586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671

Analysis

max time kernel
1072s
max time network
1072s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-11-2024 14:25

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Screenshot 2024-11-22 220626.png
Size

462KB
MD5

bed6dd625e3a7e838bcea5f3dce698b0
SHA1

1254f3fdf4d78815c449d166b1c8f356f220d7c6
SHA256

586431b613beb35df78653909e4cf25db717f1dc4b4d928e0e71f4453f9b4671
SHA512

29c460e57c7e47fdf7f886bb1bc72b23079c1627619c6caaad3be003f76c937e9145e29f2ea109cab08802704a9ee01f6591ac65989a06a8bfab6d14809d70d6
SSDEEP

12288:TknyRH3dbRMqql/tHX9Usc3HOLR5JTr7MrRW4E2rOKQ:TknudbQFX9c3HONXTPMcn2rOKQ

Score

8^/10

adware defense_evasion discovery persistence privilege_escalation stealer

Malware Config

Signatures

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 20 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe	integrator.exe

Manipulates Digital Signatures 1 TTPs 13 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\FINALPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\DIAGNOSTICPOLICY\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLPUTSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLREMOVESIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLCREATEINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{9FA65764-C36F-4319-9737-658A34585BB7}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\INITIALIZATION\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\MESSAGE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CLEANUP\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLGETSIGNEDDATAMSG\{9FA65764-C36F-4319-9737-658A34585BB7}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\SIGNATURE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTIFICATE\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROVIDERS\TRUST\CERTCHECK\{4ECC1CC8-31B7-45CE-B4B9-2DD45C2FF958}	integrator.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation	cmd.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 6 IoCs

pid	Process
1840	AnyDesk.exe
3888	AnyDesk.exe
4696	AnyDesk.exe
4884	AnyDesk.exe
2540	ose.exe
2216	ose00000.exe

Loads dropped DLL 12 IoCs

pid	Process
4696	AnyDesk.exe
3888	AnyDesk.exe
5952	MsiExec.exe
4244	MsiExec.exe
5952	MsiExec.exe
4244	MsiExec.exe
5952	MsiExec.exe
5952	MsiExec.exe
4244	MsiExec.exe
4244	MsiExec.exe
4244	MsiExec.exe
4924	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Indicator Removal: Clear Persistence 1 TTPs 40 IoCs

remove IFEO.

defense_evasion

Clear Persistence

T1070.009

description	ioc	Process
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfcert.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excelcnv.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenotem.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\orgchart.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msohtmed.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wordconv.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\graph.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clview.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msqry32.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdxhelper.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoasb.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoadfsb.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosync.exe\MitigationOptions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msosrec.exe\MitigationOptions	integrator.exe
Delete value	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\MitigationOptions	integrator.exe

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}	integrator.exe

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db	integrator.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-journal	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-wal	OfficeClickToRun.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-shm	integrator.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.bak.db-shm	OfficeClickToRun.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log	addinutil.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\integrator.exe.db-wal	integrator.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll	msiexec.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msvcp140.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll	msiexec.exe
File opened for modification	C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8E6A3A21-17E9-4E04-962E-D0EE71732822\TxFO\root\office16\visshe.dll	OfficeClickToRun.exe
File opened for modification	C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8E6A3A21-17E9-4E04-962E-D0EE71732822\TxFO\root\vfs\programfilescommonx64\microsoft shared\office16\msoshext.dll	OfficeClickToRun.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	msiexec.exe
File opened for modification	C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8E6A3A21-17E9-4E04-962E-D0EE71732822\TxFO\root\vfs\programfilescommonx64\microsoft shared\office16\msvcp140.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\AddIns.store	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd	msiexec.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\Office16\OSPP.VBS	msiexec.exe
File opened for modification	C:\Program Files\Microsoft Office\root\VFS\Common AppData\Microsoft Help\nslist.hxl	integrator.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	msiexec.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\Office16\SLERROR.XML	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll	msiexec.exe
File opened for modification	C:\Program Files\Microsoft Office\Updates\Apply\FilesInUse\8E6A3A21-17E9-4E04-962E-D0EE71732822\TxFO\root\vfs\programfilescommonx64\microsoft shared\office16\vcruntime140.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\Office16\OSPP.HTM	msiexec.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll	OfficeClickToRun.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\vcruntime140.dll	OfficeClickToRun.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll	msiexec.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	msiexec.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll	msiexec.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe	OfficeClickToRun.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\assembly\pubpol26.dat	msiexec.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	C:\Windows\assembly\temp\W86CF0PTT1\MSCOMCTL.DLL	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\MMCBFSOUUI\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File opened for modification	C:\Windows\assembly\pubpol29.dat	msiexec.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	C:\Windows\Installer\MSIF1D2.tmp	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\4SEZ155HWI\Policy.12.0.Microsoft.Office.Interop.Access.Dao.config	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\5BLT20ZN39\Policy.11.0.Microsoft.Office.Interop.Graph.config	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	C:\Windows\assembly\temp\7UVMGC5TNU\Policy.14.0.Microsoft.Office.Interop.OneNote.config	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File opened for modification	C:\Windows\assembly\temp\AV4Y4LHB0J\__AssemblyInfo__.ini	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\4810OB59EG\Policy.14.0.Microsoft.Office.Interop.Word.dll	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File opened for modification	C:\Windows\assembly\temp\GR7VR2OD2S\Policy.12.0.Microsoft.Office.Interop.Graph.config	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\2GLRO1BJMM\Microsoft.Office.Tools.v9.0.dll	msiexec.exe
File opened for modification	C:\Windows\assembly\temp\PBNKVPJQH2\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll	msiexec.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe
File opened for modification	C:\Windows\assembly\pubpol27.dat	msiexec.exe
File opened for modification	C:\Windows\assembly\pubpol39.dat	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngennicupdatelock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	ngen.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	integrator.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OfficeClickToRun.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	integrator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	OfficeClickToRun.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	integrator.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	integrator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	OfficeClickToRun.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	OfficeClickToRun.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	integrator.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	integrator.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	OfficeClickToRun.exe

