1a
SHA256 1862fb25540fc126041dbc4717c8ba262e42376f1cf6c34dc2a24307c117f43f
SHA512 1d72603c1019e51fa95195ad2159c262d3e68d288db374560d8b8bfc4e34918b041aaf0164d9c0a7613ebd6808ce0eb0b63a02f828956cd4e5a65d1b0b23eca6

C:\Config.Msi\e58634e.rbs

MD5 46d3ec2288df1f7e887da1eb69fbbc84
SHA1 0a0cf7f7b6230ec6d0f6187289dceb5e37c62138
SHA256 2d4b55995674f49e951ef196a8dd0ea309476c8b618471acb71df8e9f25a6b39
SHA512 aed41e3e1d7e199d04054461a8d5a88fd66172f970b50ffacdd484c2185dd82a4c8b042fc4138514e0d4379ac1a3d1dfbb696dd91211546e1961758caded8d30

C:\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\wixstdba.dll

MD5 d7bf29763354eda154aad637017b5483
SHA1 dfa7d296bfeecde738ef4708aaabfebec6bc1e48
SHA256 7f5f8fcfd84132579f07e395e65b44e1b031fe01a299bce0e3dd590131c5cb93
SHA512 1c76175732fe68b9b12cb46077daa21e086041adbd65401717a9a1b5f3c516e03c35a90897c22c7281647d6af4a1a5ffb3fbd5706ea376d8f6e574d27396019c

C:\Users\Admin\AppData\Local\Temp\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\.ba1\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220933_0_vcRuntimeAdditional_x64.log

MD5 41bd0f18d188bf75fad4e11ad923fe4f
SHA1 850373c52da1265d7b893a56914fa7cf88c8ad0d
SHA256 a6185063fc7af41ae8a490bb1065a3a6bfde39893f0ee8ba6f28d044fc080ee3
SHA512 856838dd70ed57edf8f0c9400c2ce92e74915d394e999fc2f482db500b38aac4a0a9afdfa80a545034b3a8d5b5f8f1ca4ffbd7188fa2620bc01585d31814f131

C:\Config.Msi\e586352.rbs

MD5 c9b815cb521bf968bfa1ab6170a9c1c2
SHA1 371a93132ce0789c5131276d4c553b3899208783
SHA256 54cf5ebabf60ac949eb0307b5bc41a30b5e794b6d5064344811ca485e2774192
SHA512 b8516d936b86f111f098033a7034b4bfcccaf7802595f21360be8cfd76d47d0fc26c5a5d3d2c35763c7a7bd9bba4a8ffd92a90c67a542863ca6248c4a4a9176a

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220933_1_vcRuntimeMinimum_x64.log

MD5 bdfe2bb4f4cf26a88fadf1e3b6aa4d74
SHA1 25e10ce0593e07f1f9116a8b283596e2ba8f7958
SHA256 e0fe440d3c037cd8a05c55457e2b966d12f443d0983e98890bf3f59594bf50d7
SHA512 e220b945a3684b9e51e28bc71436a655ee20931c35d5199e9928f8823318ca3d094dc6d16b3d7f5ee6a2d9e02b42a7382d8d4ed4158e6b6d06404bb00f241c7a

C:\Config.Msi\e586365.rbs

MD5 a4dd9497b52cf2e99502fa89949c1d22
SHA1 9fd1b6c7c5b1eacb5bfd51f2003461c6fa0375a7
SHA256 14aa42eab1e0026b8ff54de2b23758dbeb9c11a8a282ab5748842cf6f667421f
SHA512 0658dcacc9eb0341a1322db62e1d9d35143e76058beafcf047acfc162662c3e1f51083a544e4ed5c0f524cc13490514561e096f8ab3fce2c4cbe0abddc53fbe9

C:\Users\Admin\AppData\Local\Temp\{61087a79-ac85-455c-934d-1fa22cc64f36}\.ba1\wixstdba.dll

MD5 a52e5220efb60813b31a82d101a97dcb
SHA1 56e16e4df0944cb07e73a01301886644f062d79b
SHA256 e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf
SHA512 d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220935_000_vcRuntimeAdditional_x86.log

MD5 9d7ed5da3f1dd678f31734437ed6f0f3
SHA1 586a5178f2cef0cf07937fa69944cff4a21e9b6a
SHA256 7bade5abb84da44cccd6f30d414567c57f9c66427e7d7364e26fc330b87870ee
SHA512 1386e58d12c885f2deaaf223dd801e75491026cdee25a07a69da95773ab9b215c8849c14790566ca55c27a4557c98c890246f94e30fa281019325d21cd6d079e

C:\Config.Msi\e58636c.rbs

MD5 10e0865bea2221e8824e0896548c30c2
SHA1 97d18fc681674f1cb7e74e331210ac4ed1a59acb
SHA256 a71e0967c789829793852e7e4be1816d70e1565b80305770ff2bd2ae11fa20b1
SHA512 62e81f5f40a13f36b7f4a9486c07f3542d668ad8867b36c842107485edc8fb0c491aac90f139629ed5bb4cfe2f502b8a01cb7f98d1bc7f8b5310b1c38c47cbd9

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220935_001_vcRuntimeMinimum_x86.log

MD5 6a6c2d22ccbb3927f1271e3ca92d9570
SHA1 e589d08e61d21b61e4db4e88a9729dc0942b7a4e
SHA256 6d1459d2ef2814c8335a92adecdc8446df0568042e27f251137d26c714063c8b
SHA512 669fd967dbfc63fa07f928ce38ba9875f9c45029d86242b5286ec0305d98e5727aa0ef15263e313b6005fefe51bcc0a3701d646bb6c6fab907e66522aa73a3dd

C:\Config.Msi\e58637d.rbs

MD5 b4d98e1a02b0413267736fb60246008a
SHA1 34670a336387f18c6081c4e52e927688f16f4464
SHA256 b0d53d9e3f981553521769706371277a0dfb4edbe7907577dd98e170c4fe9053
SHA512 e440c8a25f3095aa59d0412baf284ad0dbcc2c865245c96b3c0ed76d03aa17511258403d7a082712b197b2bbc968229efd3c099ad15b73d80015384f2ee8d188

C:\Users\Admin\AppData\Local\Temp\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\.ba1\thm.xml

MD5 0056f10a42638ea8b4befc614741ddd6
SHA1 61d488cfbea063e028a947cb1610ee372d873c9f
SHA256 6b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87
SHA512 5764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e

C:\Users\Admin\AppData\Local\Temp\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\.ba1\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220937_000_vcRuntimeAdditional_x64.log

MD5 2fdbfb682b4b9b69992fac1aab090581
SHA1 2ef8a491e8104243196184c55685546a47836e63
SHA256 65d1b0cd286ef0ea9b415a6b3e2d68c62f72b31274afecabdfbe1ecedd3464fa
SHA512 41e0950b3f822c01fe5ae6dfe891b8c3e09749337715182c73aef5b02c5250b6fe5099307d6e25a94baeaf1b6d28385b7180c6517a97f5cf8f7ea30dca8346e3

C:\Config.Msi\e586382.rbs

MD5 a7b9c82175468908411eac2946502262
SHA1 06c8e684fd7d0114276665fc6f0dd26b58636892
SHA256 f5711b706df68cf5f91983c4f472feb1305bf1c158d2ced620fc3a5f7639f967
SHA512 0c186b843a5c2591fabbc518d2478d46ac670b8deaf6332753bbf068786b1e70fccdefa1c9c256590b1551123101c94c99a93fae8434c14c54921dc9afd73a11

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220937_001_vcRuntimeMinimum_x64.log

MD5 75437a1984541805473cf44de48f9882
SHA1 d0fb20317d0a9c6189a32b83c4d479e5a48decbb
SHA256 1487429e9897cbb6ed49b79ce8784a1f43c2dd219f2d023765173925e5662fc4
SHA512 4476390bad9289ba67bb09a20e45634e10bfb52c45918b354f664567f73f1ae7dcffbb18c7b1c632a9eaf7066b6b21804dc898a2a3e8fc0783eb71fb37869a97

C:\Config.Msi\e586393.rbs

MD5 8d1a81b702152c5014313e9f711ef5c4
SHA1 d3cae17cec2862074ef5b54e7d80a98ab7eea805
SHA256 6db828f58d500042a247866be03f392541fc866ec135caff34c2927cb3b23a4c
SHA512 29c0284c4b09e75e94eee632f7a0591e6da1b1de23d28192ad1a22b992fb447d1a49dc3652d7b6a3aa2facae469ed272ed0a00c2dc4badac920d791bcbf6c4d5

C:\Windows\Temp\{7CD3E665-FAC3-4658-B9CE-9BC605F24EA2}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220939_000_vcRuntimeAdditional_x86.log

MD5 8fe4565844c9a88802581bedae2f5de2
SHA1 faa37dfeb528bbb8c902cc301284db06daced2d8
SHA256 e3761536e9cdec81786baa7056861cc5cc97c03c3568104973868fd32623e829
SHA512 f11dd8ae986f18e621b046138a0eb53a10c2bd74edd7f224288b219407bd4e643fee158a37d68c4220176443d8db99cbae42087c8a6962c62c2feaadd37c0eb2

C:\Config.Msi\e58639b.rbs

MD5 daa5ebf2ac557390dcef329f63679f8e
SHA1 f1be13bb5d3a3855969a4c0eefd0d0fcd1c2111d
SHA256 b0e69f0cc24f41cd551c8edf5c3276e7187200775162fdee7cc40265ddda519e
SHA512 49924169a9446443c5ef89a37fa3cb83fcf0584300b00370f13a4ec6b7901b4f580d881ca8503b4f4e35f983773a7b6ccc2d1a63d389f963c7ca30f284aa426f

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20240902220939_001_vcRuntimeMinimum_x86.log

MD5 c405e28ce5ff195958ae235af5f63575
SHA1 6938a61307161cf9b344ae8066babb0458edd8f1
SHA256 4a543bc24d930b2f5091291414b95eca08acd8bdb2595100646ac33e8bdcca75
SHA512 9a130af60b475245344f38a7832670501e125f24f3d578efea6e7c27285464dae294af06cfa8e47bc26c8882603e5f2dc0842472ee818bfd953d6ec9b21aa21d