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t\|1732329712"	integrator.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|12"	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUbVtUa9wjWgmEIwjX9d7dccnghw8OZgAAEPiQFA1CSVS/0S7rht2exiPgABuuN476sJI+0dZGfk1WJANedyZZOCaLZWCKj58r19ntVgQF8cKiKHAB81r6yQzZUELk9LhSHoVdm1kUPlUod+WOiRz+o7bjzTWtFdUAhlj3img5KMXwOVVOmNUsPXM/cc08mykNz6MdN6+FP4KbuD30lVqWEurJ1x9j4lcgzrDxLSy7BQoQiw120+3DeOXVCWM+QSErtKBVDcw3Q861U9xZDfCM0g1aWF7ryGoAHDQarYwgnzSKwdl+2rBxUGhdoy5yZSIVoIutnwfKpWI+L+T9jOqva4YA122ZDbTKa8U+HwE=&p="	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	integrator.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|0"	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|11"	integrator.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.12 = 3a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164586d6c52756c65735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737349646c6551756575654a6f625c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22466c7573684576656e744275666665725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2254656c656d6574727953656e74696e656c56616c75655c22203a207b205c224576656e74466c61675c22203a2030207d207d2c205c224c6f636b65645c22203a2066616c7365207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54656c6c4d65222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c2254656c6c4d655741435c22203a207b205c224576656e74735c22203a207b205c225175657279526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e54657874222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c225265736f75726365436c69656e745c22203a207b205c224576656e74735c22203a207b205c22446573657269616c697a655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656164466f6e74456c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2250757267654d756c7469706c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561645265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2257726974655265736f757263654d657461446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22474449417373697374616e745c22203a207b205c224576656e74735c22203a207b205c225265676973746572436c6f7564466f6e7443616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c6543616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22466f6e744d616e6167657244657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464436c6f7564466f6e745265736f757263655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f6e74537562737469747574696f6e5c22203a207b205c224576656e74735c22203a207b205c22436f6c6c656374466f6e74537562737469747574696f6e55736167655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5472616e736c61746f72222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22416c7465726e6174655472616e736c6174696f6e735265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6e7465787475616c53756767657374696f6e734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745465787453656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c61746564466565646261636b547269676765725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e43616e63656c6c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e745472616e736c6174696f6e53756767657374696f6e436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676541646465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578636c756465644c616e677561676552656d6f7665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6963726f666565646261636b566f746553656c65637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6f786d6c5472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e6773436c6f7365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657474696e67734f70656e65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546172676574537761707065645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536f75726365546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574446f63756d656e744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546172676574546578744c616e674368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22546578745472616e736c617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e496e7365727465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e4c616e6775616765734c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e736c6174696f6e5461624368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e4578616d706c655265747269657665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416c7465726e6174655472616e736c6174696f6e436f706965645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464496e4c6f616465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e5558222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c22436f6c6f725069636b65725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d696e67536f6f6e54435348574e445c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f46696c65457874656e73696f6e49636f6e4d617070696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225344585c22203a207b205c225375624e616d657370616365735c22203a207b205c224d65436f6e74726f6c5c22203a207b205c224576656e74735c22203a207b205c22547261636b65645363656e6172696f5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225465616368696e6743616c6c6f75745c22203a207b205c224576656e74735c22203a207b205c225465616368696e6743616c6c6f7574416c726561647953686f776e4d617854696d65735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574416c726561647953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465616368696e6743616c6c6f7574546f6f4d616e7953686f776e5468697353657373696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2244796e616d69634470695c22203a207b205c224576656e74735c22203a207b205c22446973706c6179546f706f6c6f6779456e756d65726174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446973706c6179546f706f6c6f67794368616e6765645c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22446f63756d656e745265636f766572795c22203a207b205c224576656e74735c22203a207b205c22496e76616c696461746550616e65735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22546f6f6c746970735c22203a207b205c224576656e74735c22203a207b205c2253686f77546f6f6c7469705c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22416e63686f7252656769737472795c22203a207b205c224576656e74735c22203a207b205c224765744f72437265617465416e63686f7252656769737472795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22526962626f6e546162735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5461624163746976617465645f466c6f6f64676174655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e576f7264222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224c696e6b6564496e5c22203a207b205c224576656e74735c22203a207b205c224372656174654c696e6b6564496e526573756d65417373697374616e745461736b50616e655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22416374436d64476f7375625361766541735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f435349464f4353536176655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436d645361766546696c65436f7265325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c654f70656e5c22203a207b205c224576656e74735c22203a207b205c22446f634e6f7469667943616c6c6261636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f4e6f746966794d657267654469616c6f675c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22464e4d45696453657446726f6d5873747a46747970466e6d4469725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e697469616c697a6542696e6172794261636b696e6753746f72654361636865735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f417574686f72696e675c22203a207b205c224576656e74735c22203a207b205c2253686f77526573747269637465644d6163726f45646974696e674275734261725c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246586c7255736572507265666572656e63655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f63735472616e736974696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436f617574684d657267655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c225365745464725265616479466f725472616e736974696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536164426172546167735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f6373446f776e6c6f6164526566557064617465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2244796e616d696353617665496e697469616c496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22507573684f70436f6d706c657465645374617475735c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22466f726d735c22203a207b205c224576656e74735c22203a207b205c224c6561726e696e67546f6f6c73576b4f6e446f63756d656e744f70656e5c22203a207b205c224576656e74466c61675c22203a203439343038207d207d207d2c205c22446961676e6f737469635c22203a207b205c224576656e74735c22203a207b205c22566563416c6c6f634661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22496e636f73697374656e74526561644f6e6c79446f6350726f70657274795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f4353425c22203a207b205c224576656e74735c22203a207b205c2256636c6f6b4f6e446f63446973706c61795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2256636c6f6b4f6e53617665436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2256636c6f6b4f6e55706c6f6164436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c22536176655c22203a207b205c224576656e74735c22203a207b205c22436f61757468436f6e74656e744c6174656e6379496e536176655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436d64446f53617665446f63436f7265436f6d6d616e64416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436d64446f53617665446f63436f7265416374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464d617953746172745472616e73616374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224669726553746174654f664175746f536176654f6e436c6f73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456964456e737572654f70656e466f72536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2242475361766546616c6c6261636b546f46475c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224544505c22203a207b205c224576656e74735c22203a207b205c22446f63756d656e744964656e746974794368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f6f66696e675c22203a207b205c224576656e74735c22203a207b205c2250726f6f66696e674e6f50726f6f66526567696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225453706c4c6f61644c6962726172795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f75645370656c6c6572436865636b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6f50726f6f6652756e4469666665727346726f6d5061726150726f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c617373696669636174696f6e4372697469717565526573706f6e7365506572664d61704578636565645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224772616d6d6172436865636b657243616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72645c22203a207b205c225375624e616d657370616365735c22203a207b205c22426f6f745c22203a207b205c225375624e616d657370616365735c22203a207b205c2254696d696e675c22203a207b205c224576656e74735c22203a207b205c22446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d207d207d2c205c22426f6f745c22203a207b205c224576656e74735c22203a207b205c22416464696e4d6f6e69746f7256616c6964617465426f6f745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e44697361626c65644469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416464696e4d6f6e69746f7256616c6964617465426f6f74325c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22576f72644d61696c5c22203a207b205c224576656e74735c22203a207b205c2248724c6f61645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224872536176655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f6354696c696e675c22203a207b205c224576656e74735c22203a207b205c2254696c696e6749646c6542756e646c654576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654865617274626561745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254696c696e6749646c654669726542756e646c65644576656e74735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577476574456e756d657261746f724576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e7456696577446973636f6e6e6563745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b52656769737465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225465787454696c65446f63756d656e745669657753696e6b556e72656769737465725c22203a207b205c22	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Printers\DevModes2	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t\|0"	integrator.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.9 = 7b205c224576656e74466c61675c22203a20323536207d2c205c225072657061726553686f775461736b70616e6556325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656d6f766546726f6d526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775465616368696e6743616c6c6f75745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225461736b70616e65417070436d64496e7374616c6c6174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2255585c22203a207b205c224576656e74735c22203a207b205c224c61756e63684f6d657853534f436f6e73656e744469616c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416761766555784d696e6f72426c6f636b65645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2241707044656c6574656446726f6d446f63756d656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f67436c6f7365645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224469616c6f674f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f77496e666f626172436f6e73656e74566965775c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f774c6f6164696e6753746174655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253686f775265616374566965775c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22416464696e50726566657463685c22203a207b205c224576656e74735c22203a207b205c22507265666574636849636f6e735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225072656c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253616e64626f78507265666574636855726c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241637469766174696f6e5c22203a207b205c224576656e74735c22203a207b205c224352656d6f74657250726f78795c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2253696e676c655369676e4f6e5c22203a207b205c224576656e74735c22203a207b205c22446973706c617953534f436f6e73656e7450616765466f7241706943616c6c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224578656375746547657453534f546f6b656e496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d2c205c224576656e74735c22203a207b205c224f445041637469766174696f6e466f7254616761353572735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e64735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434f4d416464696e4f7065726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f4450417070436f6d6d616e647343616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473496e7374616c6c54696d655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450417070436f6d6d616e6473526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224557534c69626c657443616c6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67436865636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e744f70656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e67446f63756d656e7453686f77547275737455495c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446565704c696e6b696e675472757374526573756c745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224577734c6173745570646174655374617475734974656d53686f776e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644261736553756272756c655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e314163746976697479416767726567617465644661696c757265436f756e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247656e3141637469766974794167677265676174656453756363657373436f756e74576974685461675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44504170704d616e6167656d656e744d656e755c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450496e73657274696f6e4469616c6f675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445050617273654e65774d616e69666573744572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f44505265636f6d6d656e64656447616c6c657279436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f4450526962626f6e427269646765526962626f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445053616e64626f7841637469766174696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f45504d616e696665737450617273696e675c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526962626f6e427574746f6e436c69636b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746f7265557365725374617475734572726f725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224f445041637469766174696f6e466f7254616761353572715c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224f44504c6174656e63795c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e466565646261636b222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c2253617665526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e46696c65494f222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c224353495c22203a207b205c224576656e74735c22203a207b205c225265717565737441646170746572556e657870656374656443616c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22416d49416c6f6e6550726f63657373526573706f6e73655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174615570646174655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472616e73616374656453747265616d446174614d657267655472616e73616374696f6e436f6d6d69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c655363686564756c6546696c6555706c6f6164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243656c6c53746f726167654f6e426c6f624865617052657175657374526573756c74434d555c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e49734f6e6c79436c69656e7452657175657374436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437369446176436c69656e7453656e64526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574446f63756d656e7446726f6d55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224343616368656446696c654373694c6f616446696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224343616368656446696c654373695361766546696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e74466163746f72794372656174654e6577446f63756d656e745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22446f63756d656e7452656e616d655375626d6974576f726b4974656d5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22464d617050617468735c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f72436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574536861726555726c466f7246696c654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22476574576f706955726c46726f6d46696c654964656e7469666965724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e7447657456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2249446f63756d656e74526573746f72654173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224973446f776e6c6f616465644261736556616c69644e6f48617368436865636b5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472795265636f6e63696c65546f4c6174657374416674657256657273696f6e4e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253796e634261636b65645265636f6e63696c65725472616e736974696f6e4f6e6c696e655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2254727944657374726f794f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22576f706942726f77736542726f777365546f436f6e7461696e65724173796e635c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2253746f726167655c22203a207b205c224576656e74735c22203a207b205c2243616368654f70746963735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373446f776e6c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f70746963734572726f72735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637346696c6553746f726546696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637355706c6f61644572726f72446973747269627574696f6e7337446179735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f7074696373576f726b696e67436f707946696c6553697a65446973747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656d6f766546696c65456e7472795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243616368654f707469637350657246696c655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253746172744f666669636546696c6543616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d2c205c225375624e616d657370616365735c22203a207b205c2243656e7472616c5461626c655c22203a207b205c224576656e74735c22203a207b205c22436865636b536368656d6156657273696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22436c65617243616368655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22437265617465446174616261736546696c655573696e6754656d706c6174655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2243726561746544617461536f757263654661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2244617461736f757263654f70656e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2246696c65436163686550726f70657274696573526f774e6f74466f756e645c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224d69677261746546696c654e616d6546726f6d496e695c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526f77736574556e6b6e6f776e4661696c7572655c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22536368656d61557067726164655c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c224661756c744d616e6167656d656e745c22203a207b205c224576656e74735c22203a207b205c224661756c745265636f766572795c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c224661756c745265706f72745c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d207d207d2c205c2250726f746f636f6c5061727365725c22203a207b205c224576656e74735c22203a207b205c2250617273655572695c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b55726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496672496e697441726773576f72645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2248724c61756e636855726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22464c6f6164436d644c696e65436f72655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2250726f746f636f6c48616e646c65725c22203a207b205c224576656e74735c22203a207b205c225472794f70656e696e674c6f7248797065724c696e6b496e4e6174697665436c69656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2250726f746f636f6c48616e646c65724d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22556e7061636b4c696e6b5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b4c696e6b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b4173796e635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22556e7061636b4c696e6b5769746848696e745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c225254435c22203a207b205c224576656e74735c22203a207b205c2246696e6453657373696f6e456e64706f696e7452756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e74536861726555726c5c22203a207b205c224576656e74735c22203a207b205c22556e7061636b536861726555726c416e6448616e646c65526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e556e7061636b55726c436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486c696e6b5c22203a207b205c224576656e74735c22203a207b205c224d736f4872486c696e6b43726561746546726f6d537472696e675c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d534f5c22203a207b205c224576656e74735c22203a207b205c22434d736f4f4c446f634e657744657374727563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f63616c446f63756d656e74496e666f557073656c6c4576656e745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f63616c446f63756d656e74496e666f466c796f757444726f707065645c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2248616e646c65417574684661696c7572655f5573654578697374696e6743726564735f47656e657269634661696c7572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f4f4c446f634261736547	integrator.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.6 = 74466c61675c22203a20353132207d2c205c22456d61696c416374696f6e487562416374696f6e53656e64456d61696c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f666669636543686174436f6d6d616e6453657456616c75655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224d736f494d5365727669636573536642506861736531496d70726f76656d656e7473456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f757455736572496e697455495c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d5365727669636573497357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664257616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d736f494d536572766963657353664357616343686174456e61626c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22446f63756d656e744368617455494d6f64656c4f6e55494576656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224368617443616c6c6f7574557365724f6e5061727469636970616e744c6973744368616e6765645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6175746847616c6c65727955736572437265617465416374696f6e4875624c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436f6175746847616c6c65727955736572437265617465466c65784c69737446726f6d536e617073686f745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22436f6c6c61625c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f725c22203a207b205c225375624e616d657370616365735c22203a207b205c22436f617574686f72446f63756d656e7448656c7065725c22203a207b205c224576656e74735c22203a207b205c22547269676765725265747269657665446f63756d656e74436f617574686f72735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665456469746f72735461626c654d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265747269657665527463557365725c22203a207b205c224576656e74466c61675c22203a20353132207d207d207d207d207d207d207d2c205c2241744d656e74696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446f63756d656e744163746976697479496e746567726174696f6e5c22203a207b205c224576656e74735c22203a207b205c224164645265636f7665726564416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f6365737341744d656e74696f6e4e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22436f6d6d656e74734e6f74696669636174696f6e436f6c6c6563746f7252656d6f766564436f6d6d656e74735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2250726f63657373436f6d6d656e74734e6f74696669636174696f6e734c6973745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22536176654c6f67466f725265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22437265617465446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c657465436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22446973636172644c6f63616c416374697669746965735c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574655265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2243726561746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c65746541744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e436f6d6d656e7441637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224372656174654d6f6465726e41744d656e74696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e4c6f6746726f6d5265636f766572795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654d6f6465726e5265706c7941637469766974795c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225064616c6d446f63756d656e7441637469766974794c6f674d616e616765725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22456e73757265446f63756d656e744163746976697479436170747572655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22456e737572654c6f67507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224d6574726f4f70656e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f466f72417574686f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22437265617465556e69717565417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243726561746555736572496e666f46726f6d417574686f72566563746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224973436c6f7564446f63756d656e745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365745361766564507265526571735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655265766973696f6e53657441637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574436f6d6d656e74436f6e74656e744964656e7469666965725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f67436f6d6d656e744174747269627574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225472794372656174654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536176654c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657453617665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224162616e646f6e4c6f675c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225461736b4372656174696f6e41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22526561737369676e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2252656f70656e5461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436f6d706c6574655461736b41637469766974795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c22536176654173526563656e74436c69636b65645c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665417344656661756c745365727669636553656c656374696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f70656e526563656e74446f63756d656e747356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e74446f63756d656e7473566965775769746846656174757265456e61626c6564436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c634d616e6167657250726f6365737353657456616c75657350726f635c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22424743616c6349646c655461736b46457865637574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22506c6163657347726f757065724163636f756e74496e666f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2247657474696e67537461727465644d5255536c61624765744d72754461746554696d6547726f7570547970655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e526563656e744c6f636174696f6e7356696577436c69636b65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e5265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e617669676174696f6e52656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224f666669636553706163655c22203a207b205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167654e617669676174696f6e5c22203a207b205c224576656e74735c22203a207b205c224c617a794c6f616446696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224c6f616446726f6d46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253617665496e746f46696c6543616368655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164546869735043526f6f745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c22526561644c6f63616c466f6c6465725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225265616453697465526f6f74427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744974656d57656244617655726c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2247657452656d6f74654974656d496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2252656164446f634c6962466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22526561644d696772617465644f4443466f6c646572427956726f6f6d5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d207d207d2c205c22504358506572736f6e6150686f746f5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f757453706163655c22203a207b205c224576656e74735c22203a207b205c22557064617465506c616365735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22486964655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225365744d72754c697374466f72486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c65616e75705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536861726564576974684d65506f70756c6174654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225570646174654d52554974656d735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f70656e4469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e65774469736d6973735c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c224465736b746f704261636b73746167655c22203a207b205c224576656e74735c22203a207b205c224261636b73746167654469736d69737365645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279436f6d7061726557697468556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f7665727944656c657465556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f766572794f70656e556e736176656456657273696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224175746f5265636f76657279506f70756c617465556e736176656456657273696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e69744e65774e6176466f6c6465725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224e6577536572766963654c6973745c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c225368617265506f696e7453697465735c22203a207b205c224576656e74735c22203a207b205c2247726f75707353697465735265717565737449636f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e745369746573496e697469616c697a655369746573436f6c6c656374696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e74536974657350726f63657373526573756c74466f724964656e746974795c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465734964656e74697479436163686552657175657374526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734361636865645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e6350726f63657373526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225368617265506f696e7453697465735265717565737453697465734173796e635c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224372656174654c6f636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2244656661756c744964656e74697479456d7074795c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253686172696e674c6567616379436c69656e745c22203a207b205c224576656e74735c22203a207b205c22476574446174615c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22486f6d65506167655c22203a207b205c224576656e74735c22203a207b205c22506c6163654368616e6765536c6162436f6e646974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e53686f77486f6d65506167655c22203a207b205c224576656e74466c61675c22203a2032207d207d2c205c225375624e616d657370616365735c22203a207b205c225365617263685c22203a207b205c224576656e74735c22203a207b205c225365656e4279557365725c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224f666669636553746172745c22203a207b205c224576656e74735c22203a207b205c22536574757054656d706c61746550726f706572746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243757272656e745549416374697665506c6163654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547269676765725468756d626e61696c416374696f6e52756e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22446f63756d656e744e6f74696669636174696f6e735c22203a207b205c224576656e74735c22203a207b205c2252656769737465724f6e49646c65466561747572654761746544697361626c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d7275536572766963654170695c22203a207b205c225375624e616d657370616365735c22203a207b205c22446f63756d656e74735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22506c616365735c22203a207b205c224576656e74735c22203a207b205c2252656164526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225772697465526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f6e526571756573745375636365656465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d207d2c205c224d736f53686172696e675c22203a207b205c224576656e74735c22203a207b205c22434d736f53686172696e675365727669636548656c706572456e64476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572476574486f73744361706162696c69746965735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c706572456e6447657455736572417474726962757465735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22434d736f53686172696e675365727669636548656c7065724765	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\5272_Status = "started"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	integrator.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|5"	integrator.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigIds = "std::wstring\|P-R-1098158-1-5,P-R-76757-1-2,P-R-54903-1-3,P-R-26146-7-17,P-D-29635-1-1,P-D-27087-1-9,P-R-79688-1-3,P-R-53532-1-5,P-R-51436-1-6,P-R-51427-18-12,P-R-40464-18-9,P-X-98518-6-9,P-R-38390-18-21,blockedgraphicsadapter5:475899,P-R-35099-2-4,P-R-61408-18-3,P-R-55746-2-5,P-R-53512-1-4,P-R-46974-18-18,P-R-38953-1-11,P-R-36551-18-18,P-R-71414-1-6,P-R-40253-6-19,P-R-40254-6-18,P-R-35401-6-7,P-R-32107-22-22,P-R-39146-14-15,P-R-39147-14-20,P-R-28546-6-11,P-R-28165-6-28,P-R-24980-8-48,P-R-24390-5-12,P-R-18279-2-65,P-D-34200-4-5,P-R-51145-2-7,P-R-29928-2-20,P-R-67932-1-4,P-R-67201-1-4,P-R-64545-1-4,P-R-64035-1-4,P-R-53515-18-9,P-R-53280-1-6,P-R-52247-1-5,P-R-51958-1-5,P-R-51842-1-5,P-R-51277-2-6,P-R-47451-18-20,P-R-45919-18-19,P-R-45085-18-12,P-R-41442-18-18,P-R-38085-12-9,P-R-18744-6-22,P-D-34239-1-6,P-R-1034169-10-7,P-E-28677-C1-3,P-R-55122-8-8,P-R-50255-10-9,P-R-44907-1-9,P-R-45314-10-16,P-R-44965-C1-6,P-X-1240823-1-3,P-E-38231-2-4,P-R-1245662-15-4,P-R-94560-14-12,P-R-94189-14-13,P-R-93882-14-26,P-R-54728-16-23,P-R-54698-16-16,P-R-54658-18-19,P-R-38306-18-3,P-R-35717-5-30,P-R-34019-4-3,win32devicecanary:541483,win32devicecanary:541483,P-X-53845-1-9,P-X-53772-1-3,P-X-51790-1-3,P-R-1025232-24-9,P-R-71358-1-4,P-R-70941-1-4,P-R-69065-1-3,P-R-67160-1-7,P-R-59781-1-4,P-R-55631-1-4,P-R-54215-1-4,P-R-53751-1-4,P-R-53752-1-4,P-R-53526-1-4,P-R-52110-1-4,P-R-49765-15-32,P-R-48818-17-25,P-R-50679-1-4,P-R-50486-18-12,P-R-44830-18-13,P-R-49416-4-14,P-R-48457-2-6,P-R-47974-16-18,P-R-46544-18-11,P-R-45609-14-6,P-R-45197-2-6,P-R-44046-18-11,P-R-44015-18-20,P-R-43723-2-6,P-R-41742-18-32,P-R-40980-18-16,P-R-40359-2-10,P-R-39029-5-18,P-R-38835-18-48,P-R-37676-18-46,P-R-36310-4-5,P-R-35945-10-5,P-R-35165-2-7,P-R-35143-4-4,P-R-33553-4-6,P-R-33536-12-13,P-R-29809-1-7,P-R-26968-3-9,P-R-18425-8-62,P-R-18426-5-30,P-R-18424-4-34,fiser190:377704,happy03172020-1:61977,happy02062020-0:28428,P-R-53545-4-5,P-R-50711-18-11,P-R-49736-6-22,P-R-48467-18-18,P-R-32106-7-33,P-R-30085-1-9,P-R-29138-38-83,P-R-29315-36-69,P-R-25009-1-8,P-R-24363-1-13,P-R-21631-10-64,P-R-19898-1-22,P-R-19814-1-62,P-R-19012-1-57,P-X-50220-1-3,P-X-49730-1-3,P-R-69347-1-5,P-R-64574-1-4,P-R-54116-1-4,P-R-53585-18-18,P-R-52594-18-5,P-R-52386-1-4,P-R-50980-2-4,P-R-50938-1-4,P-R-50152-18-20,P-R-49175-18-22,P-R-47260-18-23,P-R-44156-18-26,P-R-43284-18-19,P-R-43285-12-22,P-R-42482-1-4,P-R-40990-12-15,P-R-39333-18-28,P-R-35439-12-21,P-R-33215-18-19,P-R-31352-12-25,P-D-34269-2-5,gruse488:570358,grico406:19777,P-R-49830-18-15,P-R-40586-18-27,P-R-32996-18-24,P-D-40316-9-5,P-R-50429-18-8,P-R-65295-18-30,P-R-61861-1-4,P-R-61737-1-4,P-R-51777-18-8,P-R-50920-1-6,P-R-50366-18-19,P-R-35985-14-23,P-R-35891-18-5,P-R-32004-2-5,P-X-1276509-1-5,P-R-1280425-13-17,P-R-68336-2-4,P-R-67286-2-6,P-R-51513-2-4,i0d76970:598689,P-R-79963-1-2,P-R-52043-1-3,P-R-51764-1-4,P-R-49388-2-6,P-R-48335-4-16,P-R-47308-3-9,P-R-42392-2-4,P-R-39073-1-5,P-R-1123376-10-12,P-R-1009855-12-14,P-R-98856-18-48,P-R-43489-30-15,P-R-38410-12-23,P-X-1291246-2-3,P-X-1019581-1-3,P-X-1006174-1-5,P-R-66436-1-4,P-R-62873-1-4,P-R-51097-1-5,P-R-50706-18-7,P-R-50055-18-7,P-R-49315-18-5,P-R-42660-18-35,P-R-36649-8-9,ch371179:600396,oemic639:397753,oeall843:375887,P-R-42379-2-3,P-R-42378-2-3,P-R-66539-1-4,P-R-66538-1-4,P-R-65278-1-4,P-R-65279-1-4,P-R-59180-1-4,P-R-48070-1-5,P-R-47386-1-4,P-R-55342-2-2,P-R-53377-2-6,P-R-52481-2-5,P-R-49759-2-8,P-R-46100-20-9,P-R-38510-2-10,P-R-37550-20-13,P-R-32186-C27-29,P-R-58135-2-4,P-R-56618-1-3,P-R-56027-1-4,P-R-46145-18-18,P-R-33892-1-8,P-R-33696-1-5,P-R-55749-1-4,P-R-53662-1-4,P-R-52246-1-4,P-R-52245-1-4,P-R-52238-1-5,P-R-43644-6-13,P-R-39912-1-2,P-R-39283-4-10,P-R-50380-18-18,P-R-50379-18-17,P-R-68146-1-5,P-R-63409-1-5,P-R-50542-18-14,P-R-50500-18-16,P-R-48365-18-24,P-R-48161-18-32,P-R-46597-1-4,P-R-33737-1-4,P-E-29662-C1-3,P-R-29303-2-20,P-R-56654-2-4,P-R-51703-1-5,P-R-50133-2-9,P-R-47242-18-11,P-R-46410-1-5,P-R-45550-C17-46,P-R-45490-16-9,P-R-44885-18-20,P-R-42512-1-3,P-R-40169-8-13,P-R-37313-18-22,P-R-36664-4-4,P-R-35476-2-5,P-R-35407-4-3,P-R-35237-14-11,P-R-35150-2-4,P-R-35129-2-4,P-R-35056-4-5,P-R-34889-8-4,P-R-34044-2-4,P-R-33718-6-5,P-R-33459-1-5,P-R-30292-4-8,P-R-28644-1-4,P-R-24037-1-7,P-R-23445-3-7,P-R-23434-3-7,P-R-18513-1-30,P-D-34699-4-4,P-D-34697-2-4,P-D-34675-1-4,P-D-34673-1-4,P-D-34654-1-4,P-D-34587-3-5,P-D-34266-1-4,P-D-34262-1-5,P-D-34260-1-5,P-D-34258-2-5,P-D-32465-1-5,P-D-32459-2-4,P-D-32458-5-4,P-X-1083427-2-5,P-R-69529-1-5,P-R-65011-1-3,P-R-53622-18-4,P-R-50541-2-7,P-R-49893-22-9,P-R-36932-2-13,jh8ab447:380633,P-R-69232-18-13,P-R-23681-2-7,P-D-32502-2-3,P-D-32501-2-3,P-D-32415-2-3,P-R-64513-18-11,P-R-51916-84-31,P-R-23746-32-46,P-R-38248-20-26,P-R-1286642-1-3,P-R-1280186-1-3,P-R-1267084-2-6,P-R-1258784-3-5,P-R-1245296-4-6,P-R-1236953-4-6,P-R-1157570-2-4,P-R-1132821-2-4,P-R-1119013-1-3,P-R-1098796-1-3,P-R-1094445-1-3,P-R-1080412-1-3,P-R-1069769-2-4,P-R-1068115-1-3,P-R-1045118-2-4,P-R-25269-14-21,P-R-1044408-1-3,P-R-1044141-7-9,P-R-1037887-1-3,P-R-1037879-1-3,P-R-1036293-1-3,P-R-1036292-1-3,P-R-1036289-2-4,P-R-1036288-1-3,P-R-1036068-2-4,P-R-1035933-2-4,P-R-1035149-2-4,P-R-1033817-1-3,P-R-1028168-1-3,P-R-1009717-3-5,P-R-1000061-2-4,P-R-117548-2-4,P-R-111682-1-3,P-R-105731-36-38,P-R-104435-13-15,P-R-100294-1-3,P-R-99633-1-3,P-R-98929-2-4,P-R-98250-1-3,P-R-94299-1-3,P-R-93077-1-3,P-R-86118-1-3,P-R-80517-7-9,P-R-78112-4-6,P-R-77140-2-4,P-R-76918-2-4,P-R-76721-1-3,P-R-75440-2-4,P-R-73676-1-3,P-R-72449-7-10,P-R-72030-4-6,P-R-68069-2-4,P-R-66975-1-3,P-R-65567-1-3,P-R-62212-2-4,P-R-60602-3-5,P-R-52633-1-3,P-R-52171-2-4,P-R-52011-2-4,P-R-51921-8-10,P-R-51258-8-10,P-R-50752-2-4,P-R-50681-2-4,P-R-50599-4-6,P-R-50596-4-8,P-R-50553-1-3,P-R-49597-3-5,P-R-49458-2-4,P-R-48530-7-9,P-R-47948-1-4,P-R-46580-3-5,P-R-46484-10-12,P-R-46122-1-3,P-R-45858-2-4,P-R-43966-2-4,P-R-43502-19-21,P-R-41430-1-3,P-R-40751-8-10,P-R-40273-4-6,P-R-39238-5-7,P-R-38682-3-5,P-R-37588-2-4,P-R-34355-8-10,P-R-26266-4-9,P-R-26834-3-8,P-R-24662-16-22,P-R-27479-6-11,P-R-26056-7-15,P-R-27006-7-12,P-R-30338-3-7,P-R-30178-79-81,P-R-30053-8-10,P-R-27458-1-5,P-R-25822-16-19,P-R-25083-6-9,P-R-24690-43-47,P-R-24689-2-5,P-R-24666-2-5,P-R-24663-6-11,P-R-24659-7-10,P-R-23744-7-9,P-R-23739-7-9,P-R-23736-14-17,P-R-23734-7-9,P-R-23730-21-24,P-R-23723-10-12,P-D-32588-1-3,P-D-32534-1-3,P-D-32524-1-3,P-D-32518-1-3,P-D-32512-1-3,P-D-32509-1-3,P-D-32485-1-4,P-D-32484-1-4,P-D-32405-1-3,P-R-1087141-4-7,P-R-49160-12-12,P-R-47601-18-13,P-R-46834-12-14,P-R-46202-18-11,P-R-44018-18-13,P-R-43355-18-12,P-R-35337-16-7,P-R-33916-1-5,P-R-33580-8-9,P-X-117400-1-3,P-R-59175-18-4,P-R-53292-14-10,P-R-49130-18-23,P-R-46913-18-8,P-R-37449-18-15,uxmediumiconluminance:353455,P-R-48549-18-11,P-R-19262-1-12,P-E-44774-2-9,P-R-44869-16-16,P-R-33918-1-11,P-R-1128630-1-7,P-R-1098412-1-5,P-R-1091267-1-55,P-R-81720-1-2,P-R-58406-1-5,P-D-50697-2-4,P-D-29719-1-1,P-D-29718-1-1,P-D-29593-1-6"	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767597476743093"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	integrator.