C:\Config.Msi\e5863ac.rbs

MD5 f82ef0d31e8bcec133f9f108ebb83df7
SHA1 c326083ef697ad61be1ff87d9ea4645dd2181cc6
SHA256 f40a41a1b49e6c12b9922302d60b526c5dd769f6954a161a9646befe80f13721
SHA512 e075a293038adaa69bf40bcc3133ac4fd2337b2e13fae63bc500ea45f5e5fa17e9e0e0947b610f3c093b01660ccd9f07a077b0f11eeaa1d0b216b6ccd99a9ae7

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220941_000_vcRuntimeAdditional_x64.log

MD5 c887a2195d983a11ce6a3df45ba1f4cd
SHA1 9a33889b158218592cb417584ad50be20fe2a372
SHA256 2016301f1d711aa4f0d69336cc4d7e8c5f741410a8c458be3974818c0bd22787
SHA512 fbe983276093029f9706941a28b585d5dfcd116c6e681e3037eb8cadc5252e013f3d8c9f7e07fb101789ca19c701a312831f76a2091658d5ed5b2f9b5293fb9a

C:\Config.Msi\e5863b3.rbs

MD5 34b7fb3c0e02f5cb41bf5b53f1d4629f
SHA1 5c3badd16bb503fb76ff40532413682cc779b824
SHA256 cf3eb843231498ee8d49b7072911b371a677604a0d38b7234b509cf7227d1137
SHA512 7546ac26a2a86c20418934e090662857d12c54ebbfdf6f54fe6684fc861e9853efb9c0158f521d2407423eb5b5dd7e482ceab559f424fcfa588c16fce7620d00

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240902220941_001_vcRuntimeMinimum_x64.log

MD5 dd15d82e4625f25b6569c021f5da57a4
SHA1 f6060e8bc67e063e162ab9c9a634fb5d9c98da44
SHA256 be5664bdab5dfcb13153c12e66013b94ce5a35fc6323ad12e39ca5d704ff4efe
SHA512 c2af2c4975b1961742c9d356ebfbeb87fec8a7927959543f3294095c804bf438eacc722694c9c2702f3695de9fd2b24f5b5fb4f324f4b5a598dae5e023479682

C:\Config.Msi\e5863c4.rbs

MD5 4370a50e355cc82eaf2e28574faf6ec8
SHA1 0167698684a7c26ac39892796811cca1d3c28348
SHA256 349696e5e3ffb5b856ea1497c85f51cc11cd7c7996e3394f76f9a569a1cb97eb
SHA512 0fba40938d68b8b03f8a1eaa79c89eee728909351ca8061ec3abd58ee315072e2e5373dfde5121392fdc197644e3f723d67c683aa49f83eb0cef928b894a2d51

C:\Users\Admin\AppData\Local\Temp\msi.txt

MD5 3309d5c3da730fcae9c7904f78842f1b
SHA1 ec2c0f39cab49805bdc12eec6ec561247df8125e
SHA256 30a391e58c990a092796dd0550793417f789d688f292dbaabde9e9c621f7572c
SHA512 058312e30f263b0a80f993d7edef59eb7f562d733b0ec37213307f088d56fcbc9eb68864e09ceb27bb75a28c8d76875d1afe73d712cde22d594a187b51b9b18d

C:\Windows\Installer\MSI93AE.tmp

MD5 46790e2748ddb98e3d6115a5f0360ed7
SHA1 d041d6aa45a7fd2433b46560377559e04b92f7b6
SHA256 76cba690283ad7098dcab60a090fa20066e1ec0c952ce0e73dbd3f36411ef39e
SHA512 c1964abf5ca969a2e3e0cc7923766db5dfa999a849d54119e53730686a2b5d3e5cd28d3c375ba012c3d2c29677aa336ac6a48aaa45b466975caf045ba9dd895f

C:\Config.Msi\e5863d2.rbs

MD5 523eae5784e3ff942b391a9228e72341
SHA1 2c5f23e39b3340e6e6c34f3df75e6bb8a9dcc7c3
SHA256 26eeae73c301a5f0317a72d3718f220e71ea03ad7b5f0b72c8c93b9c616a7b66
SHA512 a97f8ddd7e7ff1eb679a0191e8bc1cc7ce7f23c74e78693e699dc62a89230598567d7255aa13adf798a7834397aec32ffbf9f7a812568dc30d5eeb597ac52f9b

C:\Windows\Installer\MSI9969.tmp

MD5 393da89078925f78e19445882c37fc59
SHA1 1313f4e6c62670f1b10aaec77c105be275f50121
SHA256 bab5c035abecdb9e89b93dc5cc688b5c3e5c6aec4000e466595ee3ebb3342ca4
SHA512 aea5690cc1e6decedfb963c728b880ddcccc3d15b190943a890c38d41057d3511afff2e6298c6042ad2d862abb13e95992406511356bc58bad82754954f321c0

C:\Config.Msi\e5863fa.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5863d6.rbs

MD5 2d2a060eec959e446ee3e1246ec6245f
SHA1 8a3a71759ecc32db07096b2d3644868f7aef284f
SHA256 834c44e60661a9a995086e8eadd0be87d68f8a3c7fe1285ebaf1ae20dd37841d
SHA512 8132060a042bfaad24e95f70a7e150ad261e76f7ce2d72101ef7cefdbb2e3ffaab6936f985f39bae1b80b7e570a9b949dc13a0d3300ece179878b49f494344e6

C:\Users\Admin\AppData\Local\Temp\msi.txt

MD5 3202ae5dbae572888b398638c20b1b2d
SHA1 4ca3b72899993344bf6ede1ce058c452c1c98c4c
SHA256 cf6fe24fbe082db734d9621bfc020278bf33a1c566a91148cb2a2a43f759d60e
SHA512 6650f55ca78571db677b4a7cc9bb9ef021a035a0f1c24763b31f902b61a801ab7d19b49b7d6b8ee2daa5e5ea7c2346b015fe73e7fc220b18610759fe3468f270

C:\Windows\Installer\MSIA5FA.tmp

MD5 d36a56e88a78b4d3c7ee1f4f804e17d6
SHA1 a520426523be085ec67291241f4219ab13f4d4b8
SHA256 8178c4a2b71ed1d6887df8e0ee4a6613f96a518c43d27b38dbcf8a3d447a38e5
SHA512 def633644549d1bc92b28e8e577ad48391f774551091060b393283940ea53b22a612b3d8648640ff3bb436d36ac2edd704cfd3768a7014b01fb8fd438c51edca

C:\Config.Msi\e5863fd.rbs

MD5 655b3581a6f576c1d9fe322416c4c07b
SHA1 c00437b52182981958e2bc8fcefd2ea48ee6c5ea
SHA256 c2d0dbea75734d4686591420fb144a5474d94e2cf058bc78528c326048bd9809
SHA512 b630bc9b5d0e97111f7a288a2ff1bd953989b8c3c1bd63bec202581e4716fede9dd1c359bdb755dd96c54645ee065817f1e3d3e356d4e7815ef3020a6b6c2649

C:\Windows\Installer\MSIAB19.tmp

MD5 186694813c3d5e33202a1a72c5079cc3
SHA1 90a9c2bf6419be6f46999e137c2149feca62cd13
SHA256 fb13d67c05d0e3c693701d782a55bc002ab62e972e4f018bd6b1717493bf1ae2
SHA512 57bf8ef4bdc08bcd7a83f82d14556710a2ef0cc7ef63366c48b144002a5f70cd58a130011cce648dcb3e9f62eafd6b188aa908b3b8f324448fb38567e499383b

C:\Config.Msi\e586401.rbs

MD5 4c7097565f58c4df4906ee433abfeba7
SHA1 eb9d18ec674e961c3af3bca7e984c5df91258b96
SHA256 71bbfe475b265d8580564ba6cb59c4f0ca82240021291204aa42342be20b2410
SHA512 65d7b5bf8257004113c2012e4bc8928c22a6ca120c59be9f5c1be48db65eecf867c3fbd4d11cd7efd0c58e259e8015bee1b16cc100cd7e25391a4f6d6119bba4

C:\Config.Msi\e586433.rbs

MD5 e6b1e24706d75411df746f3bd89df569
SHA1 349aad394796e456ce7a9fd0ad93dc8d16f99524
SHA256 bc581dba02e372e3125d2c21967fed7464ac7debda4050252056c2d8b60cd439
SHA512 6f6cdd797a6815332bc5225d7888c5d0755fc31dd9642b6daad7eb6cdd3b2b209dedd5bbedb652112e7c7124943c5905b05a53d5778f18d412e9261665748ff7

C:\Config.Msi\e58643a.rbs

MD5 fc3f7d29a022b1eb0eed2bc441724fbc
SHA1 c29cd2745d32d8b2335099e76acf6be44efac6c5
SHA256 bcc5e9bffae53ed76d217c662838209876b562e14dfccb6b22d03aa5d22524df
SHA512 87998fc4ea18fa6c024f6553d7e555a8c3380a1e7b924f6b09245b9e0539f0b65efd3015b7b269411e5e9bb5a86f17c1cb4f85d6b9618881a2e6a35dc2aa384c

C:\Config.Msi\e58643f.rbs

MD5 57977e3b4023147b1add7b02d5434d0e
SHA1 2e075025f1bd18ed4bbe792a307ab43edc59b655
SHA256 abbc8c6c16c666a8b6ab2c4c5331f5a0083aaf54d75252c6fe5e66a2e238c865
SHA512 f80a76ecaccc75880069cc8314204d6c9a4d54b15260b1724f505b42131173e18922b2876e715cf2855e03ac853d70676b5b783b40e1a0d4f9596e61eeecf695

C:\Config.Msi\e586444.rbs

MD5 c5dfd88d1ed9665394d47058f74cb150
SHA1 b8056c0afdbae6441c956b22b2e88caaa45d1b04
SHA256 bd658af21d59463481baab17417f75e03844516b069a17562b01b7def212440d
SHA512 0b65718050591ca4acaefe3a72a0c9bd6653311e8d03838eab7d167e691d54f28b1240e379eccc1a518a7824a82347afde6c8f7933f5d3b11008808718e05bd0