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.3 = 222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e49676e6f726544697361626c654144414c61746f7057414d4f76657272696465466f725075726557414d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e53706f41757468436f6e74657874456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e5573654964656e7469747943726564656e7469616c734661696c757265496e666f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e55736553706f436f6f6b696546726f6d53616d6554656e616e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72436f6e73756d657273222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e44617465546f5573654d6963726f736f6674333635466f72534d42222c20225622203a20227374643a3a77737472696e677c323032302d30342d32315430303a30303a30302e302b30303a303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c6547726163655769746857414350726f6d6f427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e456e61626c654d6f6465726e41464f222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e486561727462656174446179734265666f726545787044617465222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e747353656c6653657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e4e6f456e7469746c656d656e74735472794275794578706572696d656e7454726561746d656e74222c20225622203a2022696e7433325f747c3222207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e53686f77564e6578745369676e4f75744469616c6f67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564436f6e666967446570726f766973696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4c6963656e73696e672e5573655265666163746f726564476574557365724c6963656e7365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e436c6f7564506f6c6963792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e54656e616e744173736f63696174696f6e4b65792e4e6f6e5075626c6963436c6f7564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4d616e6167656162696c6974792e5573654f637073563255726c496e57696e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4e616e63794f66666963655465616d2e7a686574616e34313232303231222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b45777353657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e416c6c6f7741626f7274517569636b436865636b4f6d657853657276696365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e44697361626c6557696e646f7745787465726e616c436c6f73655364784469616c6f67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e496e766f6b6546657463684d616e696665737443616c6c6261636b4f6e446f776e6c6f61644d616e6966657374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e557365436c6f6e6564496e7374616e6365466f724572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4368616e6765476174652e56616c6964617465446f776e6c6f61645265736f7572636573222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4469616c6f6754776f5761794d6573736167696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e456e61626c654d696e43616368655265667265736820222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4964656e746974794361636865466f72636552656672657368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e4f7366496e7374616c6c6572526567697374657242675461736b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e746974794d696e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e506572557365724964656e74697479526962626f6e4361636865222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f45502e5765624b69743246756c6c4469616c6f67415049222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e536574436f6e6e656374496e7465726e616c5570646174654576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f4d45582e456e61626c65456e7465727072697365436f6d416464696e556e68616e646c6564457863657074696f6e4576656e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65416972537061636547726f757044726167466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6172742e456e61626c65496e736572744d6564696154656c656d65747279222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4170706c652e43576f726b73706163655573657255736555726c46726f6d526177556e69636f6465537472696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e4368616e6765476174652e53686f77494150456e747279222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e44656570426174636853746f7265456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e52656e6465725570646174656457696e333252656458222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f6e654e6f74652e53686f756c645573654e6574436f7374496e73746561644f664d736f426c6f636b696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e4c6173744d696c6554656c656d6574727954726163657274222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e4c696e6b6564496e4b32466978222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e5063782e5063784a756e65323031394275674669786573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33363134383230222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393039323635222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4f75746c6f6f6b2e526970636f72642e33393435323833222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5043582e526970636f72642e56534f2e33363432383036222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e426c6f636b696e6757616974732e4f737250726f63657373222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572666f726d616e63652e4368616e6765476174652e586c426f6f74436f6d706c657465416674657246696c654f70656e416e6453706c61736853637265656e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c65476574496e736967687473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e456e61626c6553656e645369676e616c222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506572736f6e616c697a6174696f6e2e557365476574496e736967687473466c6f77466f724665746368696e67476f7665726e616e636544617461222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e436865636b56696577496e536c6964654a616e69746f724f62736572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e466f726365536f6674776172654d696e69617475726552656e646572696e67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e4d657267652e5573655468726f77696e674c69666567756172645374657073222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e4368616e6765476174652e536c69646553686f772e52656c65617365536c69646553686f774d616e616765724265666f726547667853687574646f776e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e48616e646c65434c524372617368222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e742e53756767657374696f6e732e456e61626c65436f6e74656e745265636f6d6d656e646174696f6e4974656d73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e506f776572506f696e744f6e6c696e652e4175676c6f6f702e436f70696c6f742e5354466978656450726573466f724e6f546f706963466f72416c6c54656d706c61746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443325253657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e50726f6a6563742e50726f6a65637443656e74656e6e69616c53657276657232303133436f6e6e656374696f6e426c6f636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e434c502e5570646174655374617475734261724f6e50726f66696c65537769746368222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e43656e7472616c697a6564457874656e73696f6e536166657479436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e49524d2e5758505644697361626c654c6f616454656d706c617465734f6e426f6f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4973457874656e73696f6e496e4c697374557064617465222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e4d6f6e69746f72656446696c65457874656e73696f6e4c697374222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e50726f74656374696f6e536572766963652e4e657755784d6f64656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e53686f756c6452756e436c6f75645365637572697479506f6c696379436865636b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53656375726974792e5573654e6f526566436f756e74416d736953747265616d222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e436c6f7564222c20225622203a20227374643a3a77737472696e677c5075626c696322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e46617374465445222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d53495442697a63686174416c6c6f776c697374222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4d6f636861222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e4f584f416c6c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e50657270657475616c4c6963656e7365222c20225622203a20227374643a3a77737472696e677c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e5365676d656e74222c20225622203a20227374643a3a77737472696e677c4e4f4e4652444322207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e56657273696f6e506172746974696f6e222c20225622203a20227374643a3a77737472696e677c57696e3332416e64726f6964486f7422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5365676d656e746174696f6e2e576f7264436f70696c6f74446f67666f6f64222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e416c6c6f775a65726f4c656e677468536561726368537472696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f436f727265637455492e41637469766974696573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4275674669786573466f7252657472794661696c65645265717565737473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e5368617265642e4175746f446973636f7665722e4c696d6974546f4f6e654175746f446973636f766572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e53	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	integrator.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1"	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\ClickToRun\C2RClient\C2RClientReturnCode\5272_ExitCode = "0"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	integrator.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.2 = 6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4661696c43616c6c73546f5472616e73616374656453747265616d446174614265666f72654373694c6f616446696c65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4872446f776e6c6f616454656d704173796e634c4d54222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e637265617365644279746573427566666572657257696e646f7753697a65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e496e6372656d656e74616c4f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4973496e74656c6c6967656e745361766550726f6d7074537572766579456e61626c6564222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e49734f70656e4572726f724469616c6f6741626c65546f42654f76657272696464656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4c6f636174696f6e5069636b65725468726565446f74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4e65766572466f726365486f73744d6f6465496e436f6c6c61625265636f6e63696c6174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f63735072656665746368496e7465726e616c436f6f7264696e6174696f6e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c654d61785265747279436f756e74222c20225622203a2022696e7433325f747c3522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e4f637369576f726b696e67436f7079577269746546696c655265747279496e74657276616c496e4d696c6c697365636f6e6473222c20225622203a2022696e7433325f747c31303022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e50726f746f636f6c48616e646c65722e44697361626c65457863656c53656375726974794469616c6f67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e50726f746f636f6c48616e646c65722e44697361626c65506f776572506f696e7453656375726974794469616c6f67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e50726f746f636f6c48616e646c65722e44697361626c65576f726453656375726974794469616c6f67222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5265667265736855706f6e526573746f726174696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536572766572496e666f4d736f446176436865636b456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536861726555726c456e64706f696e744361636865456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53686f756c645265717565737451756572794578706563746564416363657373222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970556e636f6d70617261626c65446f776e6c6f61645265766973696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e536b6970576563496e6974447572696e674f70656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e53747269637453746f726167654c6966656379636c65222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e537472697056657273696f6e494446726f6d55726c4265666f726553656e64696e67546f437369222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5472696767657253796e63496e7369646548616e646c6542617365446f776e6c6f61644572726f72222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e556e7365745265736f757263654964496646696c655761734e6f745361766564546f536572766572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573654361636865644e6574776f726b436f6e6e656374696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e5573655265666163746f72656453796e634368616e6e656c496e486f73745265766973696f6e7355706461746572222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e557365586d6c48747470436f6d706f6e656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e46696c65494f2e56616c69646174654d617050617468734c697465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e44656661756c744368616e6e656c436f6f6c646f776e2e42616e6e6572222c20225622203a2022696e7433325f747c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6543616d706169676e436c69656e74222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d6f6465726e466c6f7757697468546965726564476f7665726e616e6365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c654d756c74694c61756e636853757276657943616d706169676e73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6554656c656d657472794576656e745472616e736475636572222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e496e7369646572546f6173744c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d617843616d706169676e73506572417070222c20225622203a2022696e7433325f747c323522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4d6178446961676e6f73746963436f6c6c656374696f6e73506572417070222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e4e6f746669636174696f6e4c61756e63686572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e50726976616379436865636b466f724e6f6e436f6e74726f6c6c657253657276696365466f72537572766579222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656443616d706169676e537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e674261736564476f7665726e65644368616e6e656c537461746573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e526f616d696e67426173656453757276657941637469766174696f6e5374617473222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e466c6f6f64676174652e53757276657973456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e41766f6964556e6e656365737361727944657669636552656372656174654f6e446973706c61794368616e6765222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e436865636b507265666572436d644c697374466f7243616c6c436d64546f7373556e646f222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e456e73757265496e6b5374796c65496e69745769746853757266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e4669784465766963655265456e756d65726174696f6e222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e52756e4d6f646966794465736372697074696f6e436f6d6d616e6441734d6f6465726e496e457863656c222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c69676874222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5365745465787446696c6c546f426c61636b466f7253656c6563746564486967686c6967687432222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4368616e6765476174652e5573655368617265644458474941646170746572456e756d65726174696f6e4c6f676963466f7253746172747570222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c6553657450696374757265417370656374526174696f436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e436f6d6d616e64732e456e61626c655365745461626c655374796c65436d64222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c654368616e676550696374757265436f6d6d616e64466f72426c697046696c6c73222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e456e61626c655356474c696e65416e6446696c6c436f6d6d616e6473466f72536861706573222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e47657443616c6c537461636b466f7246576964656e222c20225622203a2022696e7433325f747c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e49636f46696c746572456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e496e6b2e44656c657465416c6c496e6b222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d617833444d6174657269616c5465787475726553697a65222c20225622203a2022696e7433325f747c3430393622207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b6564436f756e7472696573222c20225622203a20227374643a3a77737472696e677c61663b647a3b62683b636e3b63753b65673b69643b69723b69713b6a6f3b6b773b6c623b6c793b6d723b6d613b6b703b6f6d3b71613b73613b73643b73793b746e3b74723b61653b796522207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d6f64656c33444f6e6c696e652e426c6f636b65644c616e677561676573222c20225622203a20227374643a3a77737472696e677c74722d74723b7a682d636e3b61722d73613b69642d696422207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e4d756c74695363656e654465707265636174696f6e732e476574554957696e646f7746726f6d55736572496e74657266616365222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e526574727943726561746544324431466163746f72794f6e44656c61794c6f61644661696c7572654d617852657472696573222c20225622203a2022696e7433325f747c323022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e536e61704c696e655769647468496e50656e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e53746172744174506172656e7454696d65222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e537570706f727454657874496e535647546f5368617065436f6e76657273696f6e222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365417263546578747572654265666f7265443244222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6973744e6f6465222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e5573654c6f676963616c445049466f72566563746f72496d6167655265736f75726365222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726170686963732e557365536d617274496e6b416e616c797a6572466f72496e6b456469746f72222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e466f726365456e67696e6553657475704f6e4247546872656164222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e4f7074696d697a65526f616d696e6753657474696e67222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e547275737442617244656c6179466f726d6174222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e47726f7774682e41697254726166666963436f6e74726f6c2e556e666f726d6174746564427573426172222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e48656c702e496e636c756465436f6d6d616e6454797065222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4144414c5468726f74746c696e67456e61626c6564222c20225622203a2022626f6f6c7c3122207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e41766f696453656e64696e675368617265506f696e7448656164657273546f5075626c6963456e64706f696e7473222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e4368616e6765476174652e4f6e6c7950657273697374536368656d65466f7253657276657255726c73222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e61626c6557616d54656c656d65747279426c6f62222c20225622203a2022626f6f6c7c3022207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e4964656e746974792e456e7375726550726f66696c65466f725072696d6172794964656e746974696573	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\integrator.exe\ULSMonitor	integrator.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\0.8 = 7d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457863656c222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22436f617574685c22203a207b205c224576656e74735c22203a207b205c224f70656e46696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d2c205c22457865637574654d65726765496e7374616e63655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224b69636b4f6666517569636b536176655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22586c53796e6353746174654368616e67654c697374656e65724f6e53796e6353746174654368616e67655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f63734765744f70496e7465726e616c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436c6f7365576f726b626f6f6b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224261636b67726f756e6451756575655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e4765745265766973696f6e526573706f6e736552656365697665645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f70464275696c644765745265766973696f6e526571756573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f637350756c6c4f704f6e436f6d706c657465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b5061636b61676546696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746172745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b456e637279707465644d6574726f46696c6553746f705c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22536b697070656443686743656c6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243717532674872446f456e74657243656c6c466d6c61584c5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2246696c65536176655c22203a207b205c224576656e74735c22203a207b205c225361766541735361766546696c655c22203a207b205c224576656e74466c61675c22203a203330393632323437343338323231303536207d207d207d2c205c22496e6672615c22203a207b205c224576656e74735c22203a207b205c224164644c6f63616c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436f6d6d616e645c22203a207b205c224576656e74735c22203a207b205c2252656672657368416c6c5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c22526566457874446174615c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d2c205c2243616c635c22203a207b205c224576656e74735c22203a207b205c224669784d616e75616c43616c634f6e4c6f61645c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e4578706572696d656e746174696f6e222c20225622203a20227374643a3a77737472696e677c7b205c224576656e74735c22203a207b205c224564676546657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224c6f6164696e67466972737453657373696f6e43616368655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744665617475726573466f72534458556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224142436f6e66696754726561746d656e7454797065556e65787065637465645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d22207d2c207b20224622203a20224d6963726f736f66742e4f66666963652e54656c656d6574727944796e616d6963436f6e6669672e457874656e736962696c697479222c20225622203a20227374643a3a77737472696e677c7b205c225375624e616d657370616365735c22203a207b205c22446973636f7665725472794275795c22203a207b205c225375624e616d657370616365735c22203a207b205c2250795c22203a207b205c224576656e74735c22203a207b205c2253657276657244726976656e4e6f74696669636174696f6e55736572416374696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d2c205c2253657276657244726976656e4e6f74696669636174696f6e5c22203a207b205c224576656e74466c61675c22203a203438383936207d207d207d207d207d2c205c224f66666963654a735c22203a207b205c224576656e74735c22203a207b205c22417070436f6d6d616e64446566696e6974696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070496e697469616c697a6174696f6e585c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225363726970744c6f6164585c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c22436174616c6f675c22203a207b205c224576656e74735c22203a207b205c2245786368616e67654765744c617374557064617465325c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22547279446973636f76657245777355726c735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e67654765744c6173745570646174655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2254727948616e646c6541757468656e7469636174696f6e526573756c745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245786368616e6765476574456e7469746c656d656e74735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e67654765744d616e6966657374735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786368616e676552656672657368457874656e73696f6e4c6973745c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c2241757468656e7469636174696f6e526963684170695c22203a207b205c224576656e74735c22203a207b205c22476574416363657373546f6b656e56324261636b67726f756e645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e56324d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22476574416363657373546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2247657441757468546f6b656e5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22496e7374616c6c65725c22203a207b205c225375624e616d657370616365735c22203a207b205c225461736b456e67696e655c22203a207b205c224576656e74735c22203a207b205c224765744368616e676564536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224765744368616e676564536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5363686564756c65645c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b526567697374726174696f6e4572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b537563636573735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b496e46696e616c697a655374617465457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b536574496e7374616c6c5374617475734572726f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676541707078457874726163746f725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b6167655265717565737465725461736b53657276696365526571756573745374617475735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b446573747275637465644265666f7265436f6d706c6574655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b436f6d706c6574656446657463685c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b496e7374616c6c6564417070735c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22457870466972737453657373696f6e5461736b4170704665746368446f6e655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b61676553617665725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578705061636b616765526567697374726174696f6e496e666f5461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c225061636b616765536f6c7574696f6e49445570646174655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224578747261637446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2245787472616374466f6f747072696e7446696c6573546573745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b52756e4e657874457863657074696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f73664d616e696665737456616c696461746f725c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224765744368616e676564536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c476574436f6e66696755726c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b5265676973746572536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724e65757472616c5061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22436865636b416e64557064617465416c6c536478536f6c7574696f6e735461736b52656769737465724c6f63616c655061636b6167655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b4c6f63616c65556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744368616e676564536f6c7574696f6e735461736b5061636b616765556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22496e7374616c6c536478536f6c7574696f6e5461736b5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253636176656e6765725461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253636176656e6765725461736b436c656172526567697374726174696f6e4661696c65645c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c224d61696e5c22203a207b205c224576656e74735c22203a207b205c225344584261636b67726f756e645461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c65725374617274436f6d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744e6f74434f4d5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c496e69745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224f7366496e7374616c6c657253746172744d61696e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c5363686564756c655461736b5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2243496e7374616c6c65724d61696e5368656c6c53687574646f776e5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737454696d656f75745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224765744e6574776f726b436f737453657276696365556e617661696c61626c655c22203a207b205c224576656e74466c61675c22203a2032207d207d207d207d2c205c224576656e74735c22203a207b205c225061636b61676541707078457874726163746f725461736b5061636b616765496e666f726d6174696f6e5c22203a207b205c224576656e74466c61675c22203a2032207d207d207d2c205c2253616e64626f785c22203a207b205c224576656e74735c22203a207b205c22506f73744f7366436f6e74726f6c4d6573736167655c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445041637469766174696f6e48616e67696e675c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2253616e64626f784372656174696f6e5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c2244656c6574654f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c225365744f4d546f6b656e4f6e54726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a2032207d2c205c2253657454726964656e74486f73745c22203a207b205c224576656e74466c61675c22203a20353132207d2c205c224f445053686f775461736b70616e65436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a2032207d2c205c224372656174654f7366436f6e74726f6c56325c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2243726561746552656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22446f776e6c6f61644d616e69666573745c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2252656c6f6164416c6c4f7366436f6e74726f6c735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727452656d6f7465725c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c225265737461727453616e64626f7865735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2253746172744f7366436f6e74726f6c5c22203a207b205c224576656e74466c61675c22203a20323536207d207d207d2c205c22417070436f6d6d616e64735c22203a207b205c224576656e74735c22203a207b205c22526962626f6e5847656e657261746f725c22203a207b205c224576656e74466c61675c22203a2032207d2c205c22417070436d6450726f6a656374696f6e5374617475735c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865446573657269616c697a6546726f6d53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22436163686553657269616c697a65546f53747265616d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22457773526566726573685c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2245786563757465416374696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e4f454d5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246616c6c6261636b546f46697273744c6976654964496e526962626f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c2246657463684361636865536f6c7574696f6e5c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c22496e7374616c6c4d616e696665737452656164795c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224c6f61644d696e43616368655c22203a207b205c224576656e74466c61675c22203a20323536207d2c205c224d69734d61746368696e67526962626f6e4964656e74697479496e666f5c22203a20	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ETag = "std::wstring\|\"k5H1RxBvjXDnaHgtIh1W4li3W+kL+8CBMXZ1OmHRMGc=\""	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	integrator.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	integrator.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData\ChunkCount = "uint64_t\|7"	integrator.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7}\InprocServer32	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{93268539-3E2E-3D1D-85CF-CB48190B5CF8}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9688FA96-8CF6-4642-8839-DD659D86C9B9}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C8F6BBD1-4841-4C73-ACBB-69CE5637808E}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BFB32608-3F71-3941-964A-959AD6D57A8A}\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109E70000000100000000F01FEC	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.dotm\ShellEx	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D}\VersionIndependentProgID	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F27E9F06-5629-3DBB-967C-22383DE910D1}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4E3C66D5-58D4-491E-A7D4-64AF99AF6E8B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A7DA9C5F-296D-3269-AAD9-8127DE331A0A}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{45372BD5-BEC0-3C2B-8168-433A9E059DEE}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8DDB11D5-5F0C-305E-90B3-59A5B077F132}\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D02066AC-B77D-39B1-92C9-F285CDE29E0B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E7E145AD-764D-322F-BD8F-9064FF2B7D94}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{68CED213-317D-3F27-9036-A33240DA522E}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F6C8-98B5-11CF-BB82-00AA00BDCE0B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F272-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F26C-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SharePoint.DragUploadCtl\CurVer	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9457FC67-147A-32F8-BA6A-20502CBCF186}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8180C4A6-20CC-3CD4-9DE0-A1D1384513E5}\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\EnableFullPage\.vstm	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F3E6-98B5-11CF-BB82-00AA00BDCE0B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5}\InprocServer32	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E0ABC3C0-D199-11CE-8CCE-00AA0044BB60}\11.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020819-0000-0000-C000-000000000046}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000CDB0D-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{19A0F9EB-53E7-3F1F-B9C8-DCA08D6FC370}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A51000B6-7B41-3E7A-813E-DB7BE56C71B8}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799}\VersionIndependentProgID	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24}\VersionIndependentProgID	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{60196884-C2AF-3F99-8DA2-B44FE4D02A29}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A249E9F6-5B28-4ED1-8AF0-C9B9C5195486}\InprocServer32	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B12AC10C-DAC9-3348-BD2B-29A0A270196B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AAB9C2AA-6036-4AE1-A41C-A40AB7F39520}\a.0\0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\WINWORD.EXE\SupportedTypes	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.doc\ShellEx	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB}\EnableFullPage\.vst	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{AF2102B9-8C24-358E-B851-05D1803A4356}\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BFA3BC72-BCD9-31CC-9F78-1AE867DF9840}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020800-0000-0000-C000-000000000046}\InprocServer32\15.0.0.0	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B}\InprocServer32	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Icad.ViewerDrawing	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{012F24C1-35B0-11D0-BF2D-0000E8D0D146}\1.0\FLAGS	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{05E7A42A-303C-371A-B137-3635FDDD54AA}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D6E78E55-7EE7-4A31-BF3E-B01E819599BA}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{16C96DBE-E683-4BAB-9358-58C539857DE2}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6BF95896-A5B8-44C5-81E1-03D78481C890}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18987285-971B-4C88-AEA9-2A5600861BA5}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.vsdx\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F3FE-98B5-11CF-BB82-00AA00BDCE0B}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{684F9AC6-2A01-30D9-8147-4FB12B693B2F}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{807E00DB-6E8A-3803-AE35-80529C9D3934}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}\InprocServer32	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00006109C80090400100000000F01FEC\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B4132098-7A03-423D-9463-163CB07C151F}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Name.NameCtrl.1\CLSID	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.potm\ShellEx	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Visio.Stencil.11\shellex\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}	integrator.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A39E3994-98AA-3606-BCE7-D90E0BA144F8}	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9DCDA232-6504-4F31-A174-CEEE2EFE5F27}	msiexec.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4696	AnyDesk.exe
4816	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1680	mspaint.exe
1680	mspaint.exe
5496	chrome.exe
5496	chrome.exe
3888	AnyDesk.exe
3888	AnyDesk.exe
3888	AnyDesk.exe
3888	AnyDesk.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
4808	chrome.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2156	taskmgr.exe
4816	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: 33	4620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4620	AUDIODG.EXE
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe
Token: SeShutdownPrivilege	5496	chrome.exe
Token: SeCreatePagefilePrivilege	5496	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
5496	chrome.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
5496	chrome.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
4696	AnyDesk.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe
2156	taskmgr.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1680	mspaint.exe
1680	mspaint.exe
1680	mspaint.exe
1680	mspaint.exe
4884	AnyDesk.exe
4884	AnyDesk.exe
2956	OfficeClickToRun.exe
2956	OfficeClickToRun.exe
4480	integrator.exe
5272	OfficeClickToRun.exe
1616	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1680	2116	cmd.exe	83
PID 2116 wrote to memory of 1680	2116	cmd.exe	83
PID 5496 wrote to memory of 5984	5496	chrome.exe	110
PID 5496 wrote to memory of 5984	5496	chrome.exe	110
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 3520	5496	chrome.exe	111
PID 5496 wrote to memory of 5056	5496	chrome.exe	112
PID 5496 wrote to memory of 5056	5496	chrome.exe	112
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113
PID 5496 wrote to memory of 5184	5496	chrome.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-22 220626.png"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-22 220626.png"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc18a2cc40,0x7ffc18a2cc4c,0x7ffc18a2cc58
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2232,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4088,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4524,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5104,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3332,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3284,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3520,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5520,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6056,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6260,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4844,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6616,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  PID:2716
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1840
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3888
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --backend
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4884
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3496,i,8499638180850949232,9967759017929090967,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x298
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4620

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2156

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5672

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4816

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
1⤵
PID:2400

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
integrator.exe /U /Extension /Msi /License PRIDName=ProPlusRetail.16 PackageGUID="9AC08E99-230B-47e8-9721-4577B7F124EA" PackageRoot="C:\Program Files\Microsoft Office\root"
1⤵
- Event Triggered Execution: Image File Execution Options Injection
- Manipulates Digital Signatures
- Indicator Removal: Clear Persistence
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4480
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates"
  2⤵
  PID:572
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office Feature Updates Logon"
  2⤵
  PID:4924
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentLogOn2016"
  2⤵
  PID:5412
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\OfficeTelemetryAgentFallBack2016"
  2⤵
  PID:5828

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
PID:1032
- \??\c:\Windows\syswow64\MsiExec.exe
  c:\Windows\syswow64\MsiExec.exe -Embedding 3BAE66678ACA047DA6E836AB61B17C86 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5952
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1020
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4532
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5008
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2804
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
    3⤵
    PID:5836
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll"
    3⤵
    PID:5688
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5144
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5908
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1476
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:5268
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4628
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:2364
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2284
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:3644
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5868
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5560
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2748
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll"
    3⤵
    PID:1188
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5672
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:460
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
    3⤵
    PID:5360
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll"
    3⤵
    PID:5472
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3452
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5784
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:4548
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:4452
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1296
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:6000
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5124
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:5688
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4228
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:1712
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:944
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:3744
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3276
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:4464
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2800
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4288
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5500
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:3980
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3568
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2328
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2916
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4824
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2096
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4472
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5436
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2904
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1748
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:3472
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5836
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2668
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1988
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:2540
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5760
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5268
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3520
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5416
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2484
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll"
    3⤵
    PID:2792
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5868
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:936
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:384
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll"
    3⤵
    PID:3784
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1700
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Contract.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:2628
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
    3⤵
    PID:4824
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:4528
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3288
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4260
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2304
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:2212
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2872
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:3972
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4684
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2668
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3424
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll"
    3⤵
    PID:4456
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:940
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0, Version=9.0.0.00000000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:656
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:4032
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll"
    3⤵
    PID:1300
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3552
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll"
    3⤵
    PID:5336
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
    3⤵
    PID:3100
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll"
    3⤵
    PID:4372
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1976
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll"
    3⤵
    - Drops file in Windows directory
    PID:1320
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:460
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:3224
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll"
    3⤵
    PID:1348
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2072
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl.v10.0, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:1020
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:4548
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:4324
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1296
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.Hosting, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5448
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4820
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Applications.ServerDocument, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:2844
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4228
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.v4.0.Framework, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5760
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2200
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:5300
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2092
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:4988
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4144
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:3508
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2228
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:936
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:708
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2892
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3468
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Common.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:1280
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:4016
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Excel.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:3452
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6112
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Outlook.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:5056
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4400
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.Office.Tools.Word.Implementation, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:1304
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3716
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.ContainerControl, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:5432
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1772
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - Drops file in Windows directory
    PID:5832
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2924
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe uninstall "Microsoft.VisualStudio.Tools.Office.Runtime.Internal, Version=10.0.0.00000, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"
    3⤵
    PID:2540
- - \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4336
- - \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    PID:2544
- \??\c:\Windows\System32\MsiExec.exe
  c:\Windows\System32\MsiExec.exe -Embedding 3132B5D6AD7343F03455EE20E8B0DDF6 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:4244
- - C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe
    "C:\Program Files\Common Files\Microsoft Shared\Source Engine\ose.exe" -standalone:temp
    3⤵
    - Executes dropped EXE
    PID:2540
  - - C:\Windows\Temp\ose00000.exe
      "C:\Windows\Temp\ose00000.exe" -standalone
      4⤵
      Executes dropped EXE
      PID:2216
- - \??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
    "c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -PipelineRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\." -Rebuild
    3⤵
    - Drops file in System32 directory
    PID:4032
- - \??\c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe
    "c:\Windows\Microsoft.NET\Framework64\v3.5\addinutil.exe" -AddInRoot:"c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\." -Rebuild
    3⤵
    PID:644
- \??\c:\Windows\System32\MsiExec.exe
  c:\Windows\System32\MsiExec.exe -Embedding 090E12B7DF8A8F64C09F2832C911D38B E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:4924

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /standalonesystem
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5272
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates"
  2⤵
  PID:5752
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office Automatic Updates 2.0"
  2⤵
  PID:5124
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office Subscription Maintenance"
  2⤵
  PID:2096
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Office ClickToRun Service Monitor"
  2⤵
  PID:5404
- C:\Windows\system32\schtasks.exe
  schtasks.exe /Delete /F /tn "Microsoft\Office\Microsoft Office Touchless Attach Notification"
  2⤵
  PID:1000

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3935055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Indicator Removal

T1070

Clear Persistence

T1070.009

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e66741f.rbs

Filesize
2.6MB

MD5
4dc09689664e92dc588ea52d93d7345a

SHA1
6e1768b2c40db7eb1057ad77df47ff800ee999a3

SHA256
abb3dd011fa9b48e874b36b6f1f795e77109237821427837d941b3172c62098d

SHA512
d16e2f711ebb3823c12ec89ea489d6e323fd7ed27bac0a51d2289edc9208d6cca789f291aeae8f2a5cb5ffab166140d5ad352de05dd5fb59cf6d96942b81597f

Download Submit
C:\Config.Msi\e66744e.rbf

Filesize
446KB

MD5
745897fc2816625a0e5f1ac0f9af16a2

SHA1
cfa9d4dbd1a5bc728ed712cef8b3fadc903d111b

SHA256
5512cabd57b6e1fbd2b96c298d804a3795cd317f61e154aedb335f6c119eaf62

SHA512
7053e9c95b943a30006065a66830bfeb0f37dfb185fcc27019c205e3cea358a0f71ff8007cb6aa39bf61e3406e989ac8366226d83dea5e37c429a5242d1786d2

Download Submit
C:\Config.Msi\e66744f.rbf

Filesize
850B

MD5
485f3cd5a94355f8e6b0aa101abd9f04

SHA1
a91650f4f103fdf08c8c261cdb1746aca658229e

SHA256
ecb94457c6327a56138dee83fcd82e61352c45e7097309a2effc694e5e78d1e8

SHA512
31b1746d7491d4be907bfe966cecc43f9fac099f897f423cf0b85bef4846a325d209ab64408edfbbd110ca3d3d61644d0cd547e431ae6e6ccd5a74cd9dcaa794

Download Submit
C:\Config.Msi\e667450.rbf

Filesize
11KB

MD5
7e23e2abf1e03fd0d3c0ed71d3e67201

SHA1
77e9ff622eb2b07d4eb908146251d2061895fd47

SHA256
588aa09f39b70d191b92c2414217429a2fd21c4fb7c3f21fa1d57ece2f552209

SHA512
14496dcaaccd6b00b156d26691465f6fb85da94b04d0a804ad22a8f42d992ef201c4c92b87e2c9d6e5b80ffe53049ed8b44d67ec304bd604d18f6204590c7bb3

Download Submit
C:\Config.Msi\e667451.rbf

Filesize
850B

MD5
57626036538c8abbf5bc761c8ecbb274

SHA1
f3dc829a302cd7e268b566eff47b9c5b3badc33c

SHA256
aeb0afc185056f716552564e277ef8a6740a4e7f1600032153eebffae18b3ed2

SHA512
2d508dc1d441187d18502f3d470a27cc8a34af5b16a97db713a2c34801ad65eaf4e15e7b13fb216c11ef4ce505e438e4dd49c326e8217341735ecfbedbdcd330

Download Submit
C:\Config.Msi\e667452.rbf

Filesize
11KB

MD5
642d05fef3999b47e67a3b979395d87d

SHA1
0806dda798421528f8e61e81ac4aadd20cc101e7

SHA256
53bb64373a30ee2b7b2d2fca25f1d0047fee7d932f351d902041b3d5fad6016b

SHA512
7f362c47552e0e31c1361f5cd81c94a7e3b1755b4c336b36275a4f42b77ddc775ad5c46e5aed5659f10beef92f228d52882b1fc421bba093373df82f110e2b2e

Download Submit
C:\Config.Msi\e667453.rbf

Filesize
850B

MD5
fd580865ff5b65ffeead3da78f9d244b

SHA1
f26c08181b87d1a6979f97293413d25f6f2862e3

SHA256
5256b74f3447a7fdbaab2ebe6442160dd617fb10800fd0045895b280f603604a

SHA512
5c7dd9a96db711627e4e2f0bc57bc56a1ebd22d8063cc6b8d5d10ad86104b0aaef52fc17e84ebd07d902d345931aeb33e8ba1dfc334e8da251b538e5e8fb10bd

Download Submit
C:\Config.Msi\e667454.rbf

Filesize
11KB

MD5
1c213c5e8828353641cef6d74ee6838d

SHA1
6e16eb31f642327afbed7b8d4ca56e791b799cca

SHA256
a1cbfc3eca8b075ce204c629bf0cf36b0add593c8a28040018319e5e2533ffdd

SHA512
7b7a222c49a95cea34d8ea005302295572a9955a396bfb51e929a83fd351a67c55c4b8c1647eeb0d4d7bf5e9b0c9502d7f4f4e75970e5b004bb72b4c5c2abf43

Download Submit
C:\Config.Msi\e667455.rbf

Filesize
62KB

MD5
b4c6016286bdce7c51c3634999f2ea5e

SHA1
c446378afc6b12c372bf4dbf33efa61e9f7fbbda

SHA256
a8f8ab6c63c8d4471d158010f18cb24d4d2ccea495a160cdcef95a96183ffc6a

SHA512
a121b4df2348ef53413b82c69a66ad3654aaec7d40011dfa4968f9a6b9a5e1252089f39f4961f2305a678c227abc14bac88a3674ab960fc52f71f7c3776c928d

Download Submit
C:\Config.Msi\e667456.rbf

Filesize
880B

MD5
dcc6434e76ccc91fa6c35df0d0d6f5ce

SHA1
ed1d50016a7db340208145d988a82ce7c126cc94

SHA256
45526926c328fd96d9be162238b22694fc496d7a946c0e5a085b83257e7e25e8

SHA512
90e08c83dfc95cac80150ebda86085ed2dc86fbc1b2f1112de15638f548e2eb4fc954e3ecc17d828a1a6ed549acde8a1f8ded666865d46ef30eb026127c8b102

Download Submit
C:\Config.Msi\e667457.rbf

Filesize
11KB

MD5
2317370717a6bf28b9af805dc45ae5c4

SHA1
ae6876ee8672be7ef18ea64af2293e0d4bf8703a

SHA256
01cd704e1fb542c10b368985c57204b1f78f1d61b07ae6cb193b47aab12cf663

SHA512
5257384b0e7d49852786f81b03d5cbf4026705c1ddf0c533faac970d92cc9e7b9f3a954bde5eefda6c883bbaeb7feda50292245fed9fd1e5914a404d66357ec4

Download Submit
C:\Config.Msi\e667458.rbf

Filesize
880B

MD5
f35d405459f10fd3d1f52f6dd64252ca

SHA1
5f3bf4ab1c25ec54e79afe7f92390a624ae5cf14

SHA256
384f7c7d81020a72029972324ec6d8b84dbb3f342418c15e0833db02174416c7

SHA512
2bf358ed9e7c09f49280bffb7e200d93ecd3de99d0a842bdbb468b808383aa16f444ad8888f030d1bad5e00fd49c7c3d01a72a256c96aadcab04dba59fbe0a7e

Download Submit
C:\Config.Msi\e667459.rbf

Filesize
11KB

MD5
3e3b6511ef707e9d2344b320407ca1da

SHA1
af55e484ad47daeeaedc5efc0d301ed8d6a7be16

SHA256
8b8be00e22af7c415c0086e48c6ce86ec5d146c75a43829ead4a82d25b5ff636

SHA512
a14250cf607d8d3bde7b9f118bdebcda8deb1b4866042be3aa4d266fcc4734f47f2398c6635d4884d16935c58df6e3a64c68a6196e9892c0c6e2195904cedb30

Download Submit
C:\Config.Msi\e66745a.rbf

Filesize
880B

MD5
5fe646e5f52a6183027c87160b922e2b

SHA1
53123095d2ff679db51a55961e7efa6f3c2cd09f

SHA256
ff729c37c44b93705b3d7f3e07a35e1debb5deb6be7a00c0a82546d0fb88c0e0

SHA512
a8e7b4f06fd7a2f46d75ba2a43e924aec6d6e270a0ab7b6a3f6cb259d33f7ac78b00ecc6d6b39e8f0433dd35894972790c43d81c7177bfd72decff8a4a768ea7

Download Submit
C:\Config.Msi\e66745b.rbf

Filesize
11KB

MD5
9473054628d25757f804cc2584a931ac

SHA1
1ec0e971be84d5e980988c16e1dba3b5323e7ca9

SHA256
6c699e95e7a018673fe586f5b96ead5bff5861f22699049d72d92ecb53497a47

SHA512
668ac3365f98ea2c6ba58d13017dd4a2f8ae28dc4bd8e8d72ee6fcfc3a7b51bf0b3f658e8a95c6f5bd2015000f3a347ca417915d99ca4fb7f4a98271a27ad1ae

Download Submit
C:\Config.Msi\e66745c.rbf

Filesize
13KB

MD5
d80746b2f94a3a28e380735d4b8a9ea3

SHA1
adf85a8d951e2ef30100f88bd072d333839462ad

SHA256
45bdf89c40a35f2bb5e8a49a8fe3b67a9984adb4f65bc40ebf4e320c50194218

SHA512
cfc016d2f98385f407d660e276e31891939792d7de667dc8fe0faff37e38fa7f02b55526084682c75d474757c2dd790b714ac2fe1300f39f54fea61b4b3780d1

Download Submit
C:\Config.Msi\e66745d.rbf

Filesize
7.6MB

MD5
5440ee9cd44616d60cde57ebdb286e95

SHA1
bb7635d6911311b2f3a637a2e9d8446fd0698678

SHA256
e3ba35c5572761c20eb59e25b2332a0cdfb726c48963d40291d7f977531e47a3

SHA512
4600215bd9788b30aa5a5038d6749aa294ca0d6d0063335979d2f4acc29af09967a9160bfd8a2ae093f7fcb95c80fd51ce832cb639354360965d0202a044e1a0

Download Submit
C:\Config.Msi\e66745e.rbf

Filesize
4KB

MD5
aaa2e20588e154a10747bf1b31b55125

SHA1
03cf9f79b9cacda13aeb644a88180222240b6f0c

SHA256
fd12cbad7d1155b311d97dd5da05869200c50e7698ce997cb96004f18018ad2e

SHA512
29df908a09bfd551c50a3c64074c88814065b5b4cdc0d8a1fda5b1d01cb1f1597f2b71b343b59b9fe99ec7123fe48f9a83f93c0880275c19969523a8bd56dcaa

Download Submit
C:\Config.Msi\e66745f.rbf

Filesize
108KB

MD5
7ecb661f50f34a941a44dac7241f7d08

SHA1
772b0df3ad4a89a078cd4ff8e5f45115778d04a2

SHA256
e2386b60a73fa7c95a8968161fb1c84dd9143462b2880133778a3027f75730f2

SHA512
aa007a71da51b145a7fc702a0cd8930d43e03a884c331afb48de01e82e06c20d2a5325aaa893d03a25e5b670e9e0a03f002b55d9620202b6b48045e4a79b577b

Download Submit
C:\Config.Msi\e667460.rbf

Filesize
16KB

MD5
e1eeb7e26ab04075eecc7275239b20b3

SHA1
ba62b37d4233b88948fdc2ffed08f3c82e8627f1

SHA256
d6cdf961c6d2712fe1958815e51a30960d79fff1e97788b7741627dba972e8f7

SHA512
dd64909c983794c8ac6c33b74711a89b3b33e4429bb5a3a2a2b4e38f5d74902b1589a97014a35fbaf97b469fa57a11314c02d68e1db0934de5244308699fc262

Download Submit
C:\Config.Msi\e667461.rbf

Filesize
4KB

MD5
f8d11c60b70acd2ec9154ee676f615ba

SHA1
a869fc75f44438d9207511dc73bae976f558ba6e

SHA256
b342088c8a4403092703bf40062041265e12edd204aff4f6532226478a65cbb2

SHA512
c4c324e22ff7570c6d9a6fcd5ea3bfc4917a404110b3e202be847355c57c189096feb5c37c0a36c541f4a9d9e80bb1f1bc5db3f4146e515ba34468c5547ba907

Download Submit
C:\Config.Msi\e667462.rbf

Filesize
78KB

MD5
5f0934c524364c1e1a77db8ccb832c5e

SHA1
848eec26bf024a7c350bdb02d0e92116a4882b76

SHA256
82589b2d5ecae5ddcda39076a33180b6cddb7f54a0cffd4329087eb1f507bed6

SHA512
1ac672272b16a6bfd3977886fb773a21d8606a873478ff036a462728d18b59e9c68a08606e1f869b7e6606416b74c90c72ff9be33036371282564b0d3723a222

Download Submit
C:\Config.Msi\e667463.rbf

Filesize
908B

MD5
0ed609c8782c37c67a5ca7233f08d103

SHA1
c286345aae83608005c0e20aa000acdbfabbdac8

SHA256
10913008d1befd194fc4c96cf0ea20112e9e075974ff5420557141b7ffd5198f

SHA512
92d4547b36cf76823bd9658cc8476afa33f1b20425fae2bd05ea353b6d4de6929c5b72f10100aa1b11493c177df0526aefd1e7d3fabc10d848b88d9f0a382d9c

Download Submit
C:\Config.Msi\e667464.rbf

Filesize
11KB

MD5
524014d39a54d3908de59807c09cae3b

SHA1
cc166f76626f94cdbabd8095286a82a474af9f8e

SHA256
f259988c45f54338d57175fcf4fb9f895d484a4eb0c4b861a3abe885c263be66

SHA512
02bdff78beab753a58f46579e61ad4d2953475edb53b57f75ed4828ff04d9641f114357f11059ae28d82c1d28f7433a4eea7b7cc01c1fcf85bb5dc6d58261182

Download Submit
C:\Config.Msi\e667465.rbf

Filesize
908B

MD5
d2bc82e2f203cc4778ff312475a1d37a

SHA1
2da7e8f3e8e4189acf5624bead6b7b983af17e5e

SHA256
e34e79770b6a3a4ad1583c9a90ac12aa4348ad134366c0b0436f00162fa41734

SHA512
976b018f717e45136be48ee8b4ba2593f88e5ca3c6d14602621d2a394d13bbbd6e707ee3a611442caadc3f5f1ac1a8de87b0407da8178a74d25404cee3d9657b