C:\Config.Msi\e586449.rbs

MD5 d8fbcace8060864cdcde4bf099511d6c
SHA1 4291cf46fe9d6031c677273148a9da8d8b2ac8ab
SHA256 02104f792be89809c801a0a0e9a54a76a94d8f894de633db21580455ae2a1ef1
SHA512 5de6fd9c163ea2342b03f0637aded422a0528d4b94892272bfc0ee1d7f8e7bf91b71eff47332561a8884f7479500e26f942c37aed3c500212767dabb8cc6332e

C:\Config.Msi\e58644e.rbs

MD5 e9c9b488e1abd801ad593507864388f9
SHA1 ce9639ace7b3c5c4d459bb9731f209411bfc3910
SHA256 d7edbca3b0653daadc0a46806f996beffc45566f39359171c1b1395950971e53
SHA512 c489b878d8d6c9e64338d9a45b6a9d767432edba1fba9a30caed2a896ccd9ce4d8051ecd022ad728cba6246d3afacf9e040b52edd0165863f1f6ab2a5bcc58b3

C:\Config.Msi\e586453.rbs

MD5 682e928d7678fbdf620e6811d850ce48
SHA1 c9aef46ef041fd64040037da48841a24aac95801
SHA256 95f580e7bf3b8c0af36cc9bf8a629ccf405b278c6bcf63c52375e98e49429c24
SHA512 7478adf1ed9992cf607965ee90c337439a266aee4c2504e9ac4be7cf4755b9cb001b21d51a234c931fc4b6b16e79c6b25e03f3c88ad7b106df0f81b6b85bb40f

memory/4144-3213-0x0000011C8D4C0000-0x0000011C8D4CA000-memory.dmp

C:\Windows\assembly\tmp\4QHRZ205\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll

MD5 081cbb2b33b8707f1cc51d8d03205d5c
SHA1 42c1eb1008212cb3553a3aa3b0ad509e6257480b
SHA256 0c1743c01c049f73f6e948ea62332b9bba4333dff2db05ae59cf9e67cb046bdb
SHA512 81e576da0e72ffb3b787f0f7212fc28005e7673bbe5fb0e08145408b1c23fc95967f43642c6c4b9c899a9749ac3e2360dfce783d04ff29f9a84919f971e08bf5

memory/4144-3217-0x0000011C8E7C0000-0x0000011C8E7F4000-memory.dmp

memory/4144-3227-0x0000011C8D5E0000-0x0000011C8D5EE000-memory.dmp

C:\Windows\assembly\tmp\QAKW8DYG\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll

MD5 9aca167b44c968ffbb76c54300ed14bc
SHA1 e09cb1a38c774d8f779ec5749b168ca3e3448654
SHA256 e90286d537d4f1e92274c5f184cef8f234213c4b239a4e6a3e390815040ecac1
SHA512 8d1de5a945ce39d83ad097ee86b01fce11039dedc1c3741dae2b947d80770dfd4ad983baa23fcd5d328b94b909d7917bfdfcda9511f77a7f667534d89d251902

memory/4144-3224-0x0000011C8DCB0000-0x0000011C8DCDA000-memory.dmp

C:\Windows\assembly\tmp\MXYCNO9N\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll

MD5 d0d87fd4383b07586ad1f57053b9dd45
SHA1 02ba37b8917b23a466bd58285acebbdf0425bba5
SHA256 c5c266cd1021a1a893a832d465709fd49d6543bcec39dcc838ec1b336eef1ea6
SHA512 94dab03b23a26387f9673063da495d7efdc0a0e6b875b3e4762aa413a9fe6a67083e65509ecb24b4f23282973cdbf3f0882b53420a1d5349c7057c1b6737d676

memory/4144-3220-0x0000011C8D4D0000-0x0000011C8D4DA000-memory.dmp

C:\Windows\assembly\tmp\RX24JNZH\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll

MD5 56eeb5de31567dd9e5c0d72667d430d7
SHA1 889bb6086189d6c8f8b9ab66ba92bc98225a19ff
SHA256 87bedfd052846290e483d280d28d847c5301d89cbe7a9301296424d944e2f6b7
SHA512 be3dd48f40d8e73da642f93706975a4c15e7fdf417505dc1ab0f06e815740a8fcad2c318bc7cfe74f91158cfa86ec208775c7672b823ea003020ba7ad75ddef4

C:\Windows\assembly\tmp\1WHPEW92\Microsoft.VisualStudio.Tools.Applications.Hosting.dll

MD5 9271c97ab5dfea2f07276294260eadb1
SHA1 af4a8f4263854f1d894e011f12c20f7ffb999be3
SHA256 83bc5de456cabea05e1ddad4891973acc71ee79bf2e0baa8959925b832482b07
SHA512 e1c5df44ad0195d51d1031fd0ae5aa80a21088390b70a3e88de7865731ba9606b3414ac500c8fb483ab8e7ba866c2b7e5b6ada27e3a346d54adf390ac3cdeb1f

memory/4144-3231-0x0000011C8E8D0000-0x0000011C8E906000-memory.dmp

C:\Windows\assembly\tmp\83NMJPJE\Microsoft.VisualStudio.Tools.Applications.Runtime.dll

MD5 b0d9f341933c81fc09457c7a7dc892be
SHA1 155b6cc40a33c3bfa6a29e1b3047e22a70d7eceb
SHA256 02c599ef2a67374754cd6ecc7197bf751fbbefc56eee4a0e718ad906193fa6fa
SHA512 bc76a45739d02c9846a062feb0d5352f3e15398222198b5d3a40e3717a4cce7ade908d07a024ef0a9f2d998b310f656aa54ece3333ec91c3532b358179906aef

memory/4144-3234-0x0000011C8E890000-0x0000011C8E8A8000-memory.dmp

C:\Windows\assembly\tmp\8PSJCZ5F\Microsoft.VisualStudio.Tools.Applications.ServerDocument.dll

MD5 c5ea27074636fa8603591a82c8adf9c6
SHA1 b5324b0d5822a4e7b7c55d13ad9bbc74b7c06b44
SHA256 71986f30c7c84267c378885c236a1d077353e5b3a8361ca062cf9f0b8ef4aae6
SHA512 c7b754e4c04ca2b7586aac2153e368094648698f475bdf55d19a8d392907227d24a9b58425e55d789ee47002f532f0726d3a3e80aae139a4bb0f09011f227a0d

memory/4144-3237-0x0000011C8E950000-0x0000011C8E984000-memory.dmp

C:\Windows\assembly\tmp\FKZQKJSE\Microsoft.Office.Tools.Common.Implementation.dll

MD5 ba1494f98486a2d81ab8c8397773e75f
SHA1 c3d63c34c4659862c39da0cbd8cae0796e7f5881
SHA256 bd1f1fd9b729f3d7b5538a0ce970999583c495996cc976a05243ea306fa15122
SHA512 f00a9fb668644be2563287a67c6259e2e59913c771891cda48908bc6afc5639ce3480afe1b0b63be4f5af6a1b9aac4d7a2203b9d13c9a57d0d531975d1e79a94

memory/4144-3240-0x0000011C8EA40000-0x0000011C8EA9C000-memory.dmp

C:\Windows\assembly\tmp\GRMVQW2V\Microsoft.Office.Tools.Common.dll

MD5 1f6642901be2e8cb1781f42ea9221dd3
SHA1 ddeb8341afd5738e47c68167d025317e90bb5cb4
SHA256 c1ecfec1b7c5bb334311733f3f128d9458d1ec4c8fed084457e974b9dd86f97c
SHA512 cf00dd543c4e8d0309b5e273b96f959a8c227243eba941cadfd313ceeb8e89c2faaf6c93869b4ce170f6e4078886ef05a1aab0110c1ee312a446947c475fcdac

memory/4144-3243-0x0000011C8E8B0000-0x0000011C8E8CC000-memory.dmp

C:\Windows\assembly\tmp\7J7ABXAI\Microsoft.VisualStudio.Tools.Office.ContainerControl.dll

MD5 b96bd5ef4be841e3a6fe468f8d3af86c
SHA1 e00510df4c62c48eac6b58e00142e3a673b0d2e1
SHA256 d05ff6939d9b662258da791cb4f1bbd492bd0b4818fa20bc28d128e638e178c8
SHA512 0237cbef9a8af1a3de1bff7c38f2ae47efb88c8204cddc9ef2a64e060826fd8eaf9f75d62028676a66e42aa8becbb4803ae362f960d6b08c58e2bdd68d11cc4f

memory/4144-3246-0x0000011C8E910000-0x0000011C8E926000-memory.dmp

C:\Windows\assembly\tmp\17DKBEW2\Microsoft.Office.Tools.dll

MD5 d9d8720e574ca2c4d73af18af5559c99
SHA1 65abe011c39187ff9e8c2029eaef9bf2195a62a1
SHA256 ff6eb35df52286db68204c8025edd1a363b9262df8f66992a7200d82be74d3c2
SHA512 233ebe6274031b625f0c631ed758600deb0cec51b12924c3c67cc516c1c0f8781607f72c5e5b5d2ce9e080a8586dc3964914d951d111ebaf4beb93b0cd0d5c11

memory/4144-3249-0x0000011C8DC80000-0x0000011C8DC88000-memory.dmp

memory/4144-3252-0x0000011C8E930000-0x0000011C8E948000-memory.dmp

C:\Windows\assembly\tmp\MHOYDXYP\Microsoft.Office.Tools.Excel.Implementation.dll

MD5 66fc0bb0e940871a6e6a91544a4e9245
SHA1 9e684859645e15a3df7dcbf4d3885daa92291387
SHA256 ae1ebaaa0833e24018f7f9979b0b998df14f4c774f24657a8b4d57f93b154bc5
SHA512 00719150c7da8a1f68c68126f91d7b8b9c8f851c03f86d37484d897db85739d4a51cc69435d6dcee9ba2fb5582d6dee45f6762a7a7924850eb5165749c3f0e64

memory/4144-3255-0x0000011C8EB20000-0x0000011C8EB96000-memory.dmp

memory/4144-3258-0x0000011C8E9E0000-0x0000011C8EA0E000-memory.dmp

C:\Windows\assembly\tmp\LYQXM8AG\Microsoft.Office.Tools.Excel.dll

MD5 92763b8c90df9130f2befa2fda4300a9
SHA1 49cc82031b910ee3d1d4d8db73accf2290bafd99
SHA256 462fec6b2b9124bde32d42864ca88a8fafcab25cf4785891f42c0f4b7f93b092
SHA512 5baa914ac314c3871581722cc17a3fb614c053fe2650b7795a80fe5f2759e74fd72ef1f948b8164b08ffd3b09d9411a15d479342bc4ece2c16b184448b5caa03

memory/4144-3261-0x0000011C8DC90000-0x0000011C8DC9E000-memory.dmp

C:\Windows\assembly\tmp\3UQWVCTH\Microsoft.Office.Tools.Outlook.dll

MD5 c247453494d6d753406ee361552ff08d
SHA1 4092b6376b9f23980fd060b28e405710b22ff30b
SHA256 6c4ee23d9fae50259cfa5ddcd7d9df6bd11113652c6a0819d2048b221447ec83
SHA512 fde000aab02a6a18857e542012ca6f2f3042d788b3f4697449a25a9c67f69a35a388be24613dd8a38b63384c5c9507382c5487128edbe981cd527eae7e4d670b

memory/4144-3264-0x0000011C8EA10000-0x0000011C8EA36000-memory.dmp

C:\Windows\assembly\tmp\AIABFU7Q\Microsoft.Office.Tools.Outlook.Implementation.dll