Download Submit
C:\Config.Msi\e667466.rbf

Filesize
11KB

MD5
c1e58c73d935540d0673dffb303aca5b

SHA1
2a95a12c512a2aaf29587db1ec4271cb92846bed

SHA256
3d004ae76cdc99ece59a0dfb980182a727635459eefb4590d8e2c80ac3115b44

SHA512
471b7f432369940d1854dfe50a71e06df25550704efc4f83c60815bc017dc19f875e2ee3733a9750de4e79c6413db59e762df42777b945d0bc045893604b23c3

Download Submit
C:\Config.Msi\e667467.rbf

Filesize
224KB

MD5
fda48714f6a291e25a1a219e89d59d9b

SHA1
c1e8ddfc64995c0acc48623f30aadb1448bca62f

SHA256
be2885e897470da3778a661158dc21f32a4aada769996abda082cc4bb6030086

SHA512
8508ee381bfc5d2491fdd9b14603003264441222984762d14f06440afbc2cc88d80b95bdbbec4089127ec76402408a60b850e1f46ebb5bcda5aa3ef1b6ce70ab

Download Submit
C:\Config.Msi\e667468.rbf

Filesize
1.6MB

MD5
574d91266ee9fa03432cf50da30dd232

SHA1
b5c48a695fc376c174a79954a6d49280178eb4ae

SHA256
6f262bba82eed8a8d69fac44e491b99cca2d4cd448166291ce2186833e730a85

SHA512
f052ec088a703e50c893decd7f88c0af2b36251dfc70b08e513d55964d1be299f0d772d52e71bf0aeb9abb752eda156767b8be321320e1c60f78af285b33aeaa

Download Submit
C:\Config.Msi\e667469.rbf

Filesize
898B

MD5
846e77a9f3c6bb2ecf5518d470b2b908

SHA1
f16c73c5b7a4b0a596ab41472a246faffd9a9b01

SHA256
17a9b9222850ce3e6786cedd7c698aa145453b37cf8f03d676fbd89f70afa072

SHA512
d94115b82c4abb4570a821919458fb2f322d939928fba6f00fedf139f489f358004de4db3b58b4fce05afcaabf7fcfe9e51c3cb7d0f6f43bebc56c2094086941

Download Submit
C:\Config.Msi\e66746a.rbf

Filesize
11KB

MD5
224d8b3ed1cc4f5b32e295612f1c263d

SHA1
d84f00249e43dcf21d4e68c1b2b21efed5f3c267

SHA256
20e49d3119901517f055950021e922971cc65578c4ea2898593e29becafd2676

SHA512
87f9a1d17331e85a3df58fcd92e65a60f7b1a74eeac6c6707aea56fe7dde578f1b09798dc3f7a7c0a4b65696524793d7121b19d27902ecfc215a3233128dccd2

Download Submit
C:\Config.Msi\e66746b.rbf

Filesize
898B

MD5
ec5a78ba8d91e89c0d9b3683d0cfd5d8

SHA1
0db33de0721fda2e302c39b98f3987ddb9267850

SHA256
b3d09766f50b21e4b825d1ec7908cadc7fd74625b4757dc7952344797c72ac07

SHA512
c8ed1321211aa260ad8fa7314cc4036a743c0bc1ac06defc9d061edd4c3032f1e42c6cb06f2fa8836e66a0a4816a921961a5379b0e20ced8fd4f398085b125d9

Download Submit
C:\Config.Msi\e66746c.rbf

Filesize
11KB

MD5
7273fe5d0ce6473e646ba240e3fffc8e

SHA1
af11a7b48bde2b1046779147c84d3287a469639f

SHA256
d4e738f4e3d39e7001830f71b52836a20707d14269cba22f34f3fdf0436981dd

SHA512
9efc625c42ce99028297b23c78226264c851d74d84158c2221c2ff9faffd37248a3977461e9fc021e25b903bbc11ec475178157bf9fae9512bfe39eb98404a6b

Download Submit
C:\Config.Msi\e66746d.rbf

Filesize
898B

MD5
2408534b8cefaf5362700e8afedf070d

SHA1
f197be5f143eae025a5c40837b8432e89b8752a3

SHA256
e89e45dabc6a2422cd5f523d554d6314cf9ecec2238e26c6d8f63f040ed9b6c2

SHA512
94b78d6d0b597fe9b69d438f4ac3d0855ccc9c684a28070bb9e2cc44d171b5047b8c3da03406a05405c74ab56081dffbfe84478064b0b0884bfb6e415c3159fb

Download Submit
C:\Config.Msi\e66746e.rbf

Filesize
11KB

MD5
6d525c5be39dd69154fb0cf297fa9c1b

SHA1
48b89a8803b7020d7a0bc5dd760c261b2dbb87bf

SHA256
82a7761c6042176cf97947da1e910ce8a320fa7a17dadee2a115ac5f34cdc744

SHA512
0a0416c8a7f967ea869ffe2fe77535cdfc9211d78fbff89e58cac0a4cbc38ba182fb3e88f4de3d38c010f6222ba52f8f10e3f58b4d13e5c7438f9a81a8f871ef

Download Submit
C:\Config.Msi\e66746f.rbf

Filesize
366KB

MD5
d78266c35a0ed4bb6fb2f6683c8a6e68

SHA1
7ebda40cdb602b20323e6e7d24f28f25a931b11f

SHA256
c68b82408df6d0e6f7c7ca0a5e7d1c80af6cbec57788570bea58efff8053f306

SHA512
e60ae6b2cd22614be134d06ce823bc5d31d0aaf1f01dcc4fd0f6021bd307609e8d2f47ebf8490d3bc33f0b225303b63e44f09384bc3804494f595e876e673854

Download Submit
C:\Config.Msi\e667470.rbf

Filesize
146KB

MD5
e8013aaa8fea097b88d7021039154ed9

SHA1
4866c788df4739c011e62f3634989e8959832730

SHA256
a3334e83a418db4f304a621c2a498db48c0f8fe21f21282cc61e5ee9b80c1370

SHA512
8614a03a87b2c06d1d2e577def16deea927e010d0f269f37613b9b737edf72350a5457b22a82d96ffd6d02747bf70116be301f891a0b103214ea3a8263cce32d

Download Submit
C:\Config.Msi\e667471.rbf

Filesize
898B

MD5
4da7266720463186401b1ee9ae625e09

SHA1
040cf60bc1f52402d10e0b898e38b907dd9d9ba0

SHA256
2ec5d00d46355af4cd7d06a00745e726b87c329d090e0acc02f767e75c60601b

SHA512
da22f8e24f5d59232adf9e77914d65a82ec2bb1331a83f72c2d45f8e6e27de3bf113173ba56bcfa40e95851f105bfd941cf63392bd6d4fd4a9b1eba36087c091

Download Submit
C:\Config.Msi\e667472.rbf

Filesize
11KB

MD5
91d3ae6b71705330e73ca4159817ff4e

SHA1
a941037aa373a426e73dfb853526f150ce4457b0

SHA256
4d16c2bc77cc45c596dabbccf24e51b8d6b47c6582d540993856337d9c7dd6ea

SHA512
8866140622e9241bbc2a5f7f26f659b7d2dcae7890c6ad357f76afeb5b96e6b30914b2b223906cd1f2b29eea27e885e33774782cd2c3b688aa1da72ee61a56f5

Download Submit
C:\Config.Msi\e667473.rbf

Filesize
898B

MD5
de2943783e864e16eb161a507dedcd3c

SHA1
577774c71730c72d22a80e5d049073fc23f8023a

SHA256
6aa7490ae4134caf546322c9aafdf062082536e1b4c8ed063c8bb5f93cab8afe

SHA512
00abc7a380a864e808e2b0de3dfa5555b0bc691b0d8153bcf24935495b21722be21f9143edc67c7a0fe69f9e3d1e6ebb3fedd633efe439e6b58c1b5594c051ec

Download Submit
C:\Config.Msi\e667474.rbf

Filesize
11KB

MD5
da8a2cab1ddbd3fa6cfa43c0bff54348

SHA1
45268d28d4e628781f65f08612394ff7e0d38720

SHA256
a19e7736666470a6eda6d00473cba753deb0e8fb40d3311daf3c50676040e200

SHA512
18be388c509985137e34d4ccac72e60dd726f9c64b76e25988b7c91b3a306f1d15b21546face19ca087db02b0949306a554a889e3832a39c83f5f3686dbb5b10

Download Submit
C:\Config.Msi\e667475.rbf

Filesize
898B

MD5
5062f0598bc909a99bd21ff77d3421eb

SHA1
4917cf83d7e3ebac3fbf3e405c4dd633430cb98f

SHA256
e2e634f5552e5214c79cdc2a33672f2cefda7c73fb6d9c7b87916130a969c4b8

SHA512
ed1d812cdf867b963d0a9bebdb6d63698bb107409920ccdb770e197815f5d72b35cc8c1e3602d4b5c63adf06c0d9e125c5a5ad6eff2da22df373b06c7c88be2a

Download Submit
C:\Config.Msi\e667476.rbf

Filesize
11KB

MD5
4667b1d3fe384b97a94deb1553af2174

SHA1
e14902922748fffc1f65cb299b52c114887b761c

SHA256
705b42f6a55a4cecd347ba954089148572ba9fa033e5a08dba176b652488457d

SHA512
3f2db08d7fbf8f6042f7ff1001f20df3879402a25e7d3b8bb7270ad3be7216ac07a8ded7cd62568d6292bcf3828286105e1d9b87f21dc3e1764d0bc20985a8bb

Download Submit
C:\Config.Msi\e667477.rbf

Filesize
54KB

MD5
4f94bf5157da351f7d0089a0b72b1ad9

SHA1
c61d8fb8801a3362fcb8eb539003c996cd94e9fd

SHA256
257b042bbab38406cb720fb9b2275828b003c6be15933227ceac68e08b846412

SHA512
f75d0365f67ff6632c8d1a3745e8e8eab55b25a562841910320dfda967a5428a5afc469a211e90d7ac78930fd55e0597b11aaf15cec5e57c0f22c02da53881d5

Download Submit
C:\Config.Msi\e667478.rbf

Filesize
16KB

MD5
df0c6bb7965a3dfce5f0f158e9d5251f

SHA1
5250b2c7d557a71dc9fb0823fdc0cc94f0a81e35

SHA256
883e42e3319fa4c059623e4d5a937215ad2f2cb123e88aaec27955f258627c4f

SHA512
8b5f7cfb9d3d857b2396706cbcda445b9131abf79e84296ecbbffff0dc1588b19399b506e4e3110ac4782f60ddee081cd5243e598e0871738803512358efee04

Download Submit
C:\Config.Msi\e667479.rbf

Filesize
902B

MD5
0da2f7810a668012c630db3fa8230499

SHA1
9ca963ea4e3544609741308d71863bc86a0c0ceb

SHA256
4d997a3892a9fcee4bedb3f47b91f068d6ac823c5ee5f00d1887634e438f41c0

SHA512
57e214fa9ea204094bed5086d6542a32774b3f234edd93d6f9eb364cb7a0825b2056bf2a299c65f8395545fe7f5e21869525575dbfa3c0b35c796f8de6c543ee

Download Submit
C:\Config.Msi\e66747a.rbf

Filesize
11KB

MD5
15caac1ec79f05d8aa62aaeec6903e8d

SHA1
1990604b5491cc83a73f592d1e70b41be5a2d998

SHA256
e485f4d3468410e989c147c9abeef742c57650a794e0ff18c2902eb976d25cc2

SHA512
d418191828c8fca0a4d092d2101191fa5afdeff417cc4c9f1ba02795e3e4981a3ea3b0478c6abc00e284f95c5529a686411b90870569bfcbca15fba61372d402

Download Submit
C:\Config.Msi\e66747b.rbf

Filesize
390KB

MD5
2cf01239384af6de8b712278d7598e90

SHA1
613cb264d8628008809878154f6eb17f35031c04

SHA256
51a234186dd5e1087a7ecb79bb8538767bd4bf46c645e1a6e83f972de726e95e

SHA512
0e2dc0cf2d2925895af2e5fb918f0c171bcabc6dfb8c094dd63ff7df535f776ff2c3ab89038ca5bbff0f4c02d8474055adfe3609c70d97870c46504f7bb871e6

Download Submit
C:\Config.Msi\e66747c.rbf

Filesize
908B

MD5
a9762e02d260a34b79fdea198f3e82d6

SHA1
5023fc4a74ce1eb15893cf0f724e658c9c5236eb

SHA256
15cb74f02499b76c42faf72e6364392bfa997d0b2668016bec69dbd7d0571578

SHA512
61aba378b6a2533b9f67b4f46a2873fb08be4fe55c0de18785cd1720f4041aaf003ab0310a1d7415d8153508789ceaa82fd1b0731827f75aab41c5962c905502

Download Submit
C:\Config.Msi\e66747d.rbf

Filesize
11KB

MD5
af6ae18e360ffca6c0ceaeeebbf6d8d4

SHA1
0b4ee1121e9070e95147f6c1664f23a9c772ac7a

SHA256
9ae57781418fef37b51dcbeabd4e26dd82a35c3aa2c15917cb98656889d3c7f3

SHA512
eee57abce64bd9b1514a5a3a074948547725e78aba19e085b53d9e8156613a1ee30e60fef77429844ec4abd22ef02c45fe9f31aebff0eb7925e0a62e2b4efad0

Download Submit
C:\Config.Msi\e66747e.rbf

Filesize
908B

MD5
97cf058f86fa06f7e5893211dca28a42

SHA1
17bc3e8fdc48c24ca60d7b1ca10acdbfbd8b5e9f

SHA256
742530e55d505236eae91ac26a923b2efa8b454fc0b449ba43f1d6a28ac5b52e

SHA512
84df980720e846a8a3651d62f2639108818d18db139c6e0b41acb0ef4642312e11689bb6971ef778c1638d8d53430571eb8d560061e6e8c0cc13c1f40b35fcbb

Download Submit
C:\Config.Msi\e66747f.rbf

Filesize
11KB

MD5
6a5ee23e3d7b67dfc39ce1c085d8c654

SHA1
6f9c0d88df3df2cf86cc543822b2e6196e849b15

SHA256
b40f265fe31c5dec0943b2d910e997ca1840ee290912b814eeab333af71fbd48

SHA512
2d0cb3ada34426ec079933c96af4e3e67795cba52a6a78b520b7c7aa02a7e0eff53a33da206c7843df42a257474380b3014338c2063dc8848edbacbc6cadbbc9

Download Submit
C:\Config.Msi\e667480.rbf

Filesize
908B

MD5
9184814c35561939e4b0ad91788441f1

SHA1
a5281447d62fb3acb7915e757c68b6c29ae69adb

SHA256
788f42981bf0bf25f0899d9e3c19a0d6edea44f9c1f9eb616160de99b82e8d27

SHA512
cdd744fa29b63922cb112d645badfe59176bed7a5c2ec12e3e8d095ca2401588565f356aea4a1f40157434fd8d20edbcfc92febc4fc33e4a13a20abcd38ed199

Download Submit
C:\Config.Msi\e667481.rbf

Filesize
11KB

MD5
acfd9dff068c374658366e397a5695d4

SHA1
bbd33c62b022d3592e0c2a67144070ff4e2709a8

SHA256
a4d8b8a525271bfa836744b7705f0993ab454d9a153f81b3502cc62d9284dbfc

SHA512
b2ca941ee0d18bec576ba84e09403cd8dce41b9017134581f1a2e2babe25dff99e9f172a6e9764ca6c58d5ac679405883640e2b7bd108cc0308336098d9099ae

Download Submit
C:\Config.Msi\e667482.rbf

Filesize
19KB

MD5
f8354171db5fc4506cd0a0b9a3c9eaf6

SHA1
f155f11010d91896161a2818815a1dc32f183731

SHA256
6131d4341986952f7343eeb984544a17bb5f121e1b24ad572ae93d928f9179fe

SHA512
10aa970372b956ee7d018b4d5d8bd7faedaef20b83ada551e7a260730d5a642c9ea13548743ebd470f5ecbc7a08ddead828c41e229c96538d93d3f0ea7cea52b

Download Submit
C:\Config.Msi\e667483.rbf

Filesize
904B

MD5
967be7e7a5e3cfc4902a4dcd26eda18a

SHA1
f0b364113ccd380a256a3f6217b8795300d0fe30

SHA256
071549c2a67ba11cb90362c3a60b904e339c66d33add4e0fdaf348f17365695a

SHA512
db437ef46aae9b0f45bd21958397c163f2c55c85bda25215af041023c63531ae3e0b62fec62ba76b70c6a297b928fb7c8a79ce82463ade93d22a6501b756ccda

Download Submit
C:\Config.Msi\e667484.rbf

Filesize
11KB

MD5
e9e2502356902589e8b0b86314294f30

SHA1
44a972c0ccbd52ac6e21f2c0cc1dc81907b5e7dd

SHA256
c1fb9faa66ac74fd4094538d83afa96c8c3a5bf7f30ec302b7ed1ad1f4d99b25

SHA512
7e51bd97735028dd90e855d8e661e2aa8c9e859e2b4c02475d65ba67eab8cd99ce207795e9a6eb4b146483852bd90255feaabc7b50534a7efc43bbfdfdcc2849

Download Submit
C:\Config.Msi\e667485.rbf

Filesize
904B

MD5
8a138a7c5f6826e2adec47162589bdc7

SHA1
8ba9043cc728827655406126e46950e6a6bf35a1

SHA256
9d4041b781a2fe7e677cbbb210497abce1c6e566047fe4592d6b2bd182768c43

SHA512
beb99a0c999a2e2b3bee93c32246826608d74c95b4aa1e5993228dc5af9e1a775035f52bacbd488d7589f9821fe17df2652f94bc5b66297963fc3f6062b8e0fe

Download Submit
C:\Config.Msi\e667486.rbf

Filesize
11KB

MD5
aef35350473c3e263b6d8d4a76616b7d

SHA1
265bf8cadf460109a3a2d0d8e23b7b1eb18d7660

SHA256
fe61442089ed613075613d0db818e9f1c87907dd5c76dbfa67e93abf7f24e135

SHA512
b4f966b9c921364283a6dc42d8b44ec10e8d032089dc157c23ecfda55fbb16f86b9c02cbb22fa0eee51dc784ed83876c9b29ee9cb1cbe823e3b99bf08e46cd76

Download Submit
C:\Config.Msi\e667487.rbf

Filesize
904B

MD5
a5c7d3197e0ac097600d2901ed4f6e77

SHA1
a459c50978c7e377f1130d7779f4a2fa41d0033c

SHA256
8d0b449684a977a3d81b8fad0663a20555504e8609c987e84364a6e232b51356

SHA512
f9d662be82e96ff035c7aa938a9de7f47162bd4564575eed4aaa42ed4ef49ced0fa4a9b6b2b789b5655c3ac6787f7b3c8439d82962d9668c1d31e62a54a804bc

Download Submit
C:\Config.Msi\e667488.rbf

Filesize
11KB

MD5
8b1132f4e0387a233497141cf30b1edf

SHA1
2afb866bc5093b1281b2ad0fc4a29bc2cab035d5

SHA256
51063c0b520a9ab73aa3a0674c593c3c3de26fa9709175be085d2d8c456ab54f

SHA512
f528da8cd45823fadecf870a348f605e8fa199c6bb139c7930392cf638289c794ea15746cb0f4b9d918a1fcfae7c6578261e7c20fced854e9afa20974e252490

Download Submit
C:\Config.Msi\e667489.rbf

Filesize
918KB

MD5
be6f4fd7365dfa124d60114095380602

SHA1
66a41958ead9151d7e61d690f12006ca8a40df89

SHA256
66d6f247e3cae875c3c86dd16ea1aa3512663b8aa8626984007bf5343326bbaa

SHA512
e9f7d819714c905577a2603aa30cc72b87b7a66561c7cc6029dedf48de78fc3db580069602dedbc6b18496217da6b94bbe0c2734ba2dfa5f8b57b7fc6cbdb781

Download Submit
C:\Config.Msi\e66748a.rbf

Filesize
896B

MD5
070f18d93af687edf010efa343dcc983

SHA1
16858f9fd0d8ed788ec49460ca2b596c193d2af1

SHA256
89547b37ec7e20f96e1f1b9aeabbe86cac8a0372bf1520fbc2272eed16f8b4a0

SHA512
e7b9ca446b5ebf397e7c220e8a0f639ce20fb35a11010b641f6727ec1c9119093790d4f5521ebb28e8f6de4ed5c4c4f58a27355fb5d012ec949f0de3df5586de

Download Submit
C:\Config.Msi\e66748b.rbf

Filesize
11KB

MD5
a06591a7b689e5fe00f6755a180af130

SHA1
a581485fe2c6d9acf795e80c7d6b0f3a0e721584

SHA256
6555b4dd2c4e4164c8e00c06f6108a9c1dcdf141a5ca54bbe5675e08750f63b4

SHA512
bc0195276fa8c7937c7c39d567a7f41cc4ef92521836515c11ef5b422d68aa791b96fed829900e998435eb5b719c3a21e58c94534ec1fe4d637e39d43407e4ff

Download Submit
C:\Config.Msi\e66748c.rbf

Filesize
896B

MD5
9f8ecff52bd15cff2deeb91bd325e101

SHA1
c82a0eddc66f95f0bfe1fc984671837cf0b07a65

SHA256
aca44b663633d4785d4fca1ed45d2c1d58c994fd927374569b8b5bfcd7079170

SHA512
cf52103d480a589e88c909239dacf5add2467adf6f4ad52d89af16ffb9a5cb32d7e771fe005694d37189ab2ecac08cad9ca7cbcc7d971f17d384a959705f168c

Download Submit
C:\Config.Msi\e66748d.rbf

Filesize
11KB

MD5
90891a2ac9ef19d26ddfae3dcb69fadc

SHA1
14af0ba5b5b4ed5dd82685c7e50a544a5c5e7a98

SHA256
dde3ccb81cfcc3eb4cc65752fe14bf0c7ffc6814d55f7c9bca4d9ae638b30f6d

SHA512
4f97ab143a719bd614a63a3b34bb6ab6931eedf310e2e077c361fd63d2d579e126a3a419256834b021d86250114ecf4c0ef120c9fb267be9aea004b252c17a49

Download Submit
C:\Config.Msi\e66748e.rbf

Filesize
896B

MD5
f1e8d3b056eb17b33d6d23b5dd20eb56

SHA1
7556e1bf214dca70ffec24768f3c549ab4ab1886

SHA256
e709b2b5901d6987b46febd4f3d5ba50b94e4ae4e0a6bde09ec981509b72000c

SHA512
914b340a8c175dfed4cdb99bf071e14ab787481517009ad92680725368dd7b7667dfe2ffcfbaa871b2a9edad6b8566828133dccbd0a0c7fb90cbabe4f812da87

Download Submit
C:\Config.Msi\e66748f.rbf

Filesize
11KB

MD5
3fd311d5a5cab694d93c6de5ab39adc6

SHA1
2950e2cecaa45f46dcc443037c7a4db550533578

SHA256
4e5cd2074b70b073ff9010a22f6e469fc08c93f63e14c85de93377c2d0e97fe3

SHA512
fd884db714d134994c1ef742ee85d5002b07e29b8bf1db2120a4139198f162ad67b093be3f232eeff3e05976ad243ef691af69db86ebcc8e2d6f0400245c6a35

Download Submit
C:\Config.Msi\e667490.rbf

Filesize
44KB

MD5
bc959a160882b0de0583047b1b5b93a6

SHA1
78bda837a0fcc25623b54e95f3eff76c3bd79332

SHA256
b9ffa79403a9c57e5a36d6632bf8ebf8da0f6256c0b71fe4dba50390df17702e

SHA512
7cd370afe9903daf36543a2d57ffc869f2ab324fc4ef363119d4923eb3b6079485d6f1a0304b94b928aace18900d034d74ffa0d1cf8382301f6e22f4daf4f0cd

Download Submit
C:\Config.Msi\e667491.rbf

Filesize
41KB

MD5
91ceea551937cb5da627f33ef7995ee8

SHA1
4e7483605c4027381e4796345f0a0e6aa9342a5b

SHA256
4256104f1e0eb69836f00b38813ae62f79abed1724e0b07f8aca908e7bb74806

SHA512
2d720c8a331278707913fc064d7a0c2727ef13b3f8cd46aa4e4a2936aab2b1228d78c1662856739964a87a33c312be2d3f65170f38d65545f3a3184c0ad635f9

Download Submit
C:\Config.Msi\e667492.rbf

Filesize
76KB

MD5
7173d17aa9ff4cda07fbfff21a584a67

SHA1
37b04626e282aa6ae2a2dc96117dfc5b0b1f25cc

SHA256
972595aefda400197282647fa6d6e40b58ac15591443213682a87d1ac80cb867

SHA512
b583058ce0a7bac48042d63142342a430701f96bb8c8c0f00e2bdb168cf431e2f98a58bcb889623f6e6775195a9d4bae8f37686a48a2cd0034e426d6089a4167

Download Submit
C:\Config.Msi\e667493.rbf

Filesize
35KB

MD5
da7787ae5278031ef79441d29599dcff

SHA1
4e2a4c70035808dd8bffaeb6ded8fe2980566e0f

SHA256
06afbd06123031d3198a25ed0cbb7cfb08c1184cb58ecd7d12f42c235ebb5b39

SHA512
2c1ac894e778aea4515be33b9e894f89a527a5106734a8ea6d6693557aff8417a7f7b340834dd1d207e85e250e718c1d0365332e77ffece2f9e1e81b0082bd7e

Download Submit
C:\Config.Msi\e667494.rbf

Filesize
35KB

MD5
86a1d818b679edbe94ab51b963ba79a1

SHA1
2b9ee6b54aa2f709442e7e514335e2548c933318

SHA256
b36b011818770bafe044bd83826f38eb81093f529872a0b83e341f6863b3cfaa

SHA512
ee1ee27bc740b4e4e29a11f4a428b5ccf7ef545444db972b64a8f4b7884462b8c589b5911d7d33e3f2a7b0d97dcea0b5d610a99a00b04d8b3099e695f9acf5b9

Download Submit
C:\Config.Msi\e667495.rbf

Filesize
21KB

MD5
6083b2909a6c1ab52ce84da1b435e7cf

SHA1
e851ccddf1fcb0c2fd9cfb4a357f72633452f240

SHA256
0ef563502d57298ab0962de24692931a32327fc1338cbd80b6b0b2cab067c956

SHA512
53b8aad68d574e57f88fb3663b41455859b2c84ddbd152aa1f0973df15ad1ea1e72b57b54a0984ff8e4abbd1e4606833fb2e132d1d49d428f2e0ea4e7c4568f1

Download Submit
C:\Config.Msi\e667496.rbf

Filesize
24KB

MD5
d87310699e3baac5ecc0f64673fe3485

SHA1
34460b0eb74977b98d9d3e683d5ffa2aec11059c

SHA256
4f9a3c48edbef17a0984c473d0d100e5541a26a92ed4ca3b336974c5eaabb4eb

SHA512
096196d3ff876b7cc5173e0d30125174e6fd1bb60432aa9cf64c3b22fd5ed2fa5a8bf35824e5840ab248b1015907eea0eddd964b4191f52454b03edf583e0b38

Download Submit
C:\Config.Msi\e667497.rbf

Filesize
280KB

MD5
a3ae8e892e025e479978fb07fb449784

SHA1
71a1641ffb0da859af5e355c5bf4a9bcf1746e74

SHA256
a991c7d6fd80ce581f8bbeb7268032f06c9434cfa67298b0669c84d38be6535b

SHA512
e39d58dc26f8710006fefb51cfe1adb34c8886b6b281a8ea3d87a89c116e255d39c028cc42fce05a8ed61dc0a7c602e344e6c0957bc4156f9a76677687591a54

Download Submit
C:\Config.Msi\e667498.rbf

Filesize
108KB

MD5
1c8e5ef9f86430fbda800e45c0a89aa5

SHA1
4e18ee249a208dbf7d7b52d412fa0d402fd3ff2a

SHA256
6e18c01cb3fd1b795c062a00d2921e8e0eee8efd89fa77d50c5e16f2b7ce74b6

SHA512
721f29dfd9beed272cbe213eadaba62aa1e1979828b23a226cb05eec536ac495eb33a01da05de82a23113a6d0ad4012032f453339499db3816abfecdecf19b66

Download Submit
C:\Config.Msi\e667499.rbf

Filesize
152KB

MD5
6742f826c21773c933fc2a68ceecb99b

SHA1
dc689d3fb31e7cab6a33cd2192d6114542173514

SHA256
a203989e4399f9443a8848486292dcf04d7c7180dc7d1b4af07030cb0532e036

SHA512
4138836bf9561104facb88c175d9a1d29863110b7e0108149cc0ff32edddbd30ee1b0ba4b7ee8137ffe36c973aa2901f7c23a3dafc79a26b09a64a8b95b6db9a

Download Submit
C:\Config.Msi\e66749a.rbf

Filesize
140KB

MD5
cad14a2ced4a556139097c1f716eae70

SHA1
9552115b645c17165bacc2231725b3f8073105a3

SHA256
35cd20b4567788e3229be61becd6ea1eb115a2b81bfacf3d65d81d0003ecb96a

SHA512
df629a07c217880f174d52772090d49a5e88b73c0df45fccb714cd6ac4c01612e0aa755a1a0b9ba6c2a7a6701e6e94653e71a54c97a1076b7a5bde99d7f0c331

Download Submit
C:\Config.Msi\e66749b.rbf

Filesize
189KB

MD5
1f50737bb92b1f71b15824a0f113d3f9

SHA1
4d78793ea921986d011a024b91ac59d6c02de6e0

SHA256
f48f267a6e081809bd5ae607aa649529849a6541ca303a5653f6515d865a6b57

SHA512
89e6be6df11dd02896382a7cc9ee41ce74d5bbf845722531ff9a26fd2cb1a016925ea7d4948a4a652c079dafd084538b9b74c4a5dc0bfdd3cb2f0293796481f4

Download Submit
C:\Config.Msi\e66749c.rbf

Filesize
76KB

MD5
d68368708be2b6dac797743e23dbf655

SHA1
e843b858d72359ecf6fcdfca328ed19a7f23210b

SHA256
dff2dd57e4892ce613b160c935e2d0215d3357edb7791ceaaf880b5995c98361

SHA512
2542ce485c0c630b09be44a4faa841a3ebf2e1b7bd794e0b3fda4e866d97361b014eb3895c70c6b7acee4e29dcfd46b76697a1602666d1febf9cfa62988ea86e

Download Submit
C:\Config.Msi\e66749d.rbf

Filesize
428KB

MD5
9e877ffed2e2c9a013c59581f88786b5

SHA1
d3bbb3e2c36520ec267463916d3356bf4fcd8037

SHA256
13f36534cf603cd722ac9078e51930cba190395d23d6688b65a8c788262759e5

SHA512
5b4ff6de141bf2dc321dfa05fe8c93f64ca91eae6b41041264736c3c6db9d0520c135103873c5f32a47c742fb51317b3303e7656cd259331113f9b876ad17613

Download Submit
C:\Config.Msi\e66749e.rbf

Filesize
292KB

MD5
bc9a83d77cae33f9eb9bd538ab65b2a1

SHA1
363fe5bb344cf1843d5f7eb2b0a725ac491ad6d8

SHA256
d0b2520c660959e388b3b24b1ebb7a6eca25dde878b0c0ce798657ae422a9c3c

SHA512
37ac66723c5bb78e45df3ae7175b497353343aec2eb5412213e3c6a1f3558e9cd68479728644643faac97c34ec3f3c43b7d01bb36b1e406613cb46ae4cef1c57

Download Submit
C:\Config.Msi\e66749f.rbf

Filesize
128KB

MD5
c7fc5f01de9577403a1ea8aafad79e72

SHA1
6422fa355184394ace02c0ba88e5b8af3db7fa6c

SHA256
c778577e39211753844d5fcd2267464c043cea271c1477e866d40c9cbdbe49ef

SHA512
b7af7af4aa1dbe92000722bad422af6d54c842af065427e1cf82f61b1a0f82e71f2a2c9b4b12d1642205dc54ca23ecd4ac61c8015076389907914b0cecd04e87

Download Submit
C:\Config.Msi\e6674a0.rbf

Filesize
92KB

MD5
535d9d8441e0e22aa3f407c7197f8a0f

SHA1
ec6d047e975c107a7ecdf78bf352a5a68f53392f

SHA256
6e6afa2d6e7c46b9c64406efaf23bfdd3f7fd7a25cb757580f70730f4096ddb5

SHA512
f5e051ef6af191d86797a55dcd114ae920f8a285191f3f09c3493497d381f9ec70921d712c93280b3c8e82fefa77c040cf51e8af3a1e52b040a7fd442d9ee95e

Download Submit
C:\Config.Msi\e6674a1.rbf

Filesize
356KB

MD5
5e1a793d9615d4d9e153ee416abc83ad

SHA1
27d231f4d1e2b473f9695daa21b22804db779826

SHA256
8186f5e641a5b0770b635814b5cec2a5dff43158918bc1174edb328194b27090

SHA512
f54e786f2fab5324ce87be1d84ae69f63afa4ff5399e00248451375d2a56b5a0d30c74b27e5fd56b06976ec62688b09dfa39c4a1a02d47c3aa92da21b5e95876

Download Submit
C:\Config.Msi\e6674a2.rbf

Filesize
352KB

MD5
03898441f5d9a8809c04fe746fd498b3

SHA1
35cfba8e3600bd0a3389e96dd56ecd8efbf5ffc6

SHA256
8da3b816828229f66334565432f12973529f0d594b685c919b753cf2f692b296

SHA512
dc2c0f6c8d4985770535962ad31e55c13abe248363c12cf55a14bf1fe9dbbb78a2c91eefd9a4711beb53606202b1c2d5648971339c4edb9a61dd271b61416b12

Download Submit
C:\Config.Msi\e6674a3.rbf

Filesize
82KB

MD5
f148286b321ed09c2d17e9e3637c807b

SHA1
b0928429f52028b512dad9c7e0996ee7ade315d3

SHA256
33fc291a41f38880549e72b23ec4598cb7404259a93775f59bf2be17f798a69a

SHA512
d175430df339ae9b0f46d00aac752697f95ced9f7407b2d15505645bce313536c065ccfe2260787d4f387ad548f02a94457e662c32174f36ee97a76fa8e59f0b

Download Submit
C:\Config.Msi\e6674a4.rbf

Filesize
41KB

MD5
e3c8239a97601bb203b9e9037eed89c2

SHA1
75f0e5f417477d4c491e8ad81f498faf761618a1

SHA256
27864727360196540664a55e1808db79f07303949156f843f0520106ebe047db

SHA512
71304187ca95a404d6d175d40be1dcf40d1744c644412e702a25fe7e9745977e3f826d7a9ba1f694c3da4382e8f97fcf41ec8dfdf40240dabee932619e26e7f2

Download Submit
C:\Config.Msi\e6674a5.rbf

Filesize
76KB

MD5
219c69df0c23fdaf84e4c9ea2835a628

SHA1
d3b091bfcaa8506d299cb1d7453fdce7fb27dafe

SHA256
e9cb0016e439bab9d34038b15798cd9261640dec8c577a0035314de5d7892457

SHA512
e209df73a2dccfbc349657925ba9760dc2ea9b52e696f5159bbf3c729e768ebf43a1e6e86a28bf6b023dfc78fd217f03648513479956bfffcd4da04d1cadf8e8

Download Submit
C:\Config.Msi\e6674a6.rbf

Filesize
80KB

MD5
75e8bc00ad7da1e7628f146dc33cc83a

SHA1
b140b32eeb3cb2223efc7c92346e3c4ecf65eb7e

SHA256
5a35e93da45d610cebbdc4980e7a33b3d094039a49823561c8a3fb87e88f747d

SHA512
b80522f835414b493c97715823902443088bd33c7e54a5fda665d73de7899df5e59c44aafdde33ffc9d71dc7c48036cee050dfdd87a24c29a9fff8ac1253acd3

Download Submit
C:\Config.Msi\e6674a7.rbf

Filesize
48KB

MD5
775dac5f81248b14182c82013672c42e

SHA1
cef7bba712b25da04f60f597cb614c7e4b87f24e

SHA256
e95e6d348912c8bec21b006ba6ef77e52fe74287debea2864180c0511e68766f

SHA512
2d99dd61a4ede26a11e6f4c3569732c47911605543e7a72b0298ad25e0a573ba884bdd5719cb8b7cfae43b25f41ccb764c8a233d978346bd49bee1104e7cc97c

Download Submit
C:\Config.Msi\e6674a8.rbf

Filesize
24KB

MD5
2a9b706d83be29f32a28f29be397e533

SHA1
31135de80dd7b7c4a27516806fbbb13d871548d9

SHA256
db47a4a99dc0cb5f558891ff552f75053122d04f4e4a2ff6165734cd456a0236

SHA512
cee9cf2576729b34f1352f63d9684695bd491586d31d3b3e81b11f2136b3843d513dbf59280b5aaa63b1cf085f0840040abcdd9d3d72dc15103987b2ad812e64

Download Submit
C:\Config.Msi\e6674a9.rbf

Filesize
36KB

MD5
bd3e2c28c647533a057b5cdf8bff2c5f

SHA1
d36c80e460c5dde615ab1c268bd89309225ecb82

SHA256
f2742a96cb0a290ab71e316c086db449e6262a4614c70956f69165df8f9a0d3b

SHA512
14aba74084828f9710a1880d8ab55d7c76532d90ef6c9b8b5aa4cf7c67cbae1892b909b35e9239afba181a09f5bb59bf2607862d16330cae09fdcee0248a18cc

Download Submit
C:\Config.Msi\e6674aa.rbf

Filesize
52KB

MD5
63a1e9cde10490008ba7ef47a12179d1

SHA1
5299af182b7cf08f95fcb3815149d7c54e73187d

SHA256
9b151503214ef428ece37af31d3d8345f1dc27fd26d17b59c52b718e8fd08bc4

SHA512
dc4074fd0614212d54dad0370bb99d53dbf9078cd3d4981d96f5ecebe36c82df0406cb2c232d07a1928a1ddddef74d832db3e7f479d5d3c1292481143c382efe

Download Submit
C:\Config.Msi\e6674ab.rbf

Filesize
36KB

MD5
7a016cec8851a57b2f0376ae6d1fc837

SHA1
f161f9d8d7b073c1f17f55719c37124969bd7d2a

SHA256
19e5e00b55a8b1fc36c33d0d4bd0fba24a03a0959e91f3ab59acb353fed9677b

SHA512
f646fcd298b7a5d7b451219544ede8dc7e09aa3ea6f9a4256d336373d63b475281020ac70e5e08024e2dd8b8c886ff8607ae3139ada650eb8a6293aa0a141456

Download Submit
C:\Config.Msi\e6674ac.rbf

Filesize
64KB

MD5
4d4774a30da56119888490cdf3157b09

SHA1
360221725daa9b7a14460fe6939d54b2173fb8d1

SHA256
0ee427eaedbcd82bd07674c9793435443c5b1c0780092909cf791198f0ad85e7

SHA512
eca13baee14a633c3a193df85c28eb797c18063977cea410d6ca41d0aca87379d04e6d2850a032ae5264e536863186e96eb9dc8baf1440517d69e33d4de73130

Download Submit
C:\Config.Msi\e6674ad.rbf

Filesize
62KB

MD5
9002a577c07ab2b99979435cd8b67acd

SHA1
5b3c6231c113b726ddd55fd8a8e3ae84b1526820

SHA256
c323b9ebba3aabb01111f281f604ec0555c6030134ca18422ac7f6c73721d9c1

SHA512
f4e066679e9c34cb44cb459ba178fd43ef2e600f94f86ded21af1583f182050178a57271f2a15967c2caa87fb6eea1f5409edcb87b95775245db45af6506bb47

Download Submit
C:\Config.Msi\e6674ae.rbf

Filesize
61KB

MD5
218e31b07c6e07633a84f0248730e220

SHA1
47ee36529b741f3d52c487e6dad151f516c2eb5a

SHA256
241e01940f6f128aecc75d21f148468eccc2d368883f0f5a869fb7f58f57e5ec

SHA512
e0481b2a424da192bd9ae9728a89f7c1496e887f198150016ed262b924b1634b414613bb80b969effadb3e34a108992768102f48da7a41ea87b9f2a459a2ddd0

Download Submit
C:\Config.Msi\e6674af.rbf

Filesize
81KB

MD5
93030b5af327ece3ddc3518410e1af59

SHA1
4be27729a906169d2afcf025e10f308fce35056c

SHA256
ea82d8bd8289e5892cad2443c1d586c0a311ddee52a8fda0f75072ef2317b650

SHA512
247e2d5e63e6bb12dd826e452ce7a1e086152a170e7f15c0d7794a1588838c2b6dd4038f07dac42844356795b72b5aa357e01039e419c6c5d90b05ebfd74da4d