MD5 e938cc784f563c9a6629ea77da50c771
SHA1 20ccb42c502a479399eb0d5595f73685c30c631a
SHA256 3ff0c6a6fe21d8b53f817898663edc1191e5f693147ff8cccf02546076690227
SHA512 a6a8fe0014b5ad1d20697d04a0f9a328061ac01b44e56cc3232d4a5a8b93a15c6ebbed7de847d944c9e8405ded341d806a60dce211aed02a403f563ed25cd934

memory/4144-3267-0x0000011C8E9B0000-0x0000011C8E9C2000-memory.dmp

memory/4144-3270-0x0000011C8EBA0000-0x0000011C8EBFE000-memory.dmp

C:\Windows\assembly\tmp\W428M62G\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll

MD5 53559db577b0b76f3d2b3e53f3e46baa
SHA1 90f369e6112e25d1bf9292683cd96439e7b355c2
SHA256 131a20dbb41bf7dd7ab584ca23b5dc31f83f5f3393d71fad0c9a50598ca74688
SHA512 04230a326eb7d369d300ae55e3edca982cf0aa21794c0ceb833ea164f490faeee488fb85257c33fe4260a6793bdde7648290de4d6ee991574ecd9961951559df

C:\Windows\assembly\tmp\UEQT4JB1\Microsoft.VisualStudio.Tools.Office.Runtime.dll

MD5 b226ce859695ab846a8a37e3fad3b994
SHA1 545afd72de08a91770b7ac330713d539fb224d0b
SHA256 46d6773708ba7a1a42ef2eed83fa0b217c2a1ce187cc399f8a8b4322a43186d0
SHA512 8464477ad8e1a8bb19e8d3843093c0243d397f8a78ea08908fa83f293f5556da0abbc478e7a251420d6c9251b25c615a7a3559b622e865c32ab7ff67acf4866d

memory/4144-3273-0x0000011C8EC00000-0x0000011C8EC66000-memory.dmp

C:\Windows\assembly\tmp\V5S3JH2D\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.dll

MD5 a8c894ba5ff23d432f9404360dffb95c
SHA1 fb4ac7311c34206a1f7f5893a99338f9c70435f5
SHA256 aad4335e9b9d01427b93984610ba280064dbe53d540eddf769a5595209465e25
SHA512 39acbee48d4907eb4aca643b9f1f7d3322ec3c3f8dbbfb066bba5d8a96d5891a2f70ee017fb4eb76b9a20b6861b1988f82143566912c1f0ae9c3f17876947f0c

memory/4144-3276-0x0000011C8EAD0000-0x0000011C8EAF6000-memory.dmp

C:\Windows\assembly\tmp\Y51FFJ0N\Microsoft.Office.Tools.v4.0.Framework.dll

MD5 2e3d8c68eb196999f24dd2892e3928c7
SHA1 0cf00141cbc4c6dc3864bf64ffe00bea7cc53516
SHA256 d2bbca206a4c9adc3653d89de28cf5cbcb2f207f325b88400221172d374cb8aa
SHA512 431f991657467ba68a4090a78689df4b92edb1ab3d15a027f4b3778d78ccb1fb616aa73ab38af36efd09796bdc037ec02e58eda34d35b4dd448c1e33002ce801

memory/4144-3279-0x0000011C8DCA0000-0x0000011C8DCAC000-memory.dmp

memory/4144-3282-0x0000011C8EAA0000-0x0000011C8EABA000-memory.dmp

C:\Windows\assembly\tmp\R2WNCMCS\Microsoft.Office.Tools.Word.Implementation.dll

MD5 b97883170674d936a1ce67e30c799917
SHA1 dd6b71efe3ad8f465e7bdacc736d9d5edba4a5a8
SHA256 a2e32987b35ef69c30fb77d6408f9e8832c5aa6191cdcff14584dace16be9de3
SHA512 154f03d99344400e27f21a4931eba85b8c981e04149c2b9c4e66405bedd94f12ba0e5c364f56d0e59712621415a5c2e77a2797cd3fc1cccc1d63019738c489d2

memory/4144-3285-0x0000011C8ECD0000-0x0000011C8ED28000-memory.dmp

C:\Windows\assembly\tmp\PAF0BCNK\Microsoft.Office.Tools.Word.dll

MD5 1c888498ab30ebe0970d6580b5b9de18
SHA1 d1bc9e79cbd7a95866b1ecb66b60f2346ae73f83
SHA256 3aec1befda3f7697a056e15bcb2e224e9d51c030226695f0395feca465199986
SHA512 80d3bd1e9caf896988ff05c22747269be63ee8808b6d22c0f4ff123979c1368e82d1a5ee54c584da50a0caf72a8970aa5da9297e68f77468001207372ea8cab9

memory/4144-3288-0x0000011C8ECA0000-0x0000011C8ECC8000-memory.dmp

C:\Windows\assembly\tmp\DL7ANEUF\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll

MD5 7b3e31534368a47f43e8567c53436e87
SHA1 da240a98b20fc4fa50bf44132f1c8bf0b008c7b1
SHA256 35b314036d762404bee6d909e4688c995bf33bbc24a518e44756e6c176aae733
SHA512 cd7648c81d6a9e4205796824fa2271fb50c5f3c12fa1ba11868a1f8c0ffb7e7275d8940cb63157f28f09c8cc0ad33e9bba2d8a324aa5124fc570cc9bab118938

memory/4144-3300-0x0000011C8DCE0000-0x0000011C8DCEE000-memory.dmp

C:\Windows\assembly\tmp\RI3WVK0Y\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll

MD5 180fae4fbf3c08686ede2978c52c7578
SHA1 f01fd9bd577375a9cd19ebc682878f7ca16042bf
SHA256 6a9202e772b5f27eff0d1045f99c75945bf138b8b9d64b3a357a5890fefd9df4
SHA512 47e15c79fcb5b0ae2d8c3238a8c9213f2231754e8e033bac908fda027c65ead4333e8cb36313d57190298d6e0bb6021eccd385c29fe3cca33ae8d7a9ed43a708

memory/4144-3304-0x0000011C8E800000-0x0000011C8E80E000-memory.dmp

C:\Windows\assembly\tmp\2WEKJHYB\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll

MD5 4972166965a977047f5a15ebd2e26577
SHA1 df21db439aa28e7dfbd40abcab207b4ebb00bdbf
SHA256 0cbe8c184ae9bc3d778a0b8a71a47c6f4aeecade8a56bdae2c6c1a4b1c3679a1
SHA512 6eeef05f86b2ae117e228b5abf4f87a97cbc86e64cbff8e61bef1ab21515856b0d5510897bcae0684a339670fca81ac3e7bfecb15c6dca612d21e1e7957e751d

memory/4144-3308-0x0000011C8EB00000-0x0000011C8EB14000-memory.dmp

C:\Windows\assembly\tmp\S59JL57R\Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0.dll

MD5 e819c4efbd3768434d7017d3bbc685ae
SHA1 0a86d63669b44f4d682ea1571ce68a832463e1bc
SHA256 8ff73f6ce604af15467e7fd76f97fee522b369aee9a5d139935531c32dff3625
SHA512 14403892ff6b5f365e9bda591f47872546acce39adb57a743b2ec244187048966a92ef2a381ccc9497e2fb573208d9da63e51af43b16fd25352e94de04723b0a

memory/4144-3312-0x0000011C8EC70000-0x0000011C8EC84000-memory.dmp

memory/4144-3329-0x0000011C8D5E0000-0x0000011C8D5EE000-memory.dmp

memory/4144-3336-0x0000011C8D5E0000-0x0000011C8D5EE000-memory.dmp

memory/4144-3343-0x0000011C8D5E0000-0x0000011C8D5EE000-memory.dmp

memory/4144-3350-0x0000011C8D4C0000-0x0000011C8D4CA000-memory.dmp

memory/4144-3357-0x0000011C8ED30000-0x0000011C8ED5A000-memory.dmp

memory/4144-3376-0x0000011C8DCB0000-0x0000011C8DCCA000-memory.dmp

memory/4144-3370-0x0000011C8ED30000-0x0000011C8ED8C000-memory.dmp

memory/4144-3364-0x0000011C8E7C0000-0x0000011C8E7F4000-memory.dmp

memory/4144-3382-0x0000011C8D4C0000-0x0000011C8D4CE000-memory.dmp

memory/4144-3389-0x0000011C8DCB0000-0x0000011C8DCC8000-memory.dmp

memory/4144-3395-0x0000011C8D4C0000-0x0000011C8D4CA000-memory.dmp

memory/4144-3401-0x0000011C8DCB0000-0x0000011C8DCC4000-memory.dmp

memory/4144-3408-0x0000011C8DCB0000-0x0000011C8DCC4000-memory.dmp

memory/4144-3422-0x0000011C8E7C0000-0x0000011C8E7F6000-memory.dmp

memory/4144-3415-0x0000011C8DCB0000-0x0000011C8DCC8000-memory.dmp

memory/4144-3428-0x0000011C8E7C0000-0x0000011C8E7F4000-memory.dmp

memory/4144-3434-0x0000011C8D4C0000-0x0000011C8D4CC000-memory.dmp

memory/4144-3440-0x0000011C8D4C0000-0x0000011C8D4C8000-memory.dmp

memory/4144-3447-0x0000011C8DC80000-0x0000011C8DC9C000-memory.dmp

memory/4144-3453-0x0000011C8DC80000-0x0000011C8DCAE000-memory.dmp

memory/4144-3459-0x0000011C8DC80000-0x0000011C8DC92000-memory.dmp

memory/4144-3466-0x0000011C8DC80000-0x0000011C8DCA8000-memory.dmp

memory/4144-3473-0x0000011C8E890000-0x0000011C8E8EC000-memory.dmp

memory/4144-3480-0x0000011C8E930000-0x0000011C8E9A6000-memory.dmp

memory/4144-3487-0x0000011C8DC80000-0x0000011C8DCA6000-memory.dmp

memory/4144-3494-0x0000011C8E890000-0x0000011C8E8E8000-memory.dmp

memory/4144-3501-0x0000011C8DC80000-0x0000011C8DC96000-memory.dmp

memory/4144-3508-0x0000011C8E890000-0x0000011C8E8F6000-memory.dmp

memory/4144-3515-0x0000011C8DC80000-0x0000011C8DCA6000-memory.dmp

C:\Windows\Installer\MSIF1A3.tmp

MD5 08895ffbb06b9e35893a77b8d613bc53
SHA1 8826feda89dc5905d6c327aed3aa839a510b96be
SHA256 ff95ea08d4eb2a9879c839179b0a0bf223268afe84430f23582208c814ee19a1
SHA512 fe213b0050b9346b6c7a8583be988870e7442c64407fbbd98d952653e206037c108780dea9f0ea9c51346d021935231a774b040ecccaa6123869e6318517b1b9

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 0604de4e8bc6ab095c598885f40889e7
SHA1 ebb6325c0f8b7266113789cb704b4778fdd92156
SHA256 b0a0e9c772936e9ebf76cf8100c022f514aeea9acd47e77e83963918c639d2cd
SHA512 33bd01d3b3bc7b0285db900fe39010548a33cdc926819c0970a4b6ae31701975cc1b58bb3b7b50e8dbace40095a03e35de35033437cef03b5b40ab913e83107a

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 3b45c00379f91fad377788cb93050f2e
SHA1 d3bdf37d896396fba44fe727b1b9ab3431c5c885
SHA256 ac1c348f408e7b2120accc0f3e66d0fb23ac53b04cbe884dd8b52e2f60bfe21e
SHA512 2dc54158f95ab3c68cb056d0715c78667f2acef6aa8ff1385104739a6183a7ed8deeb36fa0dcf2916a5b195cb26323b20e11c4b6c818e18ee85cb99e805f966f

memory/1160-3714-0x0000000001890000-0x00000000018BC000-memory.dmp

memory/1160-3715-0x0000000001870000-0x000000000187E000-memory.dmp

memory/1160-3716-0x000000001BF20000-0x000000001BF2A000-memory.dmp

memory/1160-3717-0x000000001BF20000-0x000000001BF2C000-memory.dmp

memory/1160-3718-0x000000001BF20000-0x000000001BF2A000-memory.dmp

memory/1160-3719-0x000000001BF20000-0x000000001BF2E000-memory.dmp

memory/1160-3723-0x000000001BFD0000-0x000000001BFDE000-memory.dmp

memory/1160-3722-0x000000001BFF0000-0x000000001C006000-memory.dmp

memory/1160-3721-0x000000001C320000-0x000000001C368000-memory.dmp

memory/1160-3720-0x000000001BF20000-0x000000001BF2E000-memory.dmp

memory/1160-3724-0x000000001BF20000-0x000000001BF2E000-memory.dmp

memory/1160-3725-0x000000001BF00000-0x000000001BF18000-memory.dmp

memory/1160-3726-0x000000001BFC0000-0x000000001BFDA000-memory.dmp

memory/1160-3727-0x000000001C840000-0x000000001CD0E000-memory.dmp

memory/1160-3728-0x000000001CD10000-0x000000001D022000-memory.dmp

memory/1160-3730-0x00000000018C0000-0x00000000018CC000-memory.dmp

memory/1160-3729-0x00000000018C0000-0x00000000018CC000-memory.dmp

memory/1160-3731-0x000000001C3D0000-0x000000001C478000-memory.dmp

C:\Windows\Installer\MSI963.tmp

MD5 6e800abfd934716540e62bc299e0af05
SHA1 25590192477503a9f66dcfb35226da1044944384
SHA256 9c28a752873a0dbf291c07013fdd066d5db17ecb6e6de70af8935fde83db62af
SHA512 ad87ec6cb4e2890aa6201b4c13f63ba9267b3b1161a6755f9d4284f63873059174e1a04e515e5ee677e00750dab1a35a46f5ba6f07b2d18b25835781aa58413f

C:\Config.Msi\e586459.rbf

MD5 bc959a160882b0de0583047b1b5b93a6
SHA1 78bda837a0fcc25623b54e95f3eff76c3bd79332
SHA256 b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e
SHA512 7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd

C:\Config.Msi\e58645a.rbf

MD5 91ceea551937cb5da627f33ef7995ee8
SHA1 4e7483605c4027381e4796345f0a0e6aa9342a5b
SHA256 4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806
SHA512 2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9

C:\Config.Msi\e58645b.rbf

MD5 7173d17aa9ff4cda07fbfff21a584a67
SHA1 37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc
SHA256 972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867
SHA512 b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167

C:\Config.Msi\e58645c.rbf

MD5 da7787ae5278031ef79441d29599dcff
SHA1 4e2a4c70035808dd8bffaeb6ded8fe2980566e0f
SHA256 06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39
SHA512 2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e

C:\Config.Msi\e58645d.rbf

MD5 86a1d818b679edbe94ab51b963ba79a1
SHA1 2b9ee6b54aa2f709442e7e514335e2548c933318
SHA256 b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa
SHA512 ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9

C:\Config.Msi\e58645e.rbf

MD5 6083b2909a6c1ab52ce84da1b435e7cf
SHA1 e851ccddf1fcb0c2fd9cfb4a357f72633452f240
SHA256 0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956
SHA512 53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1

C:\Config.Msi\e58645f.rbf

MD5 d87310699e3baac5ecc0f64673fe3485
SHA1 34460b0eb74977b98d9d3e683d5ffa2aec11059c
SHA256 4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb
SHA512 096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38

C:\Config.Msi\e586460.rbf

MD5 a3ae8e892e025e479978fb07fb449784
SHA1 71a1641ffb0da859af5e355c5bf4a9bcf1746e74
SHA256 a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b
SHA512 e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54

C:\Config.Msi\e586458.rbs

MD5 d8d2908021f91e25b12ca4371ba06cd6
SHA1 e2852fd17c6863a626ee6ab0c277bc5654f4a82e
SHA256 ddd842e4814cf239910b177f90be0175d26726c3addd07c0ebd617dc87943a62
SHA512 4bfb6cf7d72e4bf1467850a13a8b32ecc3082ddbadfe195f4904acdcd6f4e9c8f5038ab2c6f5a1e39a6b4e8144a83edf6bf9e37a78a633f7cb44b2aad362add6

C:\Config.Msi\e586487.rbf

MD5 d8a76dfe6188e600bd7a8480dcedcbdb
SHA1 40080e226be118c2a0a8f9dd70879467ec09f198
SHA256 a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a
SHA512 9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76

C:\Config.Msi\e586486.rbf

MD5 1a063e60707636e76e61ad9784bb1eea
SHA1 baf498bac402a29b1330fcd20cfbacbc5d245cf7
SHA256 878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5
SHA512 39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65

C:\Config.Msi\e586485.rbf

MD5 683fc126a13b915b3ff36735ea5ca5fc
SHA1 d1ccfdf78919f51b09fbde02c2cf0f332601bd74
SHA256 b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929
SHA512 4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9

C:\Config.Msi\e586484.rbf

MD5 4b15c6de8b0cbeb6d4d7d6e14b9ca7fa
SHA1 af3b589712be828302778a6e248ebd659fcdabfe
SHA256 7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85
SHA512 1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491

C:\Config.Msi\e586483.rbf

MD5 9f735917c0bba0f42b40e719047eefd5
SHA1 d8c1ef036b9d841db86ffc76d9150064ee836cce
SHA256 7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83
SHA512 65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e

C:\Config.Msi\e586482.rbf

MD5 54c12705dc6a32282762bbc4252e2b9b
SHA1 2d1fd38b5f3db7c7f0d7baee446a00099a506d50
SHA256 a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc
SHA512 c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf

C:\Config.Msi\e586481.rbf

MD5 18a9dd94b5112ea94f3fc9fc22ff8409
SHA1 97a0b82343ef1599e517946a2c3c259b61e53ca7
SHA256 55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e
SHA512 7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6

C:\Config.Msi\e586480.rbf

MD5 32f2ac5f45b93b733cab1865affd588d
SHA1 5062e6d2a8c1e06e19c9f0b29164915286ece618
SHA256 38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5
SHA512 8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1

C:\Config.Msi\e58647f.rbf

MD5 158f96bd130a9f3a1f7e91dc611e8b7d
SHA1 207264f61e8d8cd77c7dd82e7c8c38927bcdef85
SHA256 89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55
SHA512 6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a

C:\Config.Msi\e58647e.rbf

MD5 d2d2a9e08ad2df5d73ca0aa0797cd96a
SHA1 f6050bc38d27c805daa078383506b93c5dd854c7
SHA256 1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879
SHA512 197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de

C:\Config.Msi\e58647d.rbf

MD5 facce237d5cc5e89d8e92a36289f588b
SHA1 5b91fe97781b107df2754a5d38807a597f1d99a2
SHA256 ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9
SHA512 f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0

C:\Config.Msi\e58647c.rbf

MD5 62faa6fe395c5810fe4fceffcba62966
SHA1 ed830d3d1156c3a5ea6502148f4347af0c4a8051
SHA256 1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099
SHA512 4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54

C:\Config.Msi\e58647b.rbf

MD5 aa8ef0154efa83de1c2786ab1cb76f37
SHA1 5e4fcdf55c34538dfdda172a985731019f74898f
SHA256 db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57
SHA512 17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd

C:\Config.Msi\e58647a.rbf

MD5 fca2f9f00de26d0b5af4881836d6337a
SHA1 b11dcad7c00c2c85354b131c796ae34bbbefdb38
SHA256 19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501
SHA512 7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738

C:\Config.Msi\e586479.rbf

MD5 c30dfa5fbf9f2e6d18ceb7108923fdfc
SHA1 523c4b9043cd6d722c01215f64173b9287623d76
SHA256 ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8
SHA512 075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2

C:\Config.Msi\e586478.rbf

MD5 93030b5af327ece3ddc3518410e1af59
SHA1 4be27729a906169d2afcf025e10f308fce35056c
SHA256 ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650
SHA512 247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d

C:\Config.Msi\e586477.rbf

MD5 218e31b07c6e07633a84f0248730e220
SHA1 47ee36529b741f3d52c487e6dad151f516c2eb5a
SHA256 241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec
SHA512 e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0

C:\Config.Msi\e586476.rbf

MD5 9002a577c07ab2b99979435cd8b67acd
SHA1 5b3c6231c113b726ddd55fd8a8e3ae84b1526820
SHA256 c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1
SHA512 f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47

C:\Config.Msi\e586475.rbf

MD5 4d4774a30da56119888490cdf3157b09
SHA1 360221725daa9b7a14460fe6939d54b2173fb8d1
SHA256 0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7
SHA512 eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130

C:\Config.Msi\e586474.rbf

MD5 7a016cec8851a57b2f0376ae6d1fc837
SHA1 f161f9d8d7b073c1f17f55719c37124969bd7d2a
SHA256 19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b
SHA512 f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456

C:\Config.Msi\e586473.rbf

MD5 63a1e9cde10490008ba7ef47a12179d1
SHA1 5299af182b7cf08f95fcb3815149d7c54e73187d
SHA256 9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4
SHA512 dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe

C:\Config.Msi\e586472.rbf

MD5 bd3e2c28c647533a057b5cdf8bff2c5f
SHA1 d36c80e460c5dde615ab1c268bd89309225ecb82
SHA256 f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b
SHA512 14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc

C:\Config.Msi\e586471.rbf

MD5 2a9b706d83be29f32a28f29be397e533
SHA1 31135de80dd7b7c4a27516806fbbb13d871548d9
SHA256 db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236
SHA512 cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64

C:\Config.Msi\e586470.rbf

MD5 775dac5f81248b14182c82013672c42e
SHA1 cef7bba712b25da04f60f597cb614c7e4b87f24e
SHA256 e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f
SHA512 2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c

C:\Config.Msi\e58646f.rbf

MD5 75e8bc00ad7da1e7628f146dc33cc83a
SHA1 b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e
SHA256 5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d
SHA512 b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3

C:\Config.Msi\e58646e.rbf

MD5 219c69df0c23fdaf84e4c9ea2835a628
SHA1 d3b091bfcaa8506d299cb1d7453fdce7fb27dafe
SHA256 e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457
SHA512 e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8

C:\Config.Msi\e58646d.rbf

MD5 e3c8239a97601bb203b9e9037eed89c2
SHA1 75f0e5f417477d4c491e8ad81f498faf761618a1
SHA256 27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db
SHA512 71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2

C:\Config.Msi\e58646c.rbf

MD5 f148286b321ed09c2d17e9e3637c807b
SHA1 b0928429f52028b512dad9c7e0996ee7ade315d3
SHA256 33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a
SHA512 d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b

C:\Config.Msi\e58646b.rbf

MD5 03898441f5d9a8809c04fe746fd498b3
SHA1 35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6
SHA256 8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296
SHA512 dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12

C:\Config.Msi\e58646a.rbf

MD5 5e1a793d9615d4d9e153ee416abc83ad
SHA1 27d231f4d1e2b473f9695daa21b22804db779826
SHA256 8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090
SHA512 f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876

C:\Config.Msi\e586469.rbf

MD5 535d9d8441e0e22aa3f407c7197f8a0f
SHA1 ec6d047e975c107a7ecdf78bf352a5a68f53392f
SHA256 6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5
SHA512 f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e

C:\Config.Msi\e586468.rbf

MD5 c7fc5f01de9577403a1ea8aafad79e72
SHA1 6422fa355184394ace02c0ba88e5b8af3db7fa6c
SHA256 c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef
SHA512 b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87

C:\Config.Msi\e586467.rbf

MD5 bc9a83d77cae33f9eb9bd538ab65b2a1
SHA1 363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8
SHA256 d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c
SHA512 37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57

C:\Config.Msi\e586466.rbf

MD5 9e877ffed2e2c9a013c59581f88786b5
SHA1 d3bbb3e2c36520ec267463916d3356bf4fcd8037
SHA256 13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5
SHA512 5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613

C:\Config.Msi\e586465.rbf

MD5 d68368708be2b6dac797743e23dbf655
SHA1 e843b858d72359ecf6fcdfca328ed19a7f23210b
SHA256 dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361
SHA512 2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e

C:\Config.Msi\e586464.rbf

MD5 1f50737bb92b1f71b15824a0f113d3f9
SHA1 4d78793ea921986d011a024b91ac59d6c02de6e0
SHA256 f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57
SHA512 89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4

C:\Config.Msi\e586463.rbf

MD5 cad14a2ced4a556139097c1f716eae70
SHA1 9552115b645c17165bacc2231725b3f8073105a3
SHA256 35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a
SHA512 df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331

C:\Config.Msi\e586462.rbf

MD5 6742f826c21773c933fc2a68ceecb99b
SHA1 dc689d3fb31e7cab6a33cd2192d6114542173514
SHA256 a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036
SHA512 4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a

C:\Config.Msi\e586461.rbf

MD5 1c8e5ef9f86430fbda800e45c0a89aa5
SHA1 4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a
SHA256 6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6
SHA512 721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66

C:\Config.Msi\e5864b0.rbs

MD5 e83f0b8f1b2545465b595c197bf09030
SHA1 49b7991c5606ef100c394da76805529ae3e1e14d
SHA256 737b6bbb38aaa334091385787dfc912c5909c32b82f4496b6ce59ab81e8a817c
SHA512 135778863d11698b834dbbacfbb814d9d1b3dbeadf4c31dc707cd35f8ba2e40fff1932762a1dca401cf6ef8ec334333752595c7343b0589d90517f6b1921535e

C:\Config.Msi\e5864b7.rbs

MD5 e43050220351fc4589fb71c4535cf162
SHA1 d5438dd4e79059c05a168c8d466e1d44d2ef108c
SHA256 c70d4602ed5a95e68818304766d92f684b876eb9d5dd9c0f3010dd1fa76731c2
SHA512 be99de13688c0d23032613246e7522d355c209875fe63ff77d3d14632fe39839ef94a4f306f79337475ec7c27208a7c52038ec13f96fbff9bc4d97f5b9f3586b

C:\Config.Msi\e5864bf.rbs

MD5 d47eded417d152696aea0581f67adc5c
SHA1 c0649524f47cd79309bbe6bc5e86520d8174275f
SHA256 ccf24a0d376b41fc56110092f4d055a9a9127a21154746eaf91f59067e26f91c
SHA512 4547444cd969e5ea3918067b944c7de62d3f970a3831ccdacea981a0e3fbfb321f4e3e52d28adc60b67ebb527ad403fd633929222642a5ff3028d34deaa0096d

C:\Config.Msi\e5864c4.rbs

MD5 da4026578012e9f044ab4b9d6bc0b3db
SHA1 9e688e2bf061ef0f24f2783837cab0927a638d7b
SHA256 0ee5c335aaf3923053077487c8af6de4a6567966763d4d29179664ef6b871438
SHA512 619483c4fbdc8144369b26cc65842b1279c37f9f46cba92f07c5cb0c19524fa8eed752d60b3d74de088624088e597c1682d74c49175daeb4ae1268a358600f90

C:\Config.Msi\e5864cc.rbs

MD5 999d635ee5d8a226b06976ae6408e569
SHA1 560d0c6580240e99646d522a8acdd18f8b46d46a
SHA256 e6184f190607f5212adbaa4a09eadb018141d911f08f4b58a7a5c339314953ee
SHA512 b2048bd1d72007446c9e69a54055dd77e8b10722de23cb18804f44e39911d3e50836037841ec22af9289a22a8d1d2fb46772bc9ad1fbc00a92a7ba8a12952b1a

C:\Config.Msi\e5864d1.rbs

MD5 a3af5a01039ca968fff9332e99a08bf0
SHA1 3ced62701b6f0cb859cff22962a2ff5b309cdafb
SHA256 fc2701f823eed66106e9d06c3fb0f592f8591324e1aa9b0178c019e58517ac07
SHA512 97d8e19885b077b3b307ba7a348390cab10df3987efb5c9105dffde19417703aa93a69877c14f2a67217de77059593a05935dfa2cce2fca646eeeacd852a4316

C:\Config.Msi\e5864dc.rbs

MD5 87cddf47341c1ccb65aa1921bfe4a943
SHA1 42d3105e7922f181bb971a38789e09c1918f493e
SHA256 6262b241771e7f97272a001ec9552e7c7ff09fca704ab9bfbf4c466e90dfdcf5
SHA512 f4e24cb6247f46386629628c6df2892bab15ff46650448163a9027a2eff42f6c55d2bc8c1fa04411627e37e0950b6ee5ba8a06c245ab507ebd80de940e15eb42

C:\Config.Msi\e5864e1.rbs

MD5 6e38cf1a6561c6ad1185ad3db90ab216
SHA1 1f2775b80a728b0ac2ea6ebcd32c7ecbc52dab7b
SHA256 302c1c35138021c5a8f0f5a06482bbbaf55ce6d7128d4b74c6a770bbb511fa24
SHA512 6f76528f783965a1b258736200d703170f30015c979078e12ef69cf448f68414162f39036ed540c6cd8455c65f117a7b9597a2c2bcc10f7810f6c05067940478

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-utility-l1-1-0.dll

MD5 cc337898e64d9078cb697ac19f995c7f
SHA1 2ebcfa0cdf865fe40cbaf4ffce6d3903aea47e3c
SHA256 e7ef5d714fc21dd1aa9db0c4eefe634463eefbd5aa4454a568bfc52e04fddf18
SHA512 6960fa9617514ca223b9abda9a3a6c69cf05474b3c5fec2be6c6d5f65580c7a18e129b6d207f21eb136b0737481107e09c20b0398826284ce5f9a65a3cf8a1ca

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-time-l1-1-0.dll

MD5 090dd0bb2bddee3eaae5b6ff15fae209
SHA1 ddc5ac01227970a4925a08f29ba65eb10344edb1
SHA256 957177c4fe21ae182dfe3a2a13a1ff020f143048fc14499ae9856e523605083e
SHA512 2e0b8567231e320b2e52af3b86047cfab16824e2db1d1bb17bafe7a1c6c5f0bf62d76656206a3d7ef1d3849b479bf5e09db1f0f4e4cd0aa2df09838d35c877f3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-utility-l1-1-0.dll

MD5 9f9fe5f52e9b2ad655c896b849883b1a
SHA1 fd1119dbd0c38e7fc075be6a9d0efe4789f78387
SHA256 44d5822d611fe29cb8530fe4bb86eaa8f9f2e135504e2304f8ab4ad6e37b8d36
SHA512 7970b3ef135423602234737da54ba6b248b670a818616f501db6e64455c7a89fdc023ddd711c6a45a7cfc25a715fa8a9c608013bca2a724f5d605b95f32830d7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-time-l1-1-0.dll

MD5 39f9d0f1b698d53d78c79576c7c60526
SHA1 a2015e56318b650de7436231db6a09ab95f001db
SHA256 7a69214583d61cca3b8d765b488d6da070fccdcc02b76ee4c66aeb809f88c1da
SHA512 262fd3231c73f35deaebcb5953ebe3a639d8e4461a58d546ee962f5f1e254cb40eaad235ed4c2da780b737158ba82bf7c029e35007183a7891bea307edd922b7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-string-l1-1-0.dll

MD5 6c7f782fdbf9aeffe7663fa1579a610e
SHA1 d1504bf86117cd552bc1b97a49745780d35007bc
SHA256 083b8b0e45864b12c60417dd3c5fe88b68ffc45a245d50df84f2a55b1dfcab38
SHA512 d293ed48b09a0ad5e6b3bd0ba45feac092fc4c06dcb06eb661b6df7a061e402148a31b45b2074be97b4bd6ee7daf92f60cc17e1bd4d655f4b1cbc0bf7b3c8974

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-stdio-l1-1-0.dll

MD5 9d66fcc681389ec619d4e801f1ddbb2f
SHA1 605385439a2b9295efff604f27849778696befaf
SHA256 51c54ebaec17c1216e0fcd926a2dc8a377cf278127e4fbf6cd26e0fda51c23e1
SHA512 0776dbc733491502c84c4eb3d532b52acea0f08258647d488ffb68df2997ef4cd750b2667f94069991ac7c4001be681cd525e56af51bf1f43dda4f095f6daa00

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-runtime-l1-1-0.dll

MD5 408019e57d3d2da62a9f28389eed0ac1
SHA1 e48d1166a8fb95da90787d820ae7cae859bc626a
SHA256 096139cdeaa408c3e3bd393a7188cbd6c296c3fe4e4cc15da113286a3f713dbd
SHA512 fc18b2b1aedd2611ce78e92c4b283f519b5b25ebb0be5fe618a4fdbdf60c68f1edb486b74e59990e04f6b2606a9681edd433a32e6f9dc10ffe043d8dcc64eb03

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-process-l1-1-0.dll

MD5 00a0a24bb2e9aade11494b627eb164c4
SHA1 98c1121324f8e8aaa64c673d79315cc27fa0d25c
SHA256 58dcf9ec3d0747a4ec23c7a1ccdb8eb0a6ad3aaebb0d8c0dd480922d012c8ecd
SHA512 c8574f04172aed489b8ee91e0189314ca6b66d0d8b99275968ec888ee5c13f5f7b6d211064620b62fa1bfb6b54d7fd832823cf582e7949a07d5ecc45275b4f79

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-private-l1-1-0.dll

MD5 94feb4417cf3e39c8c58a1b73620687e
SHA1 ea03ac74ff1f49f93445781c90d5518f5e5d9cab
SHA256 1caa06ba419a05129a54e085aa80aa8bbe533c7276574036f75627c421cc436d
SHA512 ef1fe9201b915fb5d551c09b59846408c3ed27e5a6e832f732a521808970526a16e926b9585051d7705f363aa021ac4f087ac508c7cdf5130eb8ead77dd867d5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 cbf3cfc9ee1fd29707d95c63a5e7a78b
SHA1 aa91416f203466f24c0685c71a287950851d3d6b
SHA256 bf1292e2b4808884ef85fb40e75644c813063e34511c01706ebde9f4b5368c3e
SHA512 aafa2e8d89b3d507de47df3e908439f4d2130eb56fbd78fdf9bf9e046cb46bf7b8b93c1d6e0b5c83ea06615b78ca36b919628ed20919fc6ce373ff8c11a53b3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-math-l1-1-0.dll

MD5 c1096da4634ad3356a10c00b24f53393
SHA1 6ea87bf1a88e57954f1c34047423bc342cd407ca
SHA256 a2dbfc1a5baa66e257a4acc63289fa73adba893f837e2b304097ab829bab257a
SHA512 d0ed94cb0b7746c324067d9485620d8693140c04c110482d685560e21c730e840056c87dadf58239f6a9f3e28cd650b0b8ecac011e03b6d6b57adc76213f0427

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-locale-l1-1-0.dll

MD5 b23936cf83dac4b64660a88711b5234a
SHA1 61431cfb47f8d36e67d2a046db318015af4d3107
SHA256 3927a4b0b4591989f8c7b25e747286b359618b4de6f7680b2230c1cfb0d12782
SHA512 f9c4cdda309b64a51cc4ddf0d033d2c20ec11a92b8cf46c190d1f341434f28bf683960e5ad7d06ba20776bb95f5d9725155864efe20fcb2775cf4ed2d1568b41

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-heap-l1-1-0.dll

MD5 4669249fb01ea369c7fd40a530966fa1
SHA1 106454588625bcf1a86db25333bb519e7f09ee61
SHA256 bac9384ba44857279ac04865686941243ea4fac9c08c3d29feb1b53d92e76edf
SHA512 2036043c318d164d6701c022c7bb7569051a8fe8e87518a62fc4259fcabee3da481197a375c607ee1505ff66467dc019e1fb4a9db0087c3b0e064c1d4ef864c2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 73ced8b30963e54d262dae2559116e46
SHA1 090e42c4b7f736e69c248ad6b790bb68b5bee9ee
SHA256 8b018f12e560d1179f1ad72811dbf7c60743061bedfa332a6562cf3db5cb413f
SHA512 b7c0514c14ff82efbdc69ad42a3fef0a9aa1ba5112e98f7911cc6abec238980ac1104d467278608fea65f5674b6097cdccf17698c076ee14cc5d963819877ec3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-environment-l1-1-0.dll

MD5 85ceba9a21ce5d51b35ef2de9ebfbac4
SHA1 2d695a3e2257916f252d746c5cc0b48ac2ba1380
SHA256 69e2e6459ea24237d5fcfc429acbc80bbb5852044a1b79f0aa6b544c4f770d95
SHA512 5d2d7e9079f53efa667f29529ce9c9c10af8d7ef541b62e2934c6b68a0a16cbfec57e49297091a99c9db3bd0674f3173036e018f6559be5d6bac554d1da8f29a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-convert-l1-1-0.dll

MD5 33e8ccbe05123c8146cd16293b688417
SHA1 d73246eb64af4f7ded63fb458c6e09c7d500f542
SHA256 9ce840d9a67c4700d271f27a8e5163eda506ce46c85b501687955b55fcb3d136
SHA512 5468adb8e76aced26f1f33fd0cdc72d194f92b1cbdf3f8169bc12e0eec1593f568c18d0e937898ccc3463003f939181131e41c6d5928bf393ded09c95f63e705

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\x86_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_552c886144ccb1a7\api-ms-win-crt-conio-l1-1-0.dll

MD5 8e534f49c77d787db69babff931a497a
SHA1 709380f53f4bee25ad110869ac4e755391346405
SHA256 5b679b8119bb5d53107c40c63df667baef62de75418c3e6b540fdbafcceddca6
SHA512 49e293828c96f159e2311b231e13d7292b9397aa62586bd0289c713e541d9014d347cde07c8529df3402c40e8fe8a96ab72efcce9f731ba95eb416506efcdcea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-string-l1-1-0.dll

MD5 eccf5973b80d771a79643732017cea9a
SHA1 e7a28aa17e81965ca2d43f906ed5ab51ac34ee7c
SHA256 038b93e611704cc5b9f70a91ebf06e9db62ef40180ec536d9e5ab68eb4bb1333
SHA512 b95f5efc083716cb9daba160b8fa7b94f80d93ab5de65a9fb0356c7fb32c0d45fe8d5d551e625a4d6d8e96b314bae2d38df58b457b6ced17a95d11f6f2f5370e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-stdio-l1-1-0.dll

MD5 53e9526af1fdce39f799bfe9217397a8
SHA1 f4a7fbd2d9384873f708f1eeaeb041a3fbe2c144
SHA256 de44561e4587c588bc140502fd6cd52e5955abeec63d415be38a6d03f35f808f
SHA512 8167ee463506fe0e9d145cc4e0dc8a86f1837ae87bc9efe61632fb39ef996303e2f2a889b6b02ff4a201faf73f3e76e52b1b9af0263c6fcfdac9e6ea32b0859f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-runtime-l1-1-0.dll

MD5 bbae7b5436d6d1b0fc967ff67e35415f
SHA1 f67bc165cefb119ad767b6bec27a1102c0fd2bac
SHA256 8150a238851d7da74bc8f6f13262a8d6568373dc509f67544ab6a62398f20c4f
SHA512 4201a8edfe303057545d04de683bbdf0acb68cf4d2e894192f899a70398df18299432c0f6caee72d917a986882bbc0585035a9b934d4579f67a1c98cc894dee2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-process-l1-1-0.dll

MD5 6631c212f79350458589a5281374b38b
SHA1 88be6865aac123ffbdafec32a6fba34a26428875
SHA256 52cc325a4c2158b687c95f9702f4be2e3ec41c80207e50f252f5620ba1784649
SHA512 e53d7bfa2639efccdb66d37957972fd1f8eb2beea3a81145588ed622501ee50261e05a06611ee7126564b11a5301b109f295d062f1a2dc1e44a2847000fd7298

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-private-l1-1-0.dll

MD5 653cb5df3cec6a4a0e402b33d8aa5c08
SHA1 feb8baf43eaabbaeea4291c5620cd7626aa76fe0
SHA256 892e89afe2c43dd5b274abe461cb650932e8cf8ded640bc7e8e2456d08800a59
SHA512 e3e673ff7b20ff7389be3299722af73a79ef8ced4a59d6b8948c6b11374703fcae16818af64338e413db3fd53d25d1d153f2d987bef6135a365481aed0c3c228

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 e9f6d776545843a9817d8acf38d06d09
SHA1 5277698e6c9c4fd3e16757d86e1669a5fc64a6f4
SHA256 c136e09decf068b5f33041753c6fe9d4af7429e00bdbd8d2cb8d2a4d503e755a
SHA512 d12ee6b7afe2823632602b48d257d702552e9b644d62c0d0ccbad9f298ad9e044266baa1cbffb656075d6b5317883bd1fa3b5c29fe25e132ed61c230d3007a4a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-math-l1-1-0.dll

MD5 56556659c691dd043dbe24b0a195d64c
SHA1 117b9a201d1e8bb9e5fadeae808141d3fa41fb60
SHA256 2e1664e05c238d529393162f23640a51def436279184d2e2c16cfbf92ab736c1
SHA512 a8d4c4a24e126c62b387120bae0edd5cbce6d33b026590ff7470d72eb171ffe62b8b2b01e745079c9a06cf1eb78a166707514715e17bbd512981792a1d2127e0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-locale-l1-1-0.dll

MD5 761ddd8669a661d57d9cf9c335949c06
SHA1 251bbcad15771d80492f1deb001491a7abb6c563
SHA256 fe51064e0728d553d0f3e96967671f7e6ae4ebd35d821679292014dd4c3bb8e3
SHA512 5ad590a5f81532f8bf21fb4f62bc248e71bbf657dfb1720b2d9f1628033afe39426a1c27a89d9a06e50849bd0ed2242afa93e4cf2bc83f03a922b8204f0f4f2a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-heap-l1-1-0.dll

MD5 f97e7878a2b372291b1269d80327bbf6
SHA1 cee6f776fe0aa5a6d4854058f20f675253f48998
SHA256 c4e195d297d163a49514847ef166da614499404d28bc9419e3e6a28a8e03e9b6
SHA512 475898e60ffc291362fda45ab710b9ddaf1cf5e82f66dfcc04998ded583c54692ecfcac6cc4fe21b32bdd0e4dce8ac32fd9aecca2b0b60f129415180350d7825

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 0f143310fade4de116070a3917a79c18
SHA1 b9a092e885c73cb6d33c9e17d429ede950cf3a26
SHA256 2def5140c289b89c9a27a2112a2cc01ad1a902944c597d6204bed4efbc09ff7a
SHA512 f87104272aa2326641e46450a0333626567ab3fa85a89b81f7a7c0b1f90a47a70ea189ce3f6bf5db6bb5cccda6d190fb2276edeb44334245b210e7faca05fc60

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-environment-l1-1-0.dll

MD5 af851dfd0d9fecb76ff2b403f3c30f5b
SHA1 30f79fb4d4c91af847963c46882d095d1f42efbe
SHA256 6a3fd4b050f19ec5c53c15544b1f1b1540ac84f6061c0ec353983eb891330fda
SHA512 04509b02115ec9b5bc4ee2f90e49e799ccf85884fe1f11f762f0614a96764b8f2b08f96895c467c5b11f20273183096b2bcceb0b769df9d65b56c378cb32b0f5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-convert-l1-1-0.dll

MD5 1908861649e67cdc20c563c234a89914
SHA1 471ae3b9a3b40e63c880362892865ecf8bd80f67
SHA256 4aea1cedd976ef15a47a3433f3a2e176b1c5e495a54497dba27247b35a1b8449
SHA512 dec24d5c3f31c90cbec3810290506309a1db5677022c600d3bdd2e92b73078dc6353023f2aeefa408aceac7c9f7ed5a2ff07a399b446e177ff93e5fa1b3f9353

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\ucrt\amd64_microsoft-windows-u..lcrt-apifwd-winblue_31bf3856ad364e35_6.3.9600.18144_none_b14b23e4fd2a22dd\api-ms-win-crt-conio-l1-1-0.dll

MD5 ed14b64c94f543974b7fdc592fa0594b
SHA1 dc66ca3de44c021d89ebd5160c447aaedc565514
SHA256 9165248996814b72f6a334750e65994b39f971267ffc95f759e529356fa3125c
SHA512 5d20bedcfb8d2f603b3f27d874a9e0e3a7ca7df4809aab52b02af630c0037b37923536cc93c78c9deb014df28e378d16d67e99688f8b656e3e7bfd1e2e914dcc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.Office.Tools.Word.v9.0.dll

MD5 4b3175fc0584e1c8a4ede3c61cfbcc59
SHA1 475bc5e1489e5c5a82e7bc65766ec8ef85c6a045
SHA256 401fd336ad6c2b2fc0e575aace974662dade9cf2a08b028e6a94d5acc83dad9f
SHA512 cad59b6fe527de93564783b6dfb494d3ef619c032b67c862e07995dbf0924679fd5890e705a7cd14bd7c887485b03d17b26724d5021983579ca93e2755a5c6ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll

MD5 7458f60ba350866ce102a5f1f8ce16bc
SHA1 6787c5e15f58a8c048f95463aa4b7cda9bfed2ab
SHA256 4cd4f66582c49c50bd72d537ccff595674ba959590e7a471e6493824f8911270
SHA512 6d275b9fef81af3a376e0278a2d6831e2c72b155b9e2e067840da0abc165445207193259cee17c18c4d1fc76a1daf747c81e1e85ac3fb9b81c5d9d6d9ebef5ef

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Win\Microsoft.NET\Framework\URTInstallPath_GAC\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll

MD5 5ed1add46dce09f13f9eb5c230d2289d
SHA1 bb780b7c00ec2b58f159472920e5b93bd89dbe8c
SHA256 ee3b1d60ea241a5631c0c7f420448825d8c9704d5e4ce76b12c90258cb0e60e0
SHA512 bcc57131b00ee8fe53223485997ddd0cc19ee960dfb8d30135089f7fabbd70876489297e5d7952a7c312367af0c6ceeff0fd85df2aa6373bd2c28200788146a2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Win\Microsoft.NET\Framework\URTInstallPath_GAC\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll

MD5 99f1b56af2b811f25482aa61bf6258d3
SHA1 1d4afe6dd456d361d76ede4c812631ed43c1857d
SHA256 0deb816e9edd13afb097108d34fbab0d4b3878ad6337047ff0a1b65856687031
SHA512 4af70855f318f91806739cfdcb9bde09734489e8bc2180da0c72bcd174b07218bf231bf3ffd18e7a9b74f5a2e4c447258c073e979b35f6b6e4e26e95502d6cd1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.Office.Tools.Outlook.v9.0.dll

MD5 9bc619ac713c57873762b7d0b2ce8e84
SHA1 76972875fd017d86c10d763092086d7a2d78ba85
SHA256 d1a4effd9711a827ee5509fd12b981a83a6e2fbc74019cbf2e3b4b55f8dca00f
SHA512 4f80550c358af9ff6bbbb991f0f28961ba9f00e309ebeeca009aa12d9cd777d3c14a95a5b5b0e8e86a81699c496f3456982c5670bb8dc39f7d2446b3567eff54

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.Office.Tools.Excel.v9.0.dll

MD5 ba9d1a08b22d68e846cc32f976b48aa8
SHA1 78e65fe2c113c0763d0b1d76af3326eb6871fcc5
SHA256 59c86304c42b70ce29ab48d35ad61cfd6631f7b58e4e8acbd7d22e1529589ed4
SHA512 bdb57beb096e4c86d08b4f3a5cbe0af2c6299c602bbc16a5358cf8ab1e59a881e470a8d296c5ab3605f92e0eddbf593c77de0f5da1a4ac22daacca69f74e9378

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\vstor\Program Files\Microsoft Visual Studio 10.0\Common Files\Microsoft Shared\VSTO\9.0\GAC\Microsoft.Office.Tools.Common.v9.0.dll

MD5 a799541f5ec21103c8061ac52495b53b
SHA1 ee8ed2f03ec5f02b05f34bc041238d27b03aadfb
SHA256 02aed8cb6daae274aec6281ab4af6752c6c6045ddba3aa74fb844c335f3aaf06
SHA512 bf5c591f4404c2181f780bee0f1a0c26d46eb5cc5d6baff2bc311eb398b70b5f068fc66d58be743681c11ebc352dbfa1498be7beca723692d534b88f4553bc1c

memory/2828-4889-0x0000000000400000-0x0000000000743000-memory.dmp

memory/1872-4891-0x00000000009B0000-0x0000000000AD2000-memory.dmp

memory/1872-4892-0x00007FF838D00000-0x00007FF8394B2000-memory.dmp

memory/1872-4895-0x000000001C690000-0x000000001C834000-memory.dmp

memory/1872-4896-0x000000001CAC0000-0x000000001CD3E000-memory.dmp

memory/1872-4897-0x000000001D200000-0x000000001D6C0000-memory.dmp

memory/1872-4898-0x000000001DC00000-0x000000001E13A000-memory.dmp

memory/1872-4899-0x000000001D6C0000-0x000000001DACA000-memory.dmp

memory/1872-4900-0x000000001E140000-0x000000001E4BC000-memory.dmp

memory/1872-4902-0x000000001B610000-0x000000001B626000-memory.dmp

memory/1872-4901-0x0000000002D00000-0x0000000002D0E000-memory.dmp