Download Submit
C:\Config.Msi\e6674b0.rbf

Filesize
200KB

MD5
c30dfa5fbf9f2e6d18ceb7108923fdfc

SHA1
523c4b9043cd6d722c01215f64173b9287623d76

SHA256
ec383c0455491bdcab4a1e8692359543d96f82ad73602c171734ae8ce45449e8

SHA512
075b726d3e37d9ba15db1aaca781502aff97b90dc6a80c4e1be20368dd1c9df13160b9d8bce09bfe467b406f7d0b698c6ace6aee5b0bf4149e4508d9ed74cab2

Download Submit
C:\Config.Msi\e6674b1.rbf

Filesize
197KB

MD5
fca2f9f00de26d0b5af4881836d6337a

SHA1
b11dcad7c00c2c85354b131c796ae34bbbefdb38

SHA256
19e6ec40e9a239b3b208eb3f7874a76e12adbfc8b865f43452296df66a14e501

SHA512
7fae923c2a9c604991b172ac91e7e9e4298c01391940f23a190eb4bd3920c97af2476f1a4730cac350ddbd8956806e98870b46137b1711b224a6174c441af738

Download Submit
C:\Config.Msi\e6674b2.rbf

Filesize
27KB

MD5
aa8ef0154efa83de1c2786ab1cb76f37

SHA1
5e4fcdf55c34538dfdda172a985731019f74898f

SHA256
db7364a16090f58ce23aeb0426b005b1d1a965307d7d4de117a553c190ba5d57

SHA512
17d3c193a516bf56ee6a28ef708b01c618d5a159d7c389be6f54579638e3d9c0a9a3add7dc6e19c6f0b63b235c53bbc186d92e77c60ddc297e2df8c612332bbd

Download Submit
C:\Config.Msi\e6674b3.rbf

Filesize
15KB

MD5
62faa6fe395c5810fe4fceffcba62966

SHA1
ed830d3d1156c3a5ea6502148f4347af0c4a8051

SHA256
1db349e42e9c57afdefc29f18886a98290099b74210cb396ac5485247bcee099

SHA512
4e876c4afdce30b29275eda6ecbb14aaf56bdaef4a1951e6ad09bbe2af5a37667d18f4358c895843010336f467e0bac3a7f8449a907011124d4e374c7b0c1e54

Download Submit
C:\Config.Msi\e6674b4.rbf

Filesize
90KB

MD5
facce237d5cc5e89d8e92a36289f588b

SHA1
5b91fe97781b107df2754a5d38807a597f1d99a2

SHA256
ed9b46fd9f3275639988cb71eccb7c3f31b48282ed78e4abc9ae303cab219bf9

SHA512
f0363e0c7414157dabf929fa9c4b49b74d86a0997481b48d29ec3f0708221d9fc4954f4ba93f4299e9ef0c31d38dd8a691b908cc6557864c1a4baf3f448286f0

Download Submit
C:\Config.Msi\e6674b5.rbf

Filesize
168KB

MD5
d2d2a9e08ad2df5d73ca0aa0797cd96a

SHA1
f6050bc38d27c805daa078383506b93c5dd854c7

SHA256
1246532e2e335750fcdeb3c801f98eaca1ac6579d1bdcae1c5ca89f8b24fd879

SHA512
197385ac8d349674675fb411cbd246b53b0860f8cbd47b79f6f05ebefda4563e75285cac2bef45ceb12cdfcd4b4d42c47050767608f96eaebc7111dbdbead1de

Download Submit
C:\Config.Msi\e6674b6.rbf

Filesize
55KB

MD5
158f96bd130a9f3a1f7e91dc611e8b7d

SHA1
207264f61e8d8cd77c7dd82e7c8c38927bcdef85

SHA256
89885cd48e706c533aeff66d45cfee67561db4708bef31367a546f685f30eb55

SHA512
6ae9e17dddd7ae166fd195d202d73904bf6482d727f0a9d5cc01454d4a58f9da027acc9591dcfacafa039379bf151cb385ca4208ea70baf069516ff98fd31d4a

Download Submit
C:\Config.Msi\e6674b7.rbf

Filesize
139KB

MD5
32f2ac5f45b93b733cab1865affd588d

SHA1
5062e6d2a8c1e06e19c9f0b29164915286ece618

SHA256
38f422c1c5751cf6796c44fec1c478a2a5379ddb6f3512004f1fcedad3b35cd5

SHA512
8384c6aef7c32ac0f10aad8490d82b1553c3d194dd3f7821bbe2c75eb50a6e5ece195be6c09615f273d3d4935163c15d1c83e7bc4ef45fd1113a9f0641ae0bf1

Download Submit
C:\Config.Msi\e6674b8.rbf

Filesize
351KB

MD5
18a9dd94b5112ea94f3fc9fc22ff8409

SHA1
97a0b82343ef1599e517946a2c3c259b61e53ca7

SHA256
55758341c4094ac4cbf26712f45f1ed17fc1f570197538ac2267bd896a9f854e

SHA512
7bac448be18324efd337c7cffbae2c6db763d9d7450e70dd33b214981266008b7e4d0a895c7fd214d908b3eecb9a7a0ac0aba1d57c9e1fdcee3f9e72c39de3f6

Download Submit
C:\Config.Msi\e6674b9.rbf

Filesize
456KB

MD5
54c12705dc6a32282762bbc4252e2b9b

SHA1
2d1fd38b5f3db7c7f0d7baee446a00099a506d50

SHA256
a5a600ca8a60a0af629047ef8b227feba5221c5697f820da69e274f40869a6cc

SHA512
c4d96a8d8064ef917ddb98532360a8bf318535b310f908a384c0ca140ed058f5f3f24f34c3992da4399386f546381cbb1eef5432b3ff2b7c19e0491dec8d4aaf

Download Submit
C:\Config.Msi\e6674ba.rbf

Filesize
137KB

MD5
9f735917c0bba0f42b40e719047eefd5

SHA1
d8c1ef036b9d841db86ffc76d9150064ee836cce

SHA256
7acd536b7e7fbbf4578ce24aa39740279e7ffb7477bb77f6a2c7afbc12f16c83

SHA512
65522b77519efd6d43f17848ecf65d4bfed8f07d9f4212dce7f6c905650b4107396e7067c62802c7c953b02f78e924560c8ff151e195c0cab37606be69270a3e

Download Submit
C:\Config.Msi\e6674bb.rbf

Filesize
334KB

MD5
4b15c6de8b0cbeb6d4d7d6e14b9ca7fa

SHA1
af3b589712be828302778a6e248ebd659fcdabfe

SHA256
7150db5b3af392a250b79f1078c87848a08b6c13448943d5a0478c2d37645b85

SHA512
1f68f55cb4c32d0abf929b3382d9b773369f376853912829299c6386648c39807c6242eba037bb3988ebecd0e8b7197c91583243154c569bef1f70d0d958c491

Download Submit
C:\Config.Msi\e6674bc.rbf

Filesize
75KB

MD5
683fc126a13b915b3ff36735ea5ca5fc

SHA1
d1ccfdf78919f51b09fbde02c2cf0f332601bd74

SHA256
b8361411d7b7b0094669b0f74ce8afb488cfad61e2c26f76473db9ddae702929

SHA512
4d88cbe5c42815940595b1c7d466ec84a9e753977fa234591c0b14d2d826423c5bef13aaf93e4f3637a669c56e040da53529dbc31339f18b0587b0c1270c14d9

Download Submit
C:\Config.Msi\e6674bd.rbf

Filesize
389KB

MD5
1a063e60707636e76e61ad9784bb1eea

SHA1
baf498bac402a29b1330fcd20cfbacbc5d245cf7

SHA256
878566ee8a41806ee9b9c4cf590e1953881dde2127616a647fa31940a5096cc5

SHA512
39e2bcd04f4ee4e6280b7723a628acfbceef254fbea62833a34d7f4cba566c9556bfcfe2424ada027112a8b722da8349331ca416d00d0e3d6afbec96e3d91a65

Download Submit
C:\Config.Msi\e6674be.rbf

Filesize
131KB

MD5
d8a76dfe6188e600bd7a8480dcedcbdb

SHA1
40080e226be118c2a0a8f9dd70879467ec09f198

SHA256
a1254966826e2849b1ba2d630e93ca7b75105c8d3acd9be795d625edf835ac0a

SHA512
9a01c3290be7d309e23a6048731c541cd0c602669ace34779e1e69c29da154b378edf0cacfe92354996e293bad205c1bfaf6a003840cf53216100cd39bf6dd76

Download Submit
C:\Config.Msi\e6674c1.rbs

Filesize
7KB

MD5
f24ae32a47d78cd2a6c552ea8a6f0c8d

SHA1
3663f65fc48a890465841b847994faad574e2bc7

SHA256
673ffefed05694fa5023dbe62d0784dfc76960b95697a10adadbce1b6348d546

SHA512
fc7c539df9bd0abe9568a19cd81445408d6a7f14a517f9fd88ac9ea60896ecaae536de9b218d2972fae53bfd026b7c2804a0799c1c1c385741517656d1eb811f

Download Submit
C:\Config.Msi\e6674c5.rbs

Filesize
34KB

MD5
254287c2eb7a2ae72b00e0739b752b81

SHA1
96c1397462247386ea55a629457e4262bb7badcd

SHA256
1d62f824cef00c9ec427a38a1625b1579149ef73adc0819f6a9daccd951dde05

SHA512
f1ae1fbb3e2cebf9e6f96ea7bb5ad45a2fe17ffaec91a3278d1df2cdb90919e64ba41232fe57a6b22e989b040699a78f5e32bac261bc1a631ef5006ccaa7ca43

Download Submit
C:\Config.Msi\e6674d9.rbf

Filesize
3B

MD5
21438ef4b9ad4fc266b6129a2f60de29

SHA1
5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

SHA256
13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

SHA512
37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\nslist.hxl

Filesize
816B

MD5
05ea4d7d3fcfc5ed4b76b0c3e1c7cda0

SHA1
bb2dafd5cf78979a83e31cfe85055104dff5e01a

SHA256
2a2c3bfac69ed00267b3bf1f78752b0207a11fb721634ef209b387dc01495cbc

SHA512
a5c159ff09f5f2f426eff2981802ad860c918cae21630f9b946391e5baf9e8ec8c806e5dca85f41ebf7d8a36cb405803903f8222f88893d5f2556dfaf37f72c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
21a112d170cbb8db36292aacfbc7f6de

SHA1
4eb9cc5c598108abd45aeefef3e0644dacb1ed0f

SHA256
0b6d8eef385f7c83ab125322f751c23212ba20ead32b05e35d6b83f644d318e8

SHA512
051656b2554f6a3fc74e069f21c7793e8d81e345d7cdcd88f1fc216f3ef99c969236b9b7295e207d2a712221d810964fcd94972df0a2e577892ba7cbb8a03203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6015681b1d8064f9213661e15337b470

SHA1
e286243e55474e6c9c43743f2db55d82e916bde5

SHA256
be0d284dd8d1c3912a8fa1599b91b5a8b98b2d6194bb381614e790f8e7021ae4

SHA512
faf5a6d7657d09b24eedc2b546aa86776706e383278b7f74682a7ff8b0bcb18d4a0152917eb615571d58f3c4808e4d6f83de925a97c917eee0e904c105ce78b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
54091181fb208a9091b1681f42e026c5

SHA1
6de2c1450595757cffc44f3d792864c3d26ba060

SHA256
78cd1c1c686dffb95b465b32fa27efb617e77288f7bcc00ddee110903dd796ec

SHA512
7a5e33fdd5f27815e007e0afbb80840237c5b5b45cbd1b5a2e90c5a905de3d13d8c969fdac742e402ca8edaed4e69790453eb4b10ab85147b49fe214e9cb2651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8eddc66985b45d137f9a3488ea8a6a7c

SHA1
0cdc13ced9aca51f7f02cd814083f72e3afb2c19

SHA256
20b762588008d95b6a540b9ceaa6506849f89e217b41fde12e8f8b2ce5c750a9

SHA512
0fb3b9515559e3e35c4f08918b85025d2055597a324691304478c86a64e0688598448bda197185bb11e34b2010c14f3bddbb515be22dc16a69d5898bbe6a2c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
53c06b9a2371f0320c79397cc0d84ad6

SHA1
cc7a8a7b273f55b650368fcd17e9d5164e6ae7d5

SHA256
4e259bcf6d6125b184029834bcc1f03511ddfbf7e6aa63f0772aaf266b14ddb1

SHA512
83a5431baffe2c73eec3702f4076c3a014763b1c0976683da44c4f2e14e8084e9262770cc0820f6180e27c4b017881fb8e59a1c0634d895836c5c17e0edbee43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8642317e146a85e7da679d53bbf700dc

SHA1
6c9cb832dd4cb9706018c3dd04ddd4eac7c18f7a

SHA256
d89a3d95d0ffdc7003c815395631b5968e89e1291c2efe933893d3b9d0cc2282

SHA512
cfb40f35ac377f435194d462d00781fb6c789e6428566dfab32fe02dcd1494516f3581ac7722e81cfa94b6211e4ed910d9d84a43760f447057dc0ac964a16a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6b93e19cc2ef0a0e70b84ea8b49900e0

SHA1
40fdca385f4091d3c591064bd7d3a14d29c2de13

SHA256
02d5908ae70037eb1a557537fdd9f116d25231d450da14abf521d3595ac39289

SHA512
5fdfa7c84cfec01ea8491f8dd9846d77a5ee13dc81f53a9a78872a1206e2d5ed6065ca9f55aa24ef93346a80dbbb360b22a7c13f9c8fac6d69977751868f5d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
797ae59411801ddee03b72f7f31e1a3f

SHA1
7c159447ab3bcd7c62edca9dc530ba3f14bda61a

SHA256
0cd3657e935f06b3376485a521ab415452e7675be4bc439e1e761f42df7f67c0

SHA512
dd260cc1bcc78db0e2eb538700e4a07b1792a70614a0fac161e446b4dfea76df0fb56f1a859848de8d592af85f7c875bab4a09f06c73cd5b900ee762d4e58cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6d98253ef36f3133e106c0fe5d37b192

SHA1
477670a0c8479972a68c33fe5bae9d9a4545c5d8

SHA256
9cf95948f603cf107a64d275fd4d7e988c3c0a335b5b6e5fbd7c14fd431a6671

SHA512
cda2aa8679aef11dc36fddd6ff0617d3bed29f5d60bbb89a5c4e0f554ebc36a48ab4252ec580a1bd1a9f5e6c477964f4dd144589cc4300487a6e67a497b1385d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12ca35b8b930bf1e94323b518651f769

SHA1
4805ce97a39e287872f30a53fb356a434a7feb8f

SHA256
9d624ce0825d4a85e00d50f69d534fc466d0a384360c86e3db0ae110be27af9b

SHA512
ffb3d49713b65f9b760c41e69f0b97d40355b68a524987c05d984079a91d67391f82f67987b1fc9d9d2c68745fcfe2a9d735e61f80f1642f77adc43d495e5b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c16ffcd6d27c1eea68d3c290687fc298

SHA1
1448b9b233d7597cb2d3ddc232399cb61abefba1

SHA256
c0d98165e93b6970b22972760da2e8d231f63fe00057f963d4f518de1d700d5a

SHA512
ca05eb5c6a2b091a85242687762f9cb3b4aa182c8640feb7f179ee31f2068574fb81b1e7b61bc99b255d4cb02a3b82168d01f55cbfcac93b085e8b5a7f2e402f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6906446793a5d4c300050da84055ab0f

SHA1
08e743032c6c8c873cd8ff2a0930c16427442c9c

SHA256
ef2cad3dbfe3e38ebfe62a862971b5587847bf50aeaa1cd971a0fa466e688c08

SHA512
43b2d93d159e8fd15d0c3a849599ad85565b12f06fedac90629bbb1726daced471bcd8633c38f7d3f3ab868d6da53c49188684c15f6dda4a44ded207511f56ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82ef8e697b24214728e476c78c70d831

SHA1
aa74ebc5251414327f066b04b6aa822068c19a0a

SHA256
90d6a341ec3c03258a66ce932a103437472b8ed71fc608e98b3282e783f7af1a

SHA512
d9ea5af44060b294430ac9313d1f58672f40e9b3dbe4f575e7693c89d8041023d502fe9ae1513d5b747fdb2bee476e68db923298abb12057d85c4319fc6d661e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15dff093356936fce8d1a87531178e81

SHA1
f805033464b16de77e7a50c333d6457ede0188f2

SHA256
4e8ae11229847c2f8a34252efed12b51dc6a733d5eff8b52030e23f14a88589d

SHA512
b0e318b79ae5c10c3c940937e3a9faf7db7e9fde8077d4ed33bd42e8b4f24d3205f65c147aa0454e6b96cda2fbb7526b36aa0ff12da03927b4a755e4aafaa2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6e4aa2b0c386596e91a36114e1c7467

SHA1
28a3072929a1ad33ba376a40d84befa455e7dda4

SHA256
63a67ef303c64ac7e7aadf55d6b13710eb161e8c4fbfa928248fe1966a0d9dfa

SHA512
b2ff5b84497ed833689b54ed1fa2f85583dd68b43ae02938e4f580839ce9a139c20d988d4b0a14ab1cbb9b3267cbad2feebebfcc685b4c2da0e1300ba0f19a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f64ac8616bc2c6f508860aa51fd7b3b2

SHA1
f4a48d11809f200917b59b38bc7875162d026131

SHA256
6d9133e3828a1cdab5428d98ceddb67fbe9ef7c6e87a043ab0a4fd8c7cfdbf18

SHA512
10d5d0a6d11dc77ab5031d074b721db285a9677d8211ab2e94eab7bf395beda4f8a1ec30e319dac4c8ac6a7f46ef93fe2abba48bb9a0beacc13e7482dd10f138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c7d070875ce8b37cc651e080673e879

SHA1
73b793848044244f640ecf3efcaf9041abdfca56

SHA256
6c94e14eee0ed7bbe4e2e4103e7d583322076f5700e097fb6b349bd0565ea739

SHA512
28e1df1f1a0b24c32f123632c7009b882c7ef0266f6886e9f9e7f21a8375d140f4eb694aab06654aba5d68f818533528376bead6e654c5e2fee241fb51a8e42f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
529f6ed0def3eda247f583239d66935b

SHA1
f58f917c94d1a7ea346781305490f444bd86d386

SHA256
9df0eaa299da12a8e2c226f7dfe54fa26233dd6fe6e771e1e9055d7cdd368f01

SHA512
40620c34d4f54f68cf36dbf965f5c7cf6e3dd520c5ef01683e6f51945b7b4b21b9f0b453275dfe58ecb19413700a37c59b20bd8e829e86ed3539e24363814ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0eacc3efef0f14e3a384154ed2f34e1d

SHA1
faa800fbf2cebe71e7dd2409979896cc44878471

SHA256
61fc255334f61e71d28653df0266eb33f761743322474d2a2f9bc780f57890bd

SHA512
a7d0e9d4b64c0b17fb4ede005e80246d8c2ae5b143e650d53ebecbec5521e6291a33e295650d37c1e9e7c2338cfbc880f394a701ed7e1d41f16f92bda0c5cca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

Filesize
105B

MD5
8c46014a108618adfd455e923add969c

SHA1
3571f9b6a1d725e000c5f5bc1df0deed786f5bb1

SHA256
1c0f4b986399a7ad6fcc271cbf96c3f8282c4abb70b5a73d5d87bf809f8ac7eb

SHA512
59d5af51cbd0126cd7c49420c2f48319f2e5fe873d7f841d571ffa077b432e8170421abdbfae531d7edcf16cbd7396cbc5bbad5d2badc55fffd119358d884981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe614a56.TMP

Filesize
112B

MD5
0418ff7d2f14f9c82a7d334affb58f15

SHA1
60ebce62f2aed5cad9baf5c5e4eb9ac45682a935

SHA256
03204c579d838fe377e28ed985509e1dd37a66909fca33ec8f71608a92922b6a

SHA512
77edbac8c698a63679148edb803a1572b2dddc26d5fe2f3331bda1d0100f4cb20870af57474464998cbae84d83a27999bcd716784afab9ee571fd5591de5684b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
569de1e9f896312c177892241d90d61a

SHA1
3627883203ef104e62defc3a69883ae1f174ea2c

SHA256
a6e43a828aa387f11bf014c35c97038606763ad058db6ad46fd34764f39ca54c

SHA512
6349a33d1a536d39edabf83ea05b08c97c2f8985abe509e23ea668b0eafc3dccf54e53a60dbd74f5afb052fd02c279583e808f145e2b9f050b541be58ac53e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
c07b0963bf9626f054e7a8be18eadaf5

SHA1
2ae41202dc5f7c364027fcfcb6aaaccd2dc596d0

SHA256
9c494a609d109d353ca364008ce93f6f10f8d5eb08442fed9b2556ddbc357f65

SHA512
c311a77df93465fab466773950b6ec022132bb0196f3edc44dc71535259b14d1dc6871894621836b3b0cf6d525242b584f8635b2dfddd7aff7a469c8328e9ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
ab103efa193c07ae15d32411cfbc4cc0

SHA1
725cb73f62abea22ec48bb2992988a27428786ed

SHA256
f3d2603aef1658ad083577b5711a56fec00dc7f60aeeaa55a56742e6349012cf

SHA512
b4913ba630d435770b8c72369e8209797f5b02e6f33bfaca2f78af0ff07279f3898d0fca9ec6bdb0bacf83889cfa1d4021f4edaece372638a95ba7675dc89a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
23414213b5c22fd4877b8c5b54928ff4

SHA1
354a41481a8a4ad0f472bd62c35675897dacdbfc

SHA256
9a85c56a71355b96a86f783cb2a0069de5411289073cccd54e8467459ee30adb

SHA512
83ab5bbe99bd8d761d62bb51b0a28d0bfc3134988ac73b4901a1697ccc8d57860924046162246a38dba4e285900ebf34d7bed215136786669600f4665f26e7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn306C.tmp

Filesize
24B

MD5
f732bf1006b6529cffba2b9f50c4b07f

SHA1
d3e8d4af812bbc4f4013c53c4ffab992d1d714e3

SHA256
77739084a27cb320f208ac1927d3d9c3cac42748dbdf6229684ef18352d95067

SHA512
064d56217aeb2980a3bfaa1e252404613624d600c3a08b5cf0adcb259596a1c60ee903fdc2650972785e5ae9b7b51890ded01ec4da7b4de94ebda08aeaf662df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn307D.tmp

Filesize
24B

MD5
db7c049e5e4e336d76d5a744c28c54c8

SHA1
a4db9c8586b9e4fa24416eb0d00f06a9ebd16b02

SHA256
e8830e7ac4088cf3dd464caec33a0035d966a7de5ae4efc3580d59a41916ff7b

SHA512
b614037fb1c7d19d704bf15f355672114d25080223e7ee4424ad2cb7b89782219e7877b373bbc7fa44f3ad8df8a27eef4e8ccc765d44ec02a61e3b7fae88ae69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn307E.tmp

Filesize
24B

MD5
fc94fe7bd3975e75cefad79f5908f7b3

SHA1
78e7da8d08e8898e956521d3b1babbf6524e1dca

SHA256
ee1ed3b49720b22d5fda63d3c46d62a96ca8838c76ab2d2f580b1e7745521aa5

SHA512
4ceaf9021b30734f4ce8b4d4a057539472e68c0add199cf9c3d1c1c95320da3884caf46943fc9f7281607ab7fa6476027860ebed8bbaa9c44b3f4056b5e074d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn307F.tmp

Filesize
24B

MD5
5f243bf7cc0a348b6d31460a91173e71

SHA1
5696b34625f027ec01765fc2be49efcfd882bf8e

SHA256
1b1aed169f2acfae4cf230701bda91229cb582ff2ce29a413c5b8fe3b890d289

SHA512
9e08dfbbf20668b86df696a0d5969e04e6ee4a67e997ff392099bc7ff184b1b8965502215744be7fe423668b69099242bba54df3f0bfe4e70acdc7cad8195b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3080.tmp

Filesize
24B

MD5
379523b9f5d5b954e719b664846dbf8f

SHA1
930823ec80b85edd22baf555cad21cdf48f066aa

SHA256
3c9002caedf0c007134a7e632c72588945a4892b6d7ad3977224a6a5a7457bf4

SHA512
eca44de86bbc3309fa6eab400154d123dcd97dc1db79554ce58ce2426854197e2365f5eee42bac6e6e9455561b206f592e159ef82faf229212864894e6021e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3081.tmp

Filesize
24B

MD5
2d84ad5cfdf57bd4e3656bcfd9a864ea

SHA1
b7b82e72891e16d837a54f94960f9b3c83dc5552

SHA256
d241584a3fd4a91976fafd5ec427e88f6e60998954dec39e388af88316af3552

SHA512
0d9bc1ee51a4fb91b24e37f85afbf88376c88345483d686c6cff84066544287c98534aa701d7d4d52e53f10a3bea73ee8bc38d18425fde6d66352f8b76c0cbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3082.tmp

Filesize
24B

MD5
635e15cb045ff4cf0e6a31c827225767

SHA1
f1eaaa628678441481309261fabc9d155c0dd6cb

SHA256
67219e5ad98a31e8fa8593323cd2024c1ca54d65985d895e8830ae356c7bdf1d

SHA512
81172ae72153b24391c19556982a316e16e638f5322b11569d76b28e154250d0d2f31e83e9e832180e34add0d63b24d36dd8a0cee80e8b46d96639bff811fa58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3083.tmp

Filesize
24B

MD5
2dd3f3c33e7100ec0d4dbbca9774b044

SHA1
b254d47f2b9769f13b033cae2b0571d68d42e5eb

SHA256
5a00cc998e0d0285b729964afd20618cbaecfa7791fecdb843b535491a83ae21

SHA512
c719d8c54a3a749a41b8fc430405db7fcde829c150f27c89015793ca06018ad9d6833f20ab7e0cfda99e16322b52a19c080e8c618f996fc8923488819e6e14bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3084.tmp

Filesize
24B

MD5
d192f7c343602d02e3e020807707006e

SHA1
82259c6cb5b1f31cc2079a083bc93c726bfc4fbf

SHA256
bb4d233c90bdbee6ef83e40bff1149ea884efa790b3bef496164df6f90297c48

SHA512
aec90cf52646b5b0ef00ceb2a8d739befe456d08551c031e8dec6e1f549a6535c1870adb62eec0a292787ae6a7876388dd1b2c884cba8cc6e2d7993790102f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete\icn3086.tmp

Filesize
24B

MD5
2a8875d2af46255db8324aad9687d0b7

SHA1
7a066fa7b69fb5450c26a1718b79ad27a9021ca9

SHA256
54097cccae0cfce5608466ba5a5ca2a3dfeac536964eec532540f3b837f5a7c7

SHA512
2c39f05a4dffd30800bb7fbb3ff2018cf4cc96398460b7492f05ce6afd59079fd6e3eb7c4f8384a35a954a22b4934c162a38534ad76cfb2fd772bcf10e211f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
24B

MD5
419a089e66b9e18ada06c459b000cb4d

SHA1
ed2108a58ba73ac18c3d2bf0d8c1890c2632b05a

SHA256
c48e42e9ab4e25b92c43a7b0416d463b9ff7c69541e4623a39513bc98085f424

SHA512
bbd57bea7159748e1b13b3e459e2c8691a46bdc9323afdb9dbf9d8f09511750d46a1d98c717c7adca07d79edc859e925476dd03231507f37f45775c0a79a593c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
e286657861d4dfda381f9389e37f4a1d

SHA1
2a35acfb6a39e5f40c3687adf3381c5cc16e54e4

SHA256
0e77e129256b5ccd72877279cabad9bc7d668550d76a08bb8cdef6280f6ff49a

SHA512
3e34f1d50f94e304f2c2d32b919cf8defc523e87feee8501f6c79e138591e8b3236e2e3c14125acfd49879ccf8e8f5e3ef79f18cd26daec025a3b7c3aa9d4017

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
cdf4f9dbb5de32207018cc212d576cba

SHA1
7cf1182ea743b6211ecd94fff28314bc51c4d9cf

SHA256
b7157ad8377a76fa491ec7e23018def3dd7febba7ad95e820ee5adce42c9f9b4

SHA512
233083c1c2daa04fbaae2091d5d402f0140b09b2029529cc105368f7cd2a76dc1572f0f26717810b7f264dbf2d2da94a988a3b6226013fe0217a01d476b1054d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
df4ec2586587848b80db8cd8df2426b7

SHA1
c469c5c364113d16b4c12fb0af0f5d3d565a7b1f

SHA256
de17d12df9df2ca806bd634d70732ed3f7f899d622a21f26ee6233dd0d49d73a

SHA512
8a2353c1a23774f946d04df90cb8082f1c4f8a991c6a3926a49a124a5524cff2e5624a5d6f1d9325566d718a2eb8ff2cc7a80e58a58a7d777d029f6f3cc98006

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
ab8b2e7d8bab492f19d4d1621f4cd222

SHA1
2c49a2b80101e8d84c0e82f35231b016430a0aea

SHA256
85fd3c6e86dda7e5255718a8738912a1e416e1ce5357f823013139d336ef93ee

SHA512
784f13229238c4ccafb77f421d70974a93656100ccfacfe227aa7c74a9716223ac9a32ac347d9d561f80d451836dac5ac1a84e47cc3901c68318a9cc2e05b369

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
907cd7c1efde726ce8b2f71effe86ee5

SHA1
91e962acb89e54906b50ef6094a32695775394c5

SHA256
f8846b1a51a42343b594eefaa60b60db78bd8ec448f17e68ccbf989592832ea3

SHA512
bc65cab363c66860e98237132d360295bb9e9f2c4de1e90544be858d6691624b34e133db2b1dda40bd73ddfbc5dfa0741ae27bbba5ed27507190a56bd082fa2c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
15ea4e6018389f449a433a4455be1741

SHA1
fa152bbce39de538379d76fb303d4ceb3358db52

SHA256
bef9d03051565b9e99a6eeba7c9739ff8359b4db34e7b57c7e7751674f3adc1e

SHA512
31bb67a80ac11499384010f7215f89c1ba610dd0ccb25dac7135ad1ead2b5d181935441df1b51f16ec3d837453552837034be6c984098d0b2c3702f9d2611bb6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
df040f875df9b526a42ad1a68d70932f

SHA1
52271d8f2525ff7b214a20a6bf84df58c31d15bc

SHA256
d31a014e7810c087a56ec854253691a68c5597eda5e12d5202f4f5d0911a2393

SHA512
7db6a2b32aa56373cb16e16b7bd0d7bf20e4776f3a962804f263a49de5330df814b276cb1070348fc9e751fb515de15f2cc21d7e6f8434cc1b2e4e368d53568c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
893a1b32dd254d8b61a95eb723c79755

SHA1
78b47d616b935cf35beaedce67cabe97eb347ec8

SHA256
9f6c249c3f0f71936dfbc7b786da8af6962af2f2a43929cbe4f10cca22af0860

SHA512
0574e609b9c3e280b27ed69941308d5271c5de4e423f43b8b2fd32a9cff8e1d449e3451bd11cea60c1af46c6441844dbfb1d3073db27dd6ee2d7204fc0428058

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
775B

MD5
684c7af87d4e73ccd390109a456703b9

SHA1
62d2a2799b0d8043b92101e26aa6d7e2842c4143

SHA256
e9c282d8c9d03c9b58cbe4a832d28df501519e820e7557cac13ffdde678ba777

SHA512
e6803df58a3ae39284a3f1493947723accbe4b03f6400f703c6d8c177c6273e22ba82d68fa3dbf11766fc06af6edb7ddf6722dec6252f2908363565702e8cebe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0d5244da703b7a2ff72f32d6282c89a6

SHA1
90804cd68ced701bbad441bd7a41ccaf8dc63d58

SHA256
03767e03060a8ea79d89cb92247a0860a3a09bd8abd0a052be37e03dbd257949

SHA512
12f95196e88ba31be48cc9bda89924136eac329d92e9b64deea4c9768a072a321570a0821c5a2091adf670ec82705d87b1111cb2081021f08754dca73f193802

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
651802a76897b8c7e944dd4f7471f730

SHA1
1c0725d76c4e987be32faf0584cdc9001a244a17

SHA256
6d5f77b7eb237c169a87fc17aaea8515c1843279042f26475b4e770adc673684

SHA512
d1846db6abc25e023a77a9b2f30795641f9190d13a00a17cf20eda8d04d951e054233b1843bb439f8183011d1ff440355d2d9e87ddbcc30f9c7aaf9c226d460b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
14c8d504c9ac11c29c0f8b0ae015a59a

SHA1
d0557df346cd40bd2a46bec63c5ac87b8ee3d6c6

SHA256
f60fad0697d357183258fe167ce9aecd2c55b97069e1b69e9c4a3b422b7de74c

SHA512
702159332652dc4eb29edda94a875913c2bef5a960f9111f71513ff45242d54ba4864109a2227f28774a34f27317e7619232122687c78da599eb5479466ad1c4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
022f32c64324b2d8a6b890ca7c37835d

SHA1
365f42314ada6b743845eae14241eaf380f2c91c

SHA256
16684b9da05fb75d59e9b3848da33ee6eabbe1b3fda8dd021b5c637270c6d792

SHA512
a972d43a7b6408c70dd0bdfe2efc315bb87eff2139a0f85cb27f4c9f404bd05be42c2bd65eef763241c707e5c6afb6cb86e553007333d6df4f93ef0fd25504ad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
dc69370b68e9e0d499d30cb8bd89c93d

SHA1
c492cd3917d87e320a77d964d018bed5c00eef4e

SHA256
b8466eec7fb29bb0ae72c7416aded6be83f4c6fe9c18bc5f49741882433637e0

SHA512
bbd1a99467ccf0253a1cf177228cf1803566284425572c4e5d6c704172e92a93302f8491b153b735de5c53ed4ea2edb83235fac6ef33c98e86618be3251607a6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
6602cb2aff1a83c9aecdca259b23b522

SHA1
3f483685ead82cd5d226d4d72efd7e10032f35da

SHA256
8f8d58f452b7c92e53d550e97f73861df0191124d2152b02db50caa1f6106195

SHA512
be6997b5a55822d1eb740a567e8e1894d5cc5eae580a58ee1bda346e57344c8784461293a058d19dfd0d86a021435ed513cbe500b32293aca26671954ea9d9d0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
8f5984cc9cf648218770f782fa0a41ec

SHA1
9a4aada982283f1ed15aec24a8de6609546488d3

SHA256
7f55a7f731699e91375421b1756ab167d71d8065e463110044a141d6e5b987da

SHA512
99f67ceeb4a05745cf087bfb902f9f5c6526b46df22dc6232673d38db33c0c5c7c23490908d8868868951eb2cb12a060d9507174ce67a811ac05357a358fd207

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
6ded65fc56797e39593fa002b4895d5c

SHA1
260139bd8c4e9f51e6a6be8f90880cfa775f1419

SHA256
b9c4aa33771ea8848cdc1f8214d8ef0d669c6bb672326636f0e860a7a3581863

SHA512
6c6236e931567a904c605530e465ad79769d41bbf1d1adc4df17223e36d8923a445a8f85e7c66a323baba9553d9343d051f185271790a5fb1017a4486ba26def

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
4f9f498d948746c2e13f8791da40a850

SHA1
1f486547fb74c5441a4806233718c4fd1728615f

SHA256
860b6f49e13e1fc2df901ca977e8aad57406fb94f6dd2b2d05442d2bd0f89db4

SHA512
ae6640efcb6196843028dd5881b1f66abe39b9766d961bfb346dd1541f478b1a48dd0ecad5d93f73f1dc517c7ce9fde9f3fab59f4bd94a229ead5dfb0ea3afaa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
9a90018dd58985ca4830cd4ebc9d4ba3

SHA1
2e948915c71c10ce9d68f5c7f4ccea52963c02a0

SHA256
f8d6bc80e93c212f16b3473496914431bfb5fdc38555997099f1f20ba07cb2d0

SHA512
7decf5098680248ff6a6efc0bd1559137c98719c6ff7baf2daee46933bf49d76f935bb22e14a27b18e812d5d5e3e877990f25a8302f7eaa25963bbec97e7900a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
6bb7411395ff2a3915a21a6ce2277c1a

SHA1
4c97f57c5bcb673b5e6d97ffb27093edfbb1d1e2

SHA256
e39175d637566790d5f4295f8b2f97394d2aa309f62620532a43b69d7ea6c58d

SHA512
b288e92eefb28961eafc295caa428048c065d544a2fc1f0f14ad70eb40e5c8ff654086faed49cfe2a8e1cb232f19712bb98bfbdc0532f420117a4e0f306c4ece

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
32b8ef1e7271de129e03e645db534031

SHA1
9a669cbd10da676c37d5842c940483f265a65d47

SHA256
f9840624841da9ef1026d5aa7723054d38da3f6a2e7ca96bf46e59757bc615b8

SHA512
cbae325c635891150566145eb673e4708a4f06ecec99ab7487adfb7a56cc462b2b7d18053c8060ede5e59774ba89a0d5b97acd15b6a5cf3d0d6356f174d1a562

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
a0c791eb117689234546c464c53bba30

SHA1
7347b64f8b23fb0fa55eb94b6b5ca7753d964875

SHA256
441f3a19ae514c17239267fe7aad48275adcf5af6eb53e7ab9f0fcc2192e68f9

SHA512
536c63bbf3aa4ef2f3d62333f236416adf55a99acf96f969da8381e15a68f8af6521ef4b13a36f2cc3f55e7bf9f1fcdce1de1f01f3a5fd820224d94ff2977cd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 915036.crdownload

Filesize
4.8MB

MD5
ecae8b9c820ce255108f6050c26c37a1

SHA1
42333349841ddcec2b5c073abc0cae651bb03e5f

SHA256
1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069

SHA512
9dc317682d4a89351e876b47f57e7fd26176f054b7322433c2c02dd074aabf8bfb19e6d1137a4b3ee6cd3463eaf8c0de124385928c561bdfe38440f336035ed4

Download Submit
C:\Windows\Installer\MSIF078.tmp

Filesize
81KB

MD5
fccdc45ca17e5180b40efc28052bac39

SHA1
cecb5a7e8807e619956183897a64930ce56294d6

SHA256
4ab37b0f9c5fe3505e1ecfe0764aaa04838cf81f9e0a402425e057f7a251e621

SHA512
67a9cd2066155b35a4b11e7917c2b6dd1d39828bfbe2972b22eea79c1891fd142f50273dde0cbf0a500259fb468f7636db05131a70b3c54a143f945d037da1ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Filesize
156KB

MD5
4ee38468c4ec8d7260fdbe8c1666417e

SHA1
5b79d6e79df3f870333f4d06cf838baa9b76fb1c

SHA256
5e96fbff41794d3c2260ec81966fd831856d8a63c3203201ab883e01844c8926

SHA512
f5b9d2642ac319eb0b1040992f3b89e6993bac931ae9b6b4c740816e7c342eb97973f8f110e740abc3a9ae390bc4b499e73d1664ea6703955f0de76df32ac77f

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
149KB

MD5
e4a99d2d1f8408e76a2c634d7866900d

SHA1
88b95baf68f0a65822c0ec468e2a6f69897883e0

SHA256
b363c45b4b4d8135b9d7891536f8e4374c5f09108aeb2ad1fad6cb07a865b31f

SHA512
a56dbdf0f55f0ce6f655d5aaa95ce19962d4b0fec253004ccc8eb47637cca38167c7b0a81ee6d0e8eb720d1eb5c93cdc45023ff044c2af6deb07e77ee3c176dc

Download Submit
memory/1840-679-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/1840-935-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/1840-564-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/1840-455-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/2156-1119-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1118-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1117-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1120-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1121-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1122-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1110-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1116-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1111-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/2156-1112-0x00000210D8A00000-0x00000210D8A01000-memory.dmp

Filesize
4KB

Download
memory/3888-726-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-740-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-486-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-512-0x00000000057C0000-0x00000000057DB000-memory.dmp

Filesize
108KB

Download
memory/3888-515-0x00000000057C0000-0x00000000057DB000-memory.dmp

Filesize
108KB

Download
memory/3888-516-0x00000000057C0000-0x00000000057DB000-memory.dmp

Filesize
108KB

Download
memory/3888-961-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-574-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-680-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-1102-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-1106-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/3888-947-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4032-1909-0x000000001B950000-0x000000001B95E000-memory.dmp

Filesize
56KB

Download
memory/4032-1908-0x000000001B970000-0x000000001B99C000-memory.dmp

Filesize
176KB

Download
memory/4696-948-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4696-485-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4696-681-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4696-575-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-728-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-843-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-708-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-1104-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-963-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download
memory/4884-949-0x0000000000150000-0x00000000015FF000-memory.dmp

Filesize
20.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads