General Info

URL

https://maiar.com/features

Full analysis
https://app.any.run/tasks/491e9c33-b689-422f-91eb-bd2bbcb815fd
Verdict
Malicious activity
Analysis date
4/15/2019, 00:00:09
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • MaiarUpdate.exe (PID: 2572)
  • MaiarUpdate.exe (PID: 2244)
  • MaiarUpdate.exe (PID: 3360)
  • MaiarUpdate.exe (PID: 2324)
  • MaiarUpdate.exe (PID: 2564)
  • MaiarUpdate.exe (PID: 868)
  • MaiarUpdate.exe (PID: 3240)
  • MaiarUpdate.exe (PID: 2860)
Application was dropped or rewritten from another process
  • MaiarUpdate.exe (PID: 3360)
  • MaiarUpdate.exe (PID: 2324)
  • MaiarUpdate.exe (PID: 2572)
  • MaiarUpdate.exe (PID: 2860)
  • MaiarUpdate.exe (PID: 3240)
  • MaiarUpdateSetup.exe (PID: 3604)
  • MaiarSetup.exe (PID: 2908)
  • MaiarUpdate.exe (PID: 2244)
  • MaiarUpdate.exe (PID: 868)
  • MaiarUpdate.exe (PID: 2564)
Changes settings of System certificates
  • MaiarUpdate.exe (PID: 2244)
Loads the Task Scheduler COM API
  • MaiarUpdate.exe (PID: 868)
Adds / modifies Windows certificates
  • MaiarUpdate.exe (PID: 2244)
Application launched itself
  • MaiarUpdate.exe (PID: 2572)
Creates files in the program directory
  • MaiarUpdate.exe (PID: 2572)
  • MaiarUpdateSetup.exe (PID: 3604)
  • MaiarUpdate.exe (PID: 868)
Executable content was dropped or overwritten
  • MaiarUpdate.exe (PID: 868)
  • MaiarUpdateSetup.exe (PID: 3604)
  • MaiarSetup.exe (PID: 2908)
  • chrome.exe (PID: 2096)
  • chrome.exe (PID: 2956)
Creates COM task schedule object
  • MaiarUpdate.exe (PID: 868)
  • MaiarUpdate.exe (PID: 2564)
Starts itself from another location
  • MaiarUpdate.exe (PID: 868)
Disables SEHOP
  • MaiarUpdate.exe (PID: 868)
Application launched itself
  • chrome.exe (PID: 2956)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
57
Monitored processes
24
Malicious processes
9
Suspicious processes
1

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs maiarsetup.exe maiarupdate.exe no specs maiarupdatesetup.exe maiarupdate.exe maiarupdate.exe no specs maiarupdate.exe no specs maiarupdate.exe maiarupdate.exe no specs maiarupdate.exe maiarupdate.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://maiar.com/features
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\maiarsetup.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll

PID
3568
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f550f18,0x6f550f28,0x6f550f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2692
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2960 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3832
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6431492561213537796 --mojo-platform-channel-handle=956 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
2096
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6538527062471319232 --mojo-platform-channel-handle=1504 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\ntmarta.dll

PID
2524
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --service-pipe-token=14929232735656079842 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14929232735656079842 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2996
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --service-pipe-token=8677483887613933414 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8677483887613933414 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3476
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --service-pipe-token=2909597758284394243 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2909597758284394243 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2284
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12005571563935577244 --mojo-platform-channel-handle=3172 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13439512304242856846 --mojo-platform-channel-handle=3364 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3292
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7116108747025023240 --mojo-platform-channel-handle=3808 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3232
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15835343355831123021 --mojo-platform-channel-handle=3432 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3444
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2985551873384928808 --mojo-platform-channel-handle=4256 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2736
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=968,17215634630916836933,4176483723390307175,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7807277494032003276 --mojo-platform-channel-handle=4404 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2908
CMD
"C:\Users\admin\Downloads\MaiarSetup.exe"
Path
C:\Users\admin\Downloads\MaiarSetup.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147748097
Version:
Company
Elrond Ltd.
Description
Elrond Update Setup
Version
1.3.97.0
Modules
Image
c:\users\admin\downloads\maiarsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\gum4809.tmp\maiarupdate.exe

PID
2860
CMD
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdate.exe /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Maiar&needsadmin=prefers&lang=en&usagestats=1"
Path
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdate.exe
Indicators
No indicators
Parent process
MaiarSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147748097
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\users\admin\appdata\local\temp\gum4809.tmp\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\users\admin\appdata\local\temp\gum4809.tmp\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\gum4809.tmp\goopdateres_en.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll

PID
3604
CMD
"C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateSetup.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Maiar&needsadmin=prefers&lang=en&usagestats=1" /installelevated /nomitag
Path
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateSetup.exe
Indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
2147748097
Version:
Company
Elrond Ltd.
Description
Elrond Update Setup
Version
1.3.97.0
Modules
Image
c:\users\admin\appdata\local\temp\gum4809.tmp\maiarupdatesetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\gum4e23.tmp\maiarupdate.exe

PID
868
CMD
"C:\Program Files\GUM4E23.tmp\MaiarUpdate.exe" /installsource taggedmi /install "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Maiar&needsadmin=prefers&lang=en&usagestats=1" /installelevated
Path
C:\Program Files\GUM4E23.tmp\MaiarUpdate.exe
Indicators
Parent process
MaiarUpdateSetup.exe
User
admin
Integrity Level
HIGH
Exit code
2147748097
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\gum4e23.tmp\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\gum4e23.tmp\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\gum4e23.tmp\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\apphelp.dll
c:\program files\elrond\update\maiarupdate.exe
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\program files\elrond\update\1.3.97.0\npmaiarupdate3.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
3240
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /regsvc
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
No indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dbghelp.dll
c:\program files\elrond\update\1.3.97.0\goopdateres_en.dll

PID
2564
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /regserver
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
No indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\elrond\update\1.3.97.0\psmachine.dll

PID
2244
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuOTcuMCIgc2hlbGxfdmVyc2lvbj0iMS4zLjk3LjAiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0E4NUQ2RUQtOThFQi00MTNGLUIyQUUtRTA2RUJEQjgzRkNFfSIgdXNlcmlkPSJ7QzhENDI3REItOEUwNi00NEJCLUEyRkEtNjNEMDY0MzM0Njk5fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0RDNjcyRjkwLUQxNUUtNDI5NC05QkYwLTREMDRDMTVBQjZFMX0iIGRlZHVwPSJjciI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0IxMzFDOTM1LTlCRTYtNDFEQS05NTk5LTFGNzc2QkVCODAxOX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy45Ny4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTQ2OSIvPjwvYXBwPjwvcmVxdWVzdD4
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll

PID
2324
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /handoff "appguid={AFE6A462-C574-4B8A-AF43-4CC60DF4563B}&appname=Maiar&needsadmin=prefers&lang=en&usagestats=1" /installsource taggedmi /sessionid "{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}"
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
No indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
2147748097
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\elrond\update\1.3.97.0\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\elrond\update\1.3.97.0\psmachine.dll

PID
2572
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /svc
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\elrond\update\1.3.97.0\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\elrond\update\1.3.97.0\psmachine.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bitsprx4.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll

PID
3360
CMD
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuOTcuMCIgc2hlbGxfdmVyc2lvbj0iMS4zLjk3LjAiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7N0E4NUQ2RUQtOThFQi00MTNGLUIyQUUtRTA2RUJEQjgzRkNFfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezI0RTY4NkJBLTUxNjEtNERCQS05NzhFLUNDNURCQUNGQkVFM30iIGRlZHVwPSJjciI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0FGRTZBNDYyLUM1NzQtNEI4QS1BRjQzLTRDQzYwREY0NTYzQn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjcyLjAuNTkuMTAwIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZG93bmxvYWRzLm1haWFyLmNvbS9zdGF0aWMvbWVkaWEvYnVpbGQvTWFpYXIvc3RhYmxlL3dpbi83OTE2NDg0MTA2NjU5Ni83Mi4wLjU5LjEwMC5leGUiIGRvd25sb2FkZWQ9IjYwNjQwNzI4IiB0b3RhbD0iNjA2NDA3MjgiIGRvd25sb2FkX3RpbWVfbXM9IjM2NTMxIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzIxOTE5OSIgZXh0cmFjb2RlMT0iLTIxNDcwMjQ2ODAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzMTQxIiBkb3dubG9hZF90aW1lX21zPSIzNzA5NCIgZG93bmxvYWRlZD0iNjA2NDA3MjgiIHRvdGFsPSI2MDY0MDcyOCIgaW5zdGFsbF90aW1lX21zPSIyOTciLz48L2FwcD48L3JlcXVlc3Q-
Path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
Indicators
Parent process
MaiarUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Elrond Ltd.
Description
Elrond Update
Version
1.3.97.0
Modules
Image
c:\program files\elrond\update\maiarupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\elrond\update\1.3.97.0\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll

Registry activity

Total events
2763
Read events
1024
Write events
1721
Delete events
18

Modification events

PID
Process
Operation
Key
Name
Value
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2956
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2956
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2956
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2956
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2956
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2956
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13199752825782000
2956
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040000000E001600000025004B0300000000
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040000000E00160000002500520300000000
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2956
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
89B23C5BBA3A70A2BCE8932916B906CBC7B250CFD35964B3A96C400030485E07
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
BB3999ABBACF7F15DBA7D669D05CB94D48E4F606E796CEB93669D282E4A51880
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
EE243F361CFF1C737538E0CE0D49001C30FC312D401881EAD1322AC2C9895597
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
DD0792753353141A01CA20FB3586DACE269E56644D85846013E7DA55F0682CD3
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
C4B53E305419B2A95FE99D99BF9D406D3161F9CA96CA9DD35E08FB2154BB29BB
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
3CC3D0E2F6FFCFFE205A026461AB25469D35CB78A6114786DD80041C63895986
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
22CE39484D1229D1237534C4EB5B7ADD1CF3E15D7226FCD72366B24554F98068
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
DB0CA7BFA18AA7384645DE615FCEB6EAFCD68C4D7C3B0A6FFAE0C2549613763D
2956
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
972FB248D6DEB77A181BD6459C3F59D3A5DB38EDBF488BE089CFBB113374EC1F
2692
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2956-13199752824782000
259
2692
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2956-13199752824782000
0
2096
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2908
MaiarSetup.exe
write
HKEY_CURRENT_USER\Software\Elrond\Promo
StubInstallerPath
C:\Users\admin\Downloads\MaiarSetup.exe
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
usagestats
1
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
path
C:\Program Files\Elrond\Update\MaiarUpdate.exe
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
UninstallCmdLine
"C:\Program Files\Elrond\Update\MaiarUpdate.exe" /uninstall
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
pv
1.3.97.0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\Clients\{B131C935-9BE6-41DA-9599-1F776BEB8019}
name
Maiar Update
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
pv
1.3.97.0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MaiarUpdate.exe
DisableExceptionChainValidation
0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
IsMSIHelperRegistered
0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
LastOSVersion
1C0100000600000001000000B11D000002000000530065007200760069006300650020005000610063006B00200031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000010100
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
version
1.3.97.0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=9
Path
C:\Program Files\Elrond\Update\1.3.97.0\npMaiarUpdate3.dll
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=9
Description
Elrond Update
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=9
ProductName
Elrond Update
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=9
Vendor
Elrond Ltd.
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=9
Version
9
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15D29936-2A57-4263-AF7E-A1A2BE525A95}
AppName
MaiarUpdateWebPlugin.exe
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15D29936-2A57-4263-AF7E-A1A2BE525A95}
AppPath
C:\Program Files\Elrond\Update\1.3.97.0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15D29936-2A57-4263-AF7E-A1A2BE525A95}
Policy
3
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickCtrl.9
Elrond Update Plugin
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickCtrl.9\CLSID
{15D29936-2A57-4263-AF7E-A1A2BE525A95}
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D29936-2A57-4263-AF7E-A1A2BE525A95}
Elrond Update Plugin
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D29936-2A57-4263-AF7E-A1A2BE525A95}\ProgID
Elrond.OneClickCtrl.9
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D29936-2A57-4263-AF7E-A1A2BE525A95}\InprocServer32
C:\Program Files\Elrond\Update\1.3.97.0\npMaiarUpdate3.dll
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D29936-2A57-4263-AF7E-A1A2BE525A95}\InprocServer32
ThreadingModel
Apartment
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D29936-2A57-4263-AF7E-A1A2BE525A95}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
CATID_AppContainerCompatible
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.maiar.oneclickctrl.9
CLSID
{15D29936-2A57-4263-AF7E-A1A2BE525A95}
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=3
Path
C:\Program Files\Elrond\Update\1.3.97.0\npMaiarUpdate3.dll
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=3
Description
Elrond Update
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=3
ProductName
Elrond Update
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=3
Vendor
Elrond Ltd.
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.maiar.com/Elrond Update;version=3
Version
3
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
AppName
MaiarUpdateBroker.exe
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
AppPath
C:\Program Files\Elrond\Update\1.3.97.0
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
Policy
3
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.Update3WebControl.3
Elrond Update Plugin
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.Update3WebControl.3\CLSID
{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
Elrond Update Plugin
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}\ProgID
Elrond.Update3WebControl.3
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}\InprocServer32
C:\Program Files\Elrond\Update\1.3.97.0\npMaiarUpdate3.dll
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}\InprocServer32
ThreadingModel
Apartment
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
CATID_AppContainerCompatible
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.maiar.update3webcontrol.3
CLSID
{2810C6B4-D693-4E86-A05B-A2F9B6CA37DE}
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
brand
GGLS
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
InstallTime
1555279248
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
DayOfInstall
4294967295
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
DayOfLastActivity
4294967295
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{B131C935-9BE6-41DA-9599-1F776BEB8019}
DayOfLastRollCall
4294967295
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{DC672F90-D15E-4294-9BF0-4D04C15AB6E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{DC672F90-D15E-4294-9BF0-4D04C15AB6E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{B131C935-9BE6-41DA-9599-1F776BEB8019}" version="" nextversion="1.3.97.0" lang="en" brand="" client=""><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="1469"/></app></request>
868
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{DC672F90-D15E-4294-9BF0-4D04C15AB6E1}
PersistedPingTime
131997528483093437
868
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{DC672F90-D15E-4294-9BF0-4D04C15AB6E1}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
uid
{C8D427DB-8E06-44BB-A2FA-63D064334699}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
uid-create-time
1555279247
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update
uid-num-rotations
1
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\uid
UlQASgSv
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}
ServiceModule
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MaiarUpdate.exe
AppID
{08F15E98-0442-45D3-82F1-F67495CC51EB}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}
LocalService
maiar
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{08F15E98-0442-45D3-82F1-F67495CC51EB}
ServiceParameters
/comsvc
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3COMClassService.1.0
Update3COMClass
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3COMClassService.1.0\CLSID
{08F15E98-0442-45D3-82F1-F67495CC51EB}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3COMClassService
Update3COMClass
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3COMClassService\CLSID
{08F15E98-0442-45D3-82F1-F67495CC51EB}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3COMClassService\CurVer
ElrondUpdate.Update3COMClassService.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}
Update3COMClass
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\ProgID
ElrondUpdate.Update3COMClassService.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}\VersionIndependentProgID
ElrondUpdate.Update3COMClassService
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08F15E98-0442-45D3-82F1-F67495CC51EB}
AppID
{08F15E98-0442-45D3-82F1-F67495CC51EB}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
ServiceModule
3240
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MaiarUpdate.exe
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MaiarUpdate.exe
AppID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
LocalService
maiarm
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
ServiceParameters
/comsvc
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassSvc.1.0
Google Update Legacy On Demand
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassSvc.1.0\CLSID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassSvc
Google Update Legacy On Demand
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassSvc\CLSID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassSvc\CurVer
ElrondUpdate.OnDemandCOMClassSvc.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
Google Update Legacy On Demand
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\ProgID
ElrondUpdate.OnDemandCOMClassSvc.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}\VersionIndependentProgID
ElrondUpdate.OnDemandCOMClassSvc
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
AppID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebSvc.1.0
GoogleUpdate Update3Web
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebSvc.1.0\CLSID
{3A9D7221-2278-41DD-930B-C2356B7D3725}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebSvc
GoogleUpdate Update3Web
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebSvc\CLSID
{3A9D7221-2278-41DD-930B-C2356B7D3725}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebSvc\CurVer
ElrondUpdate.Update3WebSvc.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}
GoogleUpdate Update3Web
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}\ProgID
ElrondUpdate.Update3WebSvc.1.0
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}\VersionIndependentProgID
ElrondUpdate.Update3WebSvc
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A9D7221-2278-41DD-930B-C2356B7D3725}
AppID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreClass.1
Google Update Core Class
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreClass.1\CLSID
{3AD2D487-D166-4160-8E36-1AE505233A55}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreClass
Google Update Core Class
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreClass\CLSID
{3AD2D487-D166-4160-8E36-1AE505233A55}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreClass\CurVer
ElrondUpdate.CoreClass.1
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}
Google Update Core Class
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\ProgID
ElrondUpdate.CoreClass.1
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}\VersionIndependentProgID
ElrondUpdate.CoreClass
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD2D487-D166-4160-8E36-1AE505233A55}
AppID
{D7D7525F-5DF4-4C9D-8781-C02F39F973E6}
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
opt_in_uid_generated
0100000000000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
omaha_version
0000610003000100
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Booleans
is_system_install
01000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_main
0100000000000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_constructor
0100000000000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_sp_major_version
0100000000000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_minor_version
0100000000000000
3240
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_major_version
0600000000000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32
C:\Program Files\Elrond\Update\1.3.97.0\psmachine.dll
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32
ThreadingModel
Both
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7127776B-9569-475C-8A3D-591340251B4F}\InprocHandler32
C:\Program Files\Elrond\Update\1.3.97.0\psmachine.dll
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7127776B-9569-475C-8A3D-591340251B4F}\InprocHandler32
ThreadingModel
Both
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA96770F-9700-423B-9207-A48CDF7698F6}\InProcServer32
C:\Program Files\Elrond\Update\1.3.97.0\psmachine.dll
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA96770F-9700-423B-9207-A48CDF7698F6}\InProcServer32
ThreadingModel
Both
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA96770F-9700-423B-9207-A48CDF7698F6}
PSFactoryBuffer
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}
IJobObserver
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CFC4E00-1C9D-443D-B5BE-CEEEAC1443AF}\NumMethods
13
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}
ICoCreateAsyncStatus
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A24060E-533F-4962-9E15-34BD82555FA7}\NumMethods
10
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}
IAppVersionWeb
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35A4470F-5EEC-4715-A2DC-6AA9F8E21183}\NumMethods
10
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}
IAppCommand
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4842EC21-0860-45B5-99F0-A1E6E7C11561}\NumMethods
11
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}
IProgressWndEvents
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8504FB26-FC3E-4C1C-9C94-46EC93E6BA63}\NumMethods
9
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}
IBrowserHttpRequest2
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAE4AD28-500D-43BA-9F54-730CA146C190}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}
IApp2
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A147722A-5568-4B84-B401-86D744470CBF}\NumMethods
43
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}
IAppCommand2
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C11C073F-E6D0-4EF7-897B-AAF52498CD2F}\NumMethods
12
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}
IAppBundle
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1985533F-9B0F-490A-85C5-24F316E66FB2}\NumMethods
41
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}
IApp
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BCDF52-2179-4C77-8C5F-B8095712B563}\NumMethods
41
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}
ICoCreateAsync
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD84E356-3D21-44C8-83DD-6BEEC22FA427}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}
IGoogleUpdateCore
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10479D64-2C5F-46CD-9BC8-FD04FF4D02D8}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}
IAppVersion
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F234546B-DACD-4374-97CF-7BADFAB76766}\NumMethods
10
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}
IAppCommandWeb
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19F4616B-B7DD-4B3F-8084-C81C5C77AAA4}\NumMethods
11
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}
IAppBundleWeb
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{852A0F87-D117-4B7C-ABA9-2F76D91BCB9D}\NumMethods
24
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}
IGoogleUpdate3Web
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C9190589-ECEC-43F8-8AEC-62496BB87B26}\NumMethods
8
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}
IJobObserver2
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91B050A9-5A49-4249-A8C8-B4390961A912}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}
IGoogleUpdate3WebSecurity
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24D704AD-AC42-49F2-BB4F-68BA77C98E91}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}
IGoogleUpdate3
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CB305B1-4D45-4668-AD91-677F87BED305}\NumMethods
10
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}
IRegistrationUpdateHook
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48B5E6B2-9383-4B1E-AAE7-720C4779ABA6}\NumMethods
8
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}
IPackage
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C663DEBB-F082-4971-9F6E-35DE45C96F4E}\NumMethods
10
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}
IProcessLauncher2
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5627FC9-E2F0-484B-89A4-5DACFE7FAAD3}\NumMethods
7
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}
IAppWeb
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB43AAD0-DDBA-4D01-A3E0-FAB100E7926B}\NumMethods
17
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}
ICredentialDialog
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{660130E8-74E4-4821-A6FD-4E9A86E06470}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}
IProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70E5ECF5-2CA7-4019-9B23-916789A13C2C}\NumMethods
6
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FF491FB-E162-4E0B-9CA3-1464B0CF9F20}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FF491FB-E162-4E0B-9CA3-1464B0CF9F20}
IOneClickProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FF491FB-E162-4E0B-9CA3-1464B0CF9F20}\NumMethods
4
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}
IGoogleUpdate
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C929BFE-4FA4-488D-B1E2-82ECD6F076C8}\NumMethods
5
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\ProxyStubClsid32
{AA96770F-9700-423B-9207-A48CDF7698F6}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}
ICurrentState
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6836CFF-5949-44BC-B6BE-9C8C48DD8D97}\NumMethods
24
2564
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}\InprocServer32
2564
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC03C0E4-1528-4299-89B2-419644FA48AC}
2564
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7127776B-9569-475C-8A3D-591340251B4F}\InprocHandler32
2564
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7127776B-9569-475C-8A3D-591340251B4F}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachine.1.0
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachine.1.0\CLSID
{28C83F57-E4C0-4B54-B187-585C51EE8F9C}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachine
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachine\CLSID
{28C83F57-E4C0-4B54-B187-585C51EE8F9C}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachine\CurVer
ElrondUpdate.OnDemandCOMClassMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\ProgID
ElrondUpdate.OnDemandCOMClassMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\VersionIndependentProgID
ElrondUpdate.OnDemandCOMClassMachine
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateBroker.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}
LocalizedString
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-3000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\Elevation
Enabled
1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C83F57-E4C0-4B54-B187-585C51EE8F9C}\Elevation
IconReference
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-1004
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachine.1.0
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachine.1.0\CLSID
{00B16F95-319A-4F01-AC81-CE69B8F4E387}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachine
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachine\CLSID
{00B16F95-319A-4F01-AC81-CE69B8F4E387}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachine\CurVer
ElrondUpdate.Update3WebMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}
Google Update Broker Class Factory
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\ProgID
ElrondUpdate.Update3WebMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\VersionIndependentProgID
ElrondUpdate.Update3WebMachine
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateBroker.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}
LocalizedString
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-3000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation
Enabled
1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00B16F95-319A-4F01-AC81-CE69B8F4E387}\Elevation
IconReference
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-1004
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoCreateAsync.1.0
CoCreateAsync
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoCreateAsync.1.0\CLSID
{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoCreateAsync
CoCreateAsync
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoCreateAsync\CLSID
{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoCreateAsync\CurVer
ElrondUpdate.CoCreateAsync.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}
CoCreateAsync
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\ProgID
ElrondUpdate.CoCreateAsync.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\VersionIndependentProgID
ElrondUpdate.CoCreateAsync
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6D9FE5-6ED3-43A3-80D2-EA8766D65352}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateBroker.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickProcessLauncherMachine.1.0
Elrond.OneClickProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickProcessLauncherMachine.1.0\CLSID
{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickProcessLauncherMachine
Elrond.OneClickProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickProcessLauncherMachine\CLSID
{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Elrond.OneClickProcessLauncherMachine\CurVer
Elrond.OneClickProcessLauncherMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
Elrond.OneClickProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}\ProgID
Elrond.OneClickProcessLauncherMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}\VersionIndependentProgID
Elrond.OneClickProcessLauncherMachine
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateBroker.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
CLSID
{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB34ABFF-C7C8-442C-AB75-6A913FA47304}
Policy
3
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.ProcessLauncher.1.0
Google Update Process Launcher Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.ProcessLauncher.1.0\CLSID
{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.ProcessLauncher
Google Update Process Launcher Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.ProcessLauncher\CLSID
{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.ProcessLauncher\CurVer
ElrondUpdate.ProcessLauncher.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}
Google Update Process Launcher Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\ProgID
ElrondUpdate.ProcessLauncher.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\VersionIndependentProgID
ElrondUpdate.ProcessLauncher
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C3BA8F3-1264-4BDB-BB2D-CA44734AD00D}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreMachineClass.1
Google Update Core Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreMachineClass.1\CLSID
{F7FF255A-A593-41BD-A69B-E05D72B72756}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreMachineClass
Google Update Core Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreMachineClass\CLSID
{F7FF255A-A593-41BD-A69B-E05D72B72756}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CoreMachineClass\CurVer
ElrondUpdate.CoreMachineClass.1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}
Google Update Core Class
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\ProgID
ElrondUpdate.CoreMachineClass.1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\VersionIndependentProgID
ElrondUpdate.CoreMachineClass
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}
LocalizedString
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-3000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation
Enabled
1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F7FF255A-A593-41BD-A69B-E05D72B72756}\Elevation
IconReference
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-1004
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachineFallback.1.0
Google Update Legacy On Demand
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID
{3282EB12-D954-4FD2-A2E1-C942C8745C65}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachineFallback
Google Update Legacy On Demand
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachineFallback\CLSID
{3282EB12-D954-4FD2-A2E1-C942C8745C65}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.OnDemandCOMClassMachineFallback\CurVer
ElrondUpdate.OnDemandCOMClassMachineFallback.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}
Google Update Legacy On Demand
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\ProgID
ElrondUpdate.OnDemandCOMClassMachineFallback.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\VersionIndependentProgID
ElrondUpdate.OnDemandCOMClassMachineFallback
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}
LocalizedString
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-3000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation
Enabled
1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3282EB12-D954-4FD2-A2E1-C942C8745C65}\Elevation
IconReference
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-1004
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachineFallback.1.0
GoogleUpdate Update3Web
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachineFallback.1.0\CLSID
{66CE3D6C-0B35-4F78-AC77-39728A75CB75}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachineFallback
GoogleUpdate Update3Web
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachineFallback\CLSID
{66CE3D6C-0B35-4F78-AC77-39728A75CB75}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.Update3WebMachineFallback\CurVer
ElrondUpdate.Update3WebMachineFallback.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}
GoogleUpdate Update3Web
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\ProgID
ElrondUpdate.Update3WebMachineFallback.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\VersionIndependentProgID
ElrondUpdate.Update3WebMachineFallback
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}
LocalizedString
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-3000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation
Enabled
1
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66CE3D6C-0B35-4F78-AC77-39728A75CB75}\Elevation
IconReference
@C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll,-1004
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CredentialDialogMachine.1.0
GoogleUpdate CredentialDialog
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CredentialDialogMachine.1.0\CLSID
{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CredentialDialogMachine
GoogleUpdate CredentialDialog
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CredentialDialogMachine\CLSID
{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ElrondUpdate.CredentialDialogMachine\CurVer
ElrondUpdate.CredentialDialogMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}
GoogleUpdate CredentialDialog
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\ProgID
ElrondUpdate.CredentialDialogMachine.1.0
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\VersionIndependentProgID
ElrondUpdate.CredentialDialogMachine
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5D1924F-CB80-47AA-8DEC-5E0854A42A73}\LocalServer32
"C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe"
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
omaha_version
0000610003000100
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Booleans
is_system_install
01000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_main
0200000000000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_constructor
0200000000000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_sp_major_version
0100000000000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_minor_version
0100000000000000
2564
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_major_version
0600000000000000
2244
MaiarUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Blob
0F0000000100000014000000F45A0858C9CD920E647BAD539AB9F1CFC77F24CB0B000000010000002A0000005300650063007400690067006F0020002800550054004E0020004F0062006A0065006300740029000000090000000100000022000000302006082B0601050507030306082B06010505070308060A2B0601040182370A03046200000001000000200000006FFF78E400A70C11011CD85977C459FB5AF96A3DF0540820D0F4B8607875E58F140000000100000014000000DAED6474149C143CABDD99A9BD5B284D8B3CC9D81D0000000100000010000000F919B9CCCE1E59C2E785F7DC2CCF6708030000000100000014000000E12DFB4B41D7D9C32B30514BAC1D81D8385E2D4620000000010000006A040000308204663082034EA003020102021044BE0C8B500024B411D3362DE0B35F1B300D06092A864886F70D0101050500308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A656374301E170D3939303730393138333132305A170D3139303730393138343033365A308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A65637430820122300D06092A864886F70D01010105000382010F003082010A0282010100CEAA813FA3A36178AA31005595119E270F1F1CDF3A9B826830C04A611DF12F0EFABE79F7A523EF55519684CDDBE3B96E3E31D80A2067C7F4D9BF94EB47043E02CE2AA25D870409F6309D188A97B2AA1CFC41D2A136CBFB3D91BAE7D97035FAE4E790C39BA39BD33CF5129977B1B709E068E61CB8F39463886A6AFE0B76C9BEF422E467B9AB1A5E77C18507DD0D6CBFEE06C7776A419EA70FD7FBEE9417B7FC85BEA4ABC41C31DDD7B6D1E4F0EFDF168FB25293D7A1D489A1072EBFE10112421E1AE1D89534DB647928FFBA2E11C2E5E85B9248FB470BC26CDAAD328341F3A5E54170FD65906DFAFA51C4F9BD962B19042CD36DA7DCF07F6F8365E26AAB8786750203010001A381AF3081AC300B0603551D0F0404030201C6300F0603551D130101FF040530030101FF301D0603551D0E04160414DAED6474149C143CABDD99A9BD5B284D8B3CC9D830420603551D1F043B30393037A035A0338631687474703A2F2F63726C2E7573657274727573742E636F6D2F55544E2D5553455246697273742D4F626A6563742E63726C30290603551D250422302006082B0601050507030306082B06010505070308060A2B0601040182370A0304300D06092A864886F70D01010505000382010100081F52B1374478DBFDCEB9DA959698AA556480B55A40DD21A5C5C1F35F2C4CC8475A69EAE8F03535F4D025F3C8A6A4874ABD1BB17308BDD4C3CAB635BB59867731CDA78014AE13EFFCB148F96B25252D51B62C6D45C198C88A565D3EEE434E3E6B278ED03A4B850B5FD3ED6AA775CBD15A872F3975135A72B002819FBEF00F845420626C69D4E14DC60D9943010D12968C789DBF50A2B144AA6ACF177ACF6F0FD4F824555FF0341649663E5046C96371383162B862B9F353AD6CB52BA212AA194F09DA5EE793C68E1408FEF0308018A086854DC87DD78B03FE6ED5F79D16AC922CA023E59C91521F94DF179473C3B3C1C17105200078BD13521DA83ECD001FC8
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
040000000100000010000000324A4BBBC863699BBE749AC6DD1D46240F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A190000000100000010000000FD960962AC6938E0D4B0769AA1A64E262000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Blob
190000000100000010000000E843AC3B52EC8C297FA948C9B1FB2819030000000100000014000000E12DFB4B41D7D9C32B30514BAC1D81D8385E2D461D0000000100000010000000F919B9CCCE1E59C2E785F7DC2CCF6708140000000100000014000000DAED6474149C143CABDD99A9BD5B284D8B3CC9D86200000001000000200000006FFF78E400A70C11011CD85977C459FB5AF96A3DF0540820D0F4B8607875E58F090000000100000022000000302006082B0601050507030306082B06010505070308060A2B0601040182370A03040B000000010000002A0000005300650063007400690067006F0020002800550054004E0020004F0062006A00650063007400290000000F0000000100000014000000F45A0858C9CD920E647BAD539AB9F1CFC77F24CB20000000010000006A040000308204663082034EA003020102021044BE0C8B500024B411D3362DE0B35F1B300D06092A864886F70D0101050500308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A656374301E170D3939303730393138333132305A170D3139303730393138343033365A308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A65637430820122300D06092A864886F70D01010105000382010F003082010A0282010100CEAA813FA3A36178AA31005595119E270F1F1CDF3A9B826830C04A611DF12F0EFABE79F7A523EF55519684CDDBE3B96E3E31D80A2067C7F4D9BF94EB47043E02CE2AA25D870409F6309D188A97B2AA1CFC41D2A136CBFB3D91BAE7D97035FAE4E790C39BA39BD33CF5129977B1B709E068E61CB8F39463886A6AFE0B76C9BEF422E467B9AB1A5E77C18507DD0D6CBFEE06C7776A419EA70FD7FBEE9417B7FC85BEA4ABC41C31DDD7B6D1E4F0EFDF168FB25293D7A1D489A1072EBFE10112421E1AE1D89534DB647928FFBA2E11C2E5E85B9248FB470BC26CDAAD328341F3A5E54170FD65906DFAFA51C4F9BD962B19042CD36DA7DCF07F6F8365E26AAB8786750203010001A381AF3081AC300B0603551D0F0404030201C6300F0603551D130101FF040530030101FF301D0603551D0E04160414DAED6474149C143CABDD99A9BD5B284D8B3CC9D830420603551D1F043B30393037A035A0338631687474703A2F2F63726C2E7573657274727573742E636F6D2F55544E2D5553455246697273742D4F626A6563742E63726C30290603551D250422302006082B0601050507030306082B06010505070308060A2B0601040182370A0304300D06092A864886F70D01010505000382010100081F52B1374478DBFDCEB9DA959698AA556480B55A40DD21A5C5C1F35F2C4CC8475A69EAE8F03535F4D025F3C8A6A4874ABD1BB17308BDD4C3CAB635BB59867731CDA78014AE13EFFCB148F96B25252D51B62C6D45C198C88A565D3EEE434E3E6B278ED03A4B850B5FD3ED6AA775CBD15A872F3975135A72B002819FBEF00F845420626C69D4E14DC60D9943010D12968C789DBF50A2B144AA6ACF177ACF6F0FD4F824555FF0341649663E5046C96371383162B862B9F353AD6CB52BA212AA194F09DA5EE793C68E1408FEF0308018A086854DC87DD78B03FE6ED5F79D16AC922CA023E59C91521F94DF179473C3B3C1C17105200078BD13521DA83ECD001FC8
2244
MaiarUpdate.exe
write
HKEY_CURRENT_USER\Software\Elrond\Update\proxy
source
auto
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
omaha_version
0000610003000100
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Booleans
is_system_install
01000000
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_main
0300000000000000
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Counts
goopdate_constructor
0300000000000000
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_sp_major_version
0100000000000000
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_minor_version
0100000000000000
2244
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\UsageStats\Daily\Integers
windows_major_version
0600000000000000
2324
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
usagestats
1
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{16689398-5F71-4360-AEDE-B3F243677B26}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" testsource="auto" requestid="{16689398-5F71-4360-AEDE-B3F243677B26}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{16689398-5F71-4360-AEDE-B3F243677B26}
PersistedPingTime
131997528491687187
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{16689398-5F71-4360-AEDE-B3F243677B26}
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
3
2572
MaiarUpdate.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2572
MaiarUpdate.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Elrond\Update\proxy
source
auto
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
ping_freshness
{65D919E4-F9C9-4C0A-98CD-15EAE5EE31EB}
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
4
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528523718437
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
4294967295
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
0
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
5
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528531999687
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
7
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
2
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
37456
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
3
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
34666
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
5
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
33305
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
7
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
32414
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
9
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
31483
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
10
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
30641
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
12
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
29966
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
14
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
28192
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
15
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
27414
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
17
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
27031
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
19
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
26539
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
21
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
25785
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
22
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
25207
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
24
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
24628
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
26
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
24050
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
28
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
23549
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
29
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
22969
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
31
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
22389
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
33
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
21736
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
35
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
21158
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
36
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
20580
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
38
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
20001
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
40
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
19348
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
41
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
19033
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
43
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
18266
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
45
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
17688
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
47
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
17109
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
48
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
16531
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
50
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
16006
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
52
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
15374
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
54
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
14845
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
55
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
14116
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
57
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
13639
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
59
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
13061
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
60
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
12482
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
62
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
11944
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
64
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
11326
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
66
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
10783
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
67
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
10203
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
69
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
9528
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
71
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
8978
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
73
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
8401
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
74
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
7830
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
76
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
7253
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
78
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
6677
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
79
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
6097
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
81
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
5506
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
83
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
4964
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
85
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
4385
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
86
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
4160
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
88
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
3551
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
89
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
2943
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
91
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
2342
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
93
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
1725
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
95
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
1120
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
96
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
507
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
98
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadTimeRemainingMs
0
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
DownloadProgressPercent
100
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://downloads.maiar.com/static/media/build/Maiar/stable/win/79164841066596/72.0.59.100.exe" downloaded="60640728" total="60640728" download_time_ms="36531"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528902624687
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://downloads.maiar.com/static/media/build/Maiar/stable/win/79164841066596/72.0.59.100.exe" downloaded="60640728" total="60640728" download_time_ms="36531"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528903249687
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" userid="{C8D427DB-8E06-44BB-A2FA-63D064334699}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://downloads.maiar.com/static/media/build/Maiar/stable/win/79164841066596/72.0.59.100.exe" downloaded="60640728" total="60640728" download_time_ms="36531"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="6" eventresult="1" errorcode="0" extracode1="0"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528909187187
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
lang
en
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
brand
GGLS
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
InstallTime
1555279290
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
DayOfInstall
4486
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
DayOfLastActivity
4294967295
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
DayOfLastRollCall
4294967295
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
usagestats
1
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
InstallTimeRemainingMs
4294967295
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
InstallProgressPercent
4294967295
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
13
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientStateMedium\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\uid
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.97.0" shell_version="1.3.97.0" ismachine="1" sessionid="{7A85D6ED-98EB-413F-B2AE-E06EBDB83FCE}" installsource="taggedmi" testsource="auto" requestid="{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" version="" nextversion="72.0.59.100" lang="en" brand="" client="" installage="-1" installdate="-1"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://downloads.maiar.com/static/media/build/Maiar/stable/win/79164841066596/72.0.59.100.exe" downloaded="60640728" total="60640728" download_time_ms="36531"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="6" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="2" eventresult="0" errorcode="-2147219199" extracode1="-2147024680" source_url_index="0" update_check_time_ms="3141" download_time_ms="37094" downloaded="60640728" total="60640728" install_time_ms="297"/></app></request>
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
PersistedPingTime
131997528912624687
2572
MaiarUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\ClientState\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}\CurrentState
StateValue
17
2572
MaiarUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Elrond\Update\PersistedPings\{24E686BA-5161-4DBA-978E-CC5DBACFBEE3}
3360
MaiarUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3360
MaiarUpdate.exe
write
HKEY_CURRENT_USER\Software\Elrond\Update\proxy
source
auto

Files activity

Executable files
218
Suspicious files
45
Text files
129
Unknown types
14

Dropped files

PID
Process
Filename
Type
2956
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 194668.crdownload
executable
MD5: 7b9671015b8a773bd3c9b82c3713cead
SHA256: 6fa488790ca99895d2c6162d62a897f027fc9111622c99a57ad5cd142e75976c
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_fil.dll
executable
MD5: 2e926e9abb5f4a97329477cc69b40833
SHA256: 336161a4de45cc53477fca2c62c50fe9f18ce7fb9ebea7f746a7e33f580604f7
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ru.dll
executable
MD5: e9d6ce1dee21512f35f8d4116eb8cc12
SHA256: ebc09a9d30168aee944411edda304c95d5875eeba4534e03202f2ba57c6e1782
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_fa.dll
executable
MD5: 4b8949efb9f7bc4588bc26c0ad4c49dc
SHA256: 0137dce54858eeb5944b32b0ae95f85db1e97cd52435afd71ea31da7b5f19dc7
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_pt-BR.dll
executable
MD5: 518abdd21d9efcd9c0e6e7f55c477cde
SHA256: 5bf95e25d1b31aaab902aa9ff686fe7a9a3122ab1575479c3cc238b0684a7d05
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ml.dll
executable
MD5: 776194ddb39dcf26de9dd46ceafd7113
SHA256: dba0f7e7b33c40ce3245c895418f4ffc29527e7caa1bd8594d0dd9cec350b88e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_te.dll
executable
MD5: 34be8d48ea146b9937c388bb4729d5a5
SHA256: f5c3cc9591e6b16a4f300c5bd01f2e0a7bff2981dba58b42bd610f1a4aa2867e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_et.dll
executable
MD5: f9a7ebc00e06097155cd76b24cb6456b
SHA256: 4e0077dd0da58cb89f9e09d3f0d557d824af9fbcad7bbdddc3c4ee33464c98e8
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_lv.dll
executable
MD5: 0c3596de5449345ebabf1982536ef76d
SHA256: 138118f58bcced1853c1c394b8aed93d995f951586d3e5dbf3df3a02d67158ae
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_es-419.dll
executable
MD5: 778bf5e7ca4c944a5d99201db50101b7
SHA256: e85eac1c6683937c0eb28af1478d0f9688c88f8ce2d96f592d07566a55c9c3f5
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ta.dll
executable
MD5: f95436ecec12521977f523beeb462537
SHA256: ba78f9574f56b8eb9505e180338d696cfbe1edb3540d77ed8e81caeb8a203259
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_es.dll
executable
MD5: ea00525f26c1aef113de12a372ae8991
SHA256: f88a94696b9d56dfdf321487885637102d14647e7d8a0760debca367890e1845
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_de.dll
executable
MD5: 8f7e6b95c5c5446256d7bbbc0c6f9950
SHA256: 1a8b65e0507e3b14ba88b48e3384571d6e80fda0d157a74e8547b35432078e91
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_vi.dll
executable
MD5: ea3962bbf7d26e8ac70d871b6c37c5bc
SHA256: 146fce52b3d3d4ee2e8367eecdec2ca56259dbe02f55602df7c0ab3d6dd27cdc
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_sv.dll
executable
MD5: c5f8dddf171e0e4ec336d0993ebac2ba
SHA256: c41658ea7878a9ca3fec0f53091152c8d49c53ae752dc46c4f962b64a3cbbb0e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_en.dll
executable
MD5: 0cbfebabc123a5fe0769880df89bdf92
SHA256: 2ecd68759940f1a576847124794101b15a0bbe382cfd78ab00869d48c8edba08
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_da.dll
executable
MD5: da5eaf971d5c5679b96e5787b16df202
SHA256: e53815c06e9aeb36cbfc4c479ed1eff98d1f45354c6567c2ec0db9401498b7e2
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_kn.dll
executable
MD5: 2ecadf52d7dce01b61d9835dc5d32d1a
SHA256: 7a68a20cc317ad7977087c91f8be6cd1359a40ddc0bf014d9f469b194698f30e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_mr.dll
executable
MD5: cacb8de05490ea56615138579719a86b
SHA256: 69adb00939894af0833a74d30e432ebbc34f09acd0d8f082946649bfc9431f49
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_el.dll
executable
MD5: 0fa04cfd0a5b30835e2c68a52d9d7e0c
SHA256: 5c49ace5d902a92e384c73bc9223e6c8289c346d11cbd25a011e22030641884a
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_fr.dll
executable
MD5: 862f3f6d1ed2ffc1d3c4b980f986074d
SHA256: 2d8dcb18fc7803111b2315a9392d5b28d19b21e39fc085158feca2b9ac01034e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_sr.dll
executable
MD5: 7b5368fe0231b156355f127a49db82ca
SHA256: 7892e6505118dc03ed880a1f0d49d267a1867c107da9dac0a7fb377428de11c3
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_it.dll
executable
MD5: cb7953fb365bc15c82fc5604947d6801
SHA256: d1fdccc1ca85a03b9c0e997446a92da40db21c41ee217b559c62be9c87a6b9f5
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_fi.dll
executable
MD5: ec27199ae0eb25e8db62e456454b4b5c
SHA256: b3c6a1c6e730f994c7cb21fa46568ff24af35ad14c47f5145e3f6589de4cbcc7
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_hi.dll
executable
MD5: 34190b057fed81df178d82f2da2b0e43
SHA256: b463f5f68ef88b7ef9f5ae9aa6d8ff909297a4acddc7695820d10ef3c063bd29
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_pl.dll
executable
MD5: b156cb612c9c5311747e1fbf8031a6bf
SHA256: 15b8257633e216521d72d3741cc46fbeff40dfefb8f2c2d74f25c2e063438a6b
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_pt-PT.dll
executable
MD5: 987686a00c7622b6c84726bbfc15f477
SHA256: 5351eed0f4cf9f0c8a32bcb7526af83303bf2f0c6de97aeaf56310808aa892a6
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_en-GB.dll
executable
MD5: 366a9de7936e007204ea8fc7ecb90e26
SHA256: 238344f4667dc462a258b8bcf74651b79916c6591d02a11eae4da32917a672bf
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_lv.dll
executable
MD5: 0c3596de5449345ebabf1982536ef76d
SHA256: 138118f58bcced1853c1c394b8aed93d995f951586d3e5dbf3df3a02d67158ae
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_zh-CN.dll
executable
MD5: 3d3e0f2d66a1a6e003e5d08ee36b284b
SHA256: f54e5bc472403e2e16d7106fa8977473efe3a6e565ee7c3289ae9e06136c2a5b
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_hr.dll
executable
MD5: 8c09524b89aea2ba4a8e9256535ec803
SHA256: b628c5671c04b71a4d66366761645c413cbffc9199baf60045a74e5398abb740
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateCore.exe
executable
MD5: 66811181713f11992ded589a87bc3fc4
SHA256: 25de8e1bd5e6074832982fe847a7783efbaf31204a6c2398f5152cd062f06bf6
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_iw.dll
executable
MD5: 9504e369e2da447e26b6687437a67459
SHA256: b2b725d26bcb3b80746e3d7cc28f74883a10c8047fe41697fba1d617767266b7
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_sw.dll
executable
MD5: 813b2602cb54cb0bdedd77bce2cb2fa1
SHA256: 7d72970852d4e9b9f85a5959309b36cbc91d6079ca71e89a6c8dc04bfc00d1de
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ja.dll
executable
MD5: 950b71a27dd86b7e8a8331b0f0e4e527
SHA256: ad1118b66012b73fdb53194accadec10c46b686fa526e522d3f577d8730372e4
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_am.dll
executable
MD5: 62688a461e00771e6ade6189da7924ba
SHA256: 1c650aacded8e9be485842f0f781912ba0e50364534c46408d465ebc0c6e6dc0
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_id.dll
executable
MD5: fbad4ff67df41903fc1e06274f221b8b
SHA256: f440df6a6e23228c6fac5af9073338c47daa67ac2450f5fce2ce43f7c4e41408
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_id.dll
executable
MD5: fbad4ff67df41903fc1e06274f221b8b
SHA256: f440df6a6e23228c6fac5af9073338c47daa67ac2450f5fce2ce43f7c4e41408
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ur.dll
executable
MD5: fa9f8a46f5889a3291b34310a593c997
SHA256: 340d97f3b8bb2e975ef6f7399aee273b0d98db6a349ca194b32a83b7326d3d7a
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarCrashHandler.exe
executable
MD5: 34f3e7d519016f47b3d87e109e4064dc
SHA256: df0c06e47e9688ef092d1ac7b79d39914a43b54b31a09f533baacacbbc338438
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_kn.dll
executable
MD5: 2ecadf52d7dce01b61d9835dc5d32d1a
SHA256: 7a68a20cc317ad7977087c91f8be6cd1359a40ddc0bf014d9f469b194698f30e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ro.dll
executable
MD5: a3eee6cffdf88f1cf3a307c99aacbbf0
SHA256: 7d699e56be151031cedaeed5f75d233fb92e29676ccd68b7d203fc17f1f8f7f5
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ms.dll
executable
MD5: e3559d6a66d40e70570d0f5b4c0b223a
SHA256: 9b5ef6fe9050f508646128fdcd723eca1336a5207ef3dc61a4f61b009e0d99d8
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarCrashHandler64.exe
executable
MD5: a2e0af6f66c9ebb870b3b7552d0ddeb8
SHA256: becfe6fe15657bd6e7ce456c318aa61589d8e6c150430d3e96d37187b4e62184
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_gu.dll
executable
MD5: cb3cae9454364255751a7064e7af5be5
SHA256: 958b57ce088e8289a2d71e9f692318f307115fc3fdbc23fe0ecf5d5d9c699b0f
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_th.dll
executable
MD5: f5dc4f923b21a4a01c509ad6f02b3ee3
SHA256: 8bec853023bf4a1f62dcc98e14348a6f0b7afaef20dfd13dabb08ca75c7d1746
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_hu.dll
executable
MD5: a9485fa4adc57199b6a90fc92d44166b
SHA256: 3ea98ae943aaae9781fa898894c114fe9a88778bb48a645a39cc463bdc919651
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_bn.dll
executable
MD5: d80aa53210d1ba5020b6c5daa618e057
SHA256: 8843e748d561bc4b64ba77144ff92f908b37d4d3eccdea35b2eac7f3691adc55
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_is.dll
executable
MD5: 31f6b68cbf42a004784568653dc725d5
SHA256: 7d728b35367e3817ab2a3029e0649e9b1ed9cac642f083ad0b449bdc6226f06e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_uk.dll
executable
MD5: b565a2382a6e7aced2b91f0135c07022
SHA256: 6ef94d8fc3c717914a41adfed2bd0659955772b8d84dcc6c0759dc67c5884b1b
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_iw.dll
executable
MD5: 9504e369e2da447e26b6687437a67459
SHA256: b2b725d26bcb3b80746e3d7cc28f74883a10c8047fe41697fba1d617767266b7
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ca.dll
executable
MD5: 743506fc59a389aa9a2bd5e8d2702066
SHA256: abc481f711ad862f43b745b74cd5a84bb0c77d2214105ac91e2bd6f12a8c2bc7
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_hu.dll
executable
MD5: a9485fa4adc57199b6a90fc92d44166b
SHA256: 3ea98ae943aaae9781fa898894c114fe9a88778bb48a645a39cc463bdc919651
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_no.dll
executable
MD5: 24f655881cc233dd203af14b96963fa7
SHA256: 9fe2a1e843d47d4307f52f6eed3f839c160e0d014fcd2c0af28818a690037843
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_sk.dll
executable
MD5: 7e1b414399f195ea8648068ca682f348
SHA256: 8750edbe14310fc981e2263297acc947582e6d3ec95c64fe976c93d4602c60ed
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdate.dll
executable
MD5: bde15df787fbfb17f71137fd3643007b
SHA256: 7866c66c129268567b61698df17797bbe544cac966650020ff1d5ca58d90247c
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_lt.dll
executable
MD5: e4cea4246725db645958c678fffecf81
SHA256: f5008c789a09a8c617da02a7752345879282213649f802c56f1182586ae40b72
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_sl.dll
executable
MD5: 7d21187448f20a9bf70d60d3a98c66d2
SHA256: 9f0d6e7d9aea16fb4bb7ab205e7c788549718f7e4e5c383e043c8078c435ced1
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_is.dll
executable
MD5: 31f6b68cbf42a004784568653dc725d5
SHA256: 7d728b35367e3817ab2a3029e0649e9b1ed9cac642f083ad0b449bdc6226f06e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_bg.dll
executable
MD5: f3816efc09dec644ba36caaa364afd46
SHA256: 183f929a2b069063fbb27b385b60f185ef77095e86175b2537a0fe31d60dd59f
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_hr.dll
executable
MD5: 8c09524b89aea2ba4a8e9256535ec803
SHA256: b628c5671c04b71a4d66366761645c413cbffc9199baf60045a74e5398abb740
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ko.dll
executable
MD5: 796eef8ce857344a247cf6181eefe7f9
SHA256: 9c8d8841b22e9f7bb795bd56463bdf7e2d618b3b16465a162f5a428225ba4c6d
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\psmachine.dll
executable
MD5: af836d08102481ae912b669d22447b7b
SHA256: 6d20ddcce1ed4d770ad43e13397a2a7e45352f735f4b9ee7dcb09c3dd6492b39
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ar.dll
executable
MD5: 058d64078386089409159eee35ed4049
SHA256: 3821e0bf8a85d0c6c8a9c1b192599b667a74d00a4718a40d4027e65de04d6658
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ja.dll
executable
MD5: 950b71a27dd86b7e8a8331b0f0e4e527
SHA256: ad1118b66012b73fdb53194accadec10c46b686fa526e522d3f577d8730372e4
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_tr.dll
executable
MD5: bb932d11693737f159f7c3c8ee16a6e0
SHA256: 48662075117472d971cdfe6d3a1bfcc1b1841c29682cc496d8fb027e9c5f07be
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\psmachine_64.dll
executable
MD5: 5b2c7c72e10dc0b6a47d9c989ccb8905
SHA256: ba5de695095d7841cddc4c69167d21ebefd9ed9e5114d3503e0d249a85921f21
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdate.exe
executable
MD5: 020584dbf4bef4e70c5bf55998f1290e
SHA256: ad15cae470ddef6053fc3dfd78fa90242de8866a9804e91400277be383769e4f
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_it.dll
executable
MD5: cb7953fb365bc15c82fc5604947d6801
SHA256: d1fdccc1ca85a03b9c0e997446a92da40db21c41ee217b559c62be9c87a6b9f5
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_lt.dll
executable
MD5: e4cea4246725db645958c678fffecf81
SHA256: f5008c789a09a8c617da02a7752345879282213649f802c56f1182586ae40b72
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateComRegisterShell64.exe
executable
MD5: 0d76c5a8bde1f2fd04e6c2f8e94ea79c
SHA256: d0cbebfd783e4e6ba3ec7ab81a8fd44fb7f60d62b8b803acdfabd13ee4e1efff
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateComRegisterShell64.exe
executable
MD5: 0d76c5a8bde1f2fd04e6c2f8e94ea79c
SHA256: d0cbebfd783e4e6ba3ec7ab81a8fd44fb7f60d62b8b803acdfabd13ee4e1efff
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ko.dll
executable
MD5: 796eef8ce857344a247cf6181eefe7f9
SHA256: 9c8d8841b22e9f7bb795bd56463bdf7e2d618b3b16465a162f5a428225ba4c6d
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_nl.dll
executable
MD5: e4cc161606f7a16960c3b88c617a06df
SHA256: 773a797e067718682c8e0721de66958420ba84d7bc02098638066264a66d8d53
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarCrashHandler64.exe
executable
MD5: a2e0af6f66c9ebb870b3b7552d0ddeb8
SHA256: becfe6fe15657bd6e7ce456c318aa61589d8e6c150430d3e96d37187b4e62184
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_uk.dll
executable
MD5: b565a2382a6e7aced2b91f0135c07022
SHA256: 6ef94d8fc3c717914a41adfed2bd0659955772b8d84dcc6c0759dc67c5884b1b
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_pl.dll
executable
MD5: b156cb612c9c5311747e1fbf8031a6bf
SHA256: 15b8257633e216521d72d3741cc46fbeff40dfefb8f2c2d74f25c2e063438a6b
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateSetup.exe
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\psuser_64.dll
executable
MD5: 86f090d895fc699deceff8b09e7d1040
SHA256: 58dae76c09563855c8edbf65d4c2034e65c4071b3fac81c534dc5b159c5eb930
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_vi.dll
executable
MD5: ea3962bbf7d26e8ac70d871b6c37c5bc
SHA256: 146fce52b3d3d4ee2e8367eecdec2ca56259dbe02f55602df7c0ab3d6dd27cdc
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ml.dll
executable
MD5: 776194ddb39dcf26de9dd46ceafd7113
SHA256: dba0f7e7b33c40ce3245c895418f4ffc29527e7caa1bd8594d0dd9cec350b88e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_zh-TW.dll
executable
MD5: d2e9012bd5e8554ba368a27caa880932
SHA256: 60aff2b60701853715420922172368ca11df03e6767ab645c3f86ffbb60033ba
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateCore.exe
executable
MD5: 66811181713f11992ded589a87bc3fc4
SHA256: 25de8e1bd5e6074832982fe847a7783efbaf31204a6c2398f5152cd062f06bf6
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ur.dll
executable
MD5: fa9f8a46f5889a3291b34310a593c997
SHA256: 340d97f3b8bb2e975ef6f7399aee273b0d98db6a349ca194b32a83b7326d3d7a
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_mr.dll
executable
MD5: cacb8de05490ea56615138579719a86b
SHA256: 69adb00939894af0833a74d30e432ebbc34f09acd0d8f082946649bfc9431f49
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdate.dll
executable
MD5: bde15df787fbfb17f71137fd3643007b
SHA256: 7866c66c129268567b61698df17797bbe544cac966650020ff1d5ca58d90247c
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\psuser.dll
executable
MD5: dd188ba0a23600d3fa1b57ba09c4845f
SHA256: e4c92e99b8ee422db639ddf809653b26566e13c2c89e307cecfbff98d6e0146a
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_te.dll
executable
MD5: 34be8d48ea146b9937c388bb4729d5a5
SHA256: f5c3cc9591e6b16a4f300c5bd01f2e0a7bff2981dba58b42bd610f1a4aa2867e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ro.dll
executable
MD5: a3eee6cffdf88f1cf3a307c99aacbbf0
SHA256: 7d699e56be151031cedaeed5f75d233fb92e29676ccd68b7d203fc17f1f8f7f5
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateHelper.msi
executable
MD5: 84c36af6f17ea78f51ccd9226e1b93c4
SHA256: 5b69a712c0860e81876ae0f813895e3c8372bf83d895bd0b88e5330dfe25e33e
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_en.dll
executable
MD5: 0cbfebabc123a5fe0769880df89bdf92
SHA256: 2ecd68759940f1a576847124794101b15a0bbe382cfd78ab00869d48c8edba08
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_th.dll
executable
MD5: f5dc4f923b21a4a01c509ad6f02b3ee3
SHA256: 8bec853023bf4a1f62dcc98e14348a6f0b7afaef20dfd13dabb08ca75c7d1746
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_pt-PT.dll
executable
MD5: 987686a00c7622b6c84726bbfc15f477
SHA256: 5351eed0f4cf9f0c8a32bcb7526af83303bf2f0c6de97aeaf56310808aa892a6
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdate.exe
executable
MD5: 020584dbf4bef4e70c5bf55998f1290e
SHA256: ad15cae470ddef6053fc3dfd78fa90242de8866a9804e91400277be383769e4f
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_cs.dll
executable
MD5: c0a060ff9326ce4b3516d04687aeda22
SHA256: 89604ab2f23ef53f798e2a3c3f9a11a8a2605dc4229e3180c00c871f7d6da6a9
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_tr.dll
executable
MD5: bb932d11693737f159f7c3c8ee16a6e0
SHA256: 48662075117472d971cdfe6d3a1bfcc1b1841c29682cc496d8fb027e9c5f07be
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_sw.dll
executable
MD5: 813b2602cb54cb0bdedd77bce2cb2fa1
SHA256: 7d72970852d4e9b9f85a5959309b36cbc91d6079ca71e89a6c8dc04bfc00d1de
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\npMaiarUpdate3.dll
executable
MD5: bf96f2ef043c85a5ba8ffa6a92b8c6bf
SHA256: 0c55025fe41fff9ea4d722cdeec3b53df7f8e29afc050097512c03cf343687ea
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_am.dll
executable
MD5: 62688a461e00771e6ade6189da7924ba
SHA256: 1c650aacded8e9be485842f0f781912ba0e50364534c46408d465ebc0c6e6dc0
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_zh-CN.dll
executable
MD5: 3d3e0f2d66a1a6e003e5d08ee36b284b
SHA256: f54e5bc472403e2e16d7106fa8977473efe3a6e565ee7c3289ae9e06136c2a5b
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ms.dll
executable
MD5: e3559d6a66d40e70570d0f5b4c0b223a
SHA256: 9b5ef6fe9050f508646128fdcd723eca1336a5207ef3dc61a4f61b009e0d99d8
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarCrashHandler.exe
executable
MD5: 34f3e7d519016f47b3d87e109e4064dc
SHA256: df0c06e47e9688ef092d1ac7b79d39914a43b54b31a09f533baacacbbc338438
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_gu.dll
executable
MD5: cb3cae9454364255751a7064e7af5be5
SHA256: 958b57ce088e8289a2d71e9f692318f307115fc3fdbc23fe0ecf5d5d9c699b0f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateSetup.exe
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_nl.dll
executable
MD5: e4cc161606f7a16960c3b88c617a06df
SHA256: 773a797e067718682c8e0721de66958420ba84d7bc02098638066264a66d8d53
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateOnDemand.exe
executable
MD5: d1a91adc56b784dd7c0ee61d671724b9
SHA256: 166819d8d543272c87c8ec8c6b82c781b8ec8305175824187b22c0fa840b4985
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_et.dll
executable
MD5: f9a7ebc00e06097155cd76b24cb6456b
SHA256: 4e0077dd0da58cb89f9e09d3f0d557d824af9fbcad7bbdddc3c4ee33464c98e8
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_zh-TW.dll
executable
MD5: d2e9012bd5e8554ba368a27caa880932
SHA256: 60aff2b60701853715420922172368ca11df03e6767ab645c3f86ffbb60033ba
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_pt-BR.dll
executable
MD5: 518abdd21d9efcd9c0e6e7f55c477cde
SHA256: 5bf95e25d1b31aaab902aa9ff686fe7a9a3122ab1575479c3cc238b0684a7d05
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateBroker.exe
executable
MD5: 0e946ff02c2ae544661b0f4a3f6f7305
SHA256: 61971c98d73b9a65a5227aa7f50616a54284fec8adf64e4ea4b1c0ad4854110f
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_fr.dll
executable
MD5: 862f3f6d1ed2ffc1d3c4b980f986074d
SHA256: 2d8dcb18fc7803111b2315a9392d5b28d19b21e39fc085158feca2b9ac01034e
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ta.dll
executable
MD5: f95436ecec12521977f523beeb462537
SHA256: ba78f9574f56b8eb9505e180338d696cfbe1edb3540d77ed8e81caeb8a203259
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_sk.dll
executable
MD5: 7e1b414399f195ea8648068ca682f348
SHA256: 8750edbe14310fc981e2263297acc947582e6d3ec95c64fe976c93d4602c60ed
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_en.dll
executable
MD5: 0cbfebabc123a5fe0769880df89bdf92
SHA256: 2ecd68759940f1a576847124794101b15a0bbe382cfd78ab00869d48c8edba08
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_es-419.dll
executable
MD5: 778bf5e7ca4c944a5d99201db50101b7
SHA256: e85eac1c6683937c0eb28af1478d0f9688c88f8ce2d96f592d07566a55c9c3f5
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_sv.dll
executable
MD5: c5f8dddf171e0e4ec336d0993ebac2ba
SHA256: c41658ea7878a9ca3fec0f53091152c8d49c53ae752dc46c4f962b64a3cbbb0e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ru.dll
executable
MD5: e9d6ce1dee21512f35f8d4116eb8cc12
SHA256: ebc09a9d30168aee944411edda304c95d5875eeba4534e03202f2ba57c6e1782
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ca.dll
executable
MD5: 743506fc59a389aa9a2bd5e8d2702066
SHA256: abc481f711ad862f43b745b74cd5a84bb0c77d2214105ac91e2bd6f12a8c2bc7
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_da.dll
executable
MD5: da5eaf971d5c5679b96e5787b16df202
SHA256: e53815c06e9aeb36cbfc4c479ed1eff98d1f45354c6567c2ec0db9401498b7e2
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ml.dll
executable
MD5: 776194ddb39dcf26de9dd46ceafd7113
SHA256: dba0f7e7b33c40ce3245c895418f4ffc29527e7caa1bd8594d0dd9cec350b88e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_sv.dll
executable
MD5: c5f8dddf171e0e4ec336d0993ebac2ba
SHA256: c41658ea7878a9ca3fec0f53091152c8d49c53ae752dc46c4f962b64a3cbbb0e
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_am.dll
executable
MD5: 62688a461e00771e6ade6189da7924ba
SHA256: 1c650aacded8e9be485842f0f781912ba0e50364534c46408d465ebc0c6e6dc0
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_bg.dll
executable
MD5: f3816efc09dec644ba36caaa364afd46
SHA256: 183f929a2b069063fbb27b385b60f185ef77095e86175b2537a0fe31d60dd59f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_lv.dll
executable
MD5: 0c3596de5449345ebabf1982536ef76d
SHA256: 138118f58bcced1853c1c394b8aed93d995f951586d3e5dbf3df3a02d67158ae
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_sl.dll
executable
MD5: 7d21187448f20a9bf70d60d3a98c66d2
SHA256: 9f0d6e7d9aea16fb4bb7ab205e7c788549718f7e4e5c383e043c8078c435ced1
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\psuser.dll
executable
MD5: dd188ba0a23600d3fa1b57ba09c4845f
SHA256: e4c92e99b8ee422db639ddf809653b26566e13c2c89e307cecfbff98d6e0146a
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_fa.dll
executable
MD5: 4b8949efb9f7bc4588bc26c0ad4c49dc
SHA256: 0137dce54858eeb5944b32b0ae95f85db1e97cd52435afd71ea31da7b5f19dc7
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_sw.dll
executable
MD5: 813b2602cb54cb0bdedd77bce2cb2fa1
SHA256: 7d72970852d4e9b9f85a5959309b36cbc91d6079ca71e89a6c8dc04bfc00d1de
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ta.dll
executable
MD5: f95436ecec12521977f523beeb462537
SHA256: ba78f9574f56b8eb9505e180338d696cfbe1edb3540d77ed8e81caeb8a203259
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_bn.dll
executable
MD5: d80aa53210d1ba5020b6c5daa618e057
SHA256: 8843e748d561bc4b64ba77144ff92f908b37d4d3eccdea35b2eac7f3691adc55
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_es.dll
executable
MD5: ea00525f26c1aef113de12a372ae8991
SHA256: f88a94696b9d56dfdf321487885637102d14647e7d8a0760debca367890e1845
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_sr.dll
executable
MD5: 7b5368fe0231b156355f127a49db82ca
SHA256: 7892e6505118dc03ed880a1f0d49d267a1867c107da9dac0a7fb377428de11c3
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_no.dll
executable
MD5: 24f655881cc233dd203af14b96963fa7
SHA256: 9fe2a1e843d47d4307f52f6eed3f839c160e0d014fcd2c0af28818a690037843
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarCrashHandler64.exe
executable
MD5: a2e0af6f66c9ebb870b3b7552d0ddeb8
SHA256: becfe6fe15657bd6e7ce456c318aa61589d8e6c150430d3e96d37187b4e62184
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateWebPlugin.exe
executable
MD5: 4f0e1b1409cd41d5397f66589c3122f8
SHA256: 535c822b4bde312cdddf2e1acd691fca4c3cc31c076a23d71b88fb77a0df988c
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_pt-PT.dll
executable
MD5: 987686a00c7622b6c84726bbfc15f477
SHA256: 5351eed0f4cf9f0c8a32bcb7526af83303bf2f0c6de97aeaf56310808aa892a6
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_sr.dll
executable
MD5: 7b5368fe0231b156355f127a49db82ca
SHA256: 7892e6505118dc03ed880a1f0d49d267a1867c107da9dac0a7fb377428de11c3
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_el.dll
executable
MD5: 0fa04cfd0a5b30835e2c68a52d9d7e0c
SHA256: 5c49ace5d902a92e384c73bc9223e6c8289c346d11cbd25a011e22030641884a
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_hi.dll
executable
MD5: 34190b057fed81df178d82f2da2b0e43
SHA256: b463f5f68ef88b7ef9f5ae9aa6d8ff909297a4acddc7695820d10ef3c063bd29
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_nl.dll
executable
MD5: e4cc161606f7a16960c3b88c617a06df
SHA256: 773a797e067718682c8e0721de66958420ba84d7bc02098638066264a66d8d53
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_uk.dll
executable
MD5: b565a2382a6e7aced2b91f0135c07022
SHA256: 6ef94d8fc3c717914a41adfed2bd0659955772b8d84dcc6c0759dc67c5884b1b
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\psmachine_64.dll
executable
MD5: 5b2c7c72e10dc0b6a47d9c989ccb8905
SHA256: ba5de695095d7841cddc4c69167d21ebefd9ed9e5114d3503e0d249a85921f21
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateBroker.exe
executable
MD5: 0e946ff02c2ae544661b0f4a3f6f7305
SHA256: 61971c98d73b9a65a5227aa7f50616a54284fec8adf64e4ea4b1c0ad4854110f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_it.dll
executable
MD5: cb7953fb365bc15c82fc5604947d6801
SHA256: d1fdccc1ca85a03b9c0e997446a92da40db21c41ee217b559c62be9c87a6b9f5
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateHelper.msi
executable
MD5: 84c36af6f17ea78f51ccd9226e1b93c4
SHA256: 5b69a712c0860e81876ae0f813895e3c8372bf83d895bd0b88e5330dfe25e33e
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateWebPlugin.exe
executable
MD5: 4f0e1b1409cd41d5397f66589c3122f8
SHA256: 535c822b4bde312cdddf2e1acd691fca4c3cc31c076a23d71b88fb77a0df988c
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_fi.dll
executable
MD5: ec27199ae0eb25e8db62e456454b4b5c
SHA256: b3c6a1c6e730f994c7cb21fa46568ff24af35ad14c47f5145e3f6589de4cbcc7
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_sl.dll
executable
MD5: 7d21187448f20a9bf70d60d3a98c66d2
SHA256: 9f0d6e7d9aea16fb4bb7ab205e7c788549718f7e4e5c383e043c8078c435ced1
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_ur.dll
executable
MD5: fa9f8a46f5889a3291b34310a593c997
SHA256: 340d97f3b8bb2e975ef6f7399aee273b0d98db6a349ca194b32a83b7326d3d7a
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_de.dll
executable
MD5: 8f7e6b95c5c5446256d7bbbc0c6f9950
SHA256: 1a8b65e0507e3b14ba88b48e3384571d6e80fda0d157a74e8547b35432078e91
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ar.dll
executable
MD5: 058d64078386089409159eee35ed4049
SHA256: 3821e0bf8a85d0c6c8a9c1b192599b667a74d00a4718a40d4027e65de04d6658
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_lt.dll
executable
MD5: e4cea4246725db645958c678fffecf81
SHA256: f5008c789a09a8c617da02a7752345879282213649f802c56f1182586ae40b72
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\psuser_64.dll
executable
MD5: 86f090d895fc699deceff8b09e7d1040
SHA256: 58dae76c09563855c8edbf65d4c2034e65c4071b3fac81c534dc5b159c5eb930
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_cs.dll
executable
MD5: c0a060ff9326ce4b3516d04687aeda22
SHA256: 89604ab2f23ef53f798e2a3c3f9a11a8a2605dc4229e3180c00c871f7d6da6a9
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_de.dll
executable
MD5: 8f7e6b95c5c5446256d7bbbc0c6f9950
SHA256: 1a8b65e0507e3b14ba88b48e3384571d6e80fda0d157a74e8547b35432078e91
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_kn.dll
executable
MD5: 2ecadf52d7dce01b61d9835dc5d32d1a
SHA256: 7a68a20cc317ad7977087c91f8be6cd1359a40ddc0bf014d9f469b194698f30e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_tr.dll
executable
MD5: bb932d11693737f159f7c3c8ee16a6e0
SHA256: 48662075117472d971cdfe6d3a1bfcc1b1841c29682cc496d8fb027e9c5f07be
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\psuser_64.dll
executable
MD5: 86f090d895fc699deceff8b09e7d1040
SHA256: 58dae76c09563855c8edbf65d4c2034e65c4071b3fac81c534dc5b159c5eb930
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\npMaiarUpdate3.dll
executable
MD5: bf96f2ef043c85a5ba8ffa6a92b8c6bf
SHA256: 0c55025fe41fff9ea4d722cdeec3b53df7f8e29afc050097512c03cf343687ea
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_pt-BR.dll
executable
MD5: 518abdd21d9efcd9c0e6e7f55c477cde
SHA256: 5bf95e25d1b31aaab902aa9ff686fe7a9a3122ab1575479c3cc238b0684a7d05
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_te.dll
executable
MD5: 34be8d48ea146b9937c388bb4729d5a5
SHA256: f5c3cc9591e6b16a4f300c5bd01f2e0a7bff2981dba58b42bd610f1a4aa2867e
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateCore.exe
executable
MD5: 66811181713f11992ded589a87bc3fc4
SHA256: 25de8e1bd5e6074832982fe847a7783efbaf31204a6c2398f5152cd062f06bf6
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_el.dll
executable
MD5: 0fa04cfd0a5b30835e2c68a52d9d7e0c
SHA256: 5c49ace5d902a92e384c73bc9223e6c8289c346d11cbd25a011e22030641884a
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_pl.dll
executable
MD5: b156cb612c9c5311747e1fbf8031a6bf
SHA256: 15b8257633e216521d72d3741cc46fbeff40dfefb8f2c2d74f25c2e063438a6b
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\psuser.dll
executable
MD5: dd188ba0a23600d3fa1b57ba09c4845f
SHA256: e4c92e99b8ee422db639ddf809653b26566e13c2c89e307cecfbff98d6e0146a
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_bg.dll
executable
MD5: f3816efc09dec644ba36caaa364afd46
SHA256: 183f929a2b069063fbb27b385b60f185ef77095e86175b2537a0fe31d60dd59f
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_fil.dll
executable
MD5: 2e926e9abb5f4a97329477cc69b40833
SHA256: 336161a4de45cc53477fca2c62c50fe9f18ce7fb9ebea7f746a7e33f580604f7
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_hr.dll
executable
MD5: 8c09524b89aea2ba4a8e9256535ec803
SHA256: b628c5671c04b71a4d66366761645c413cbffc9199baf60045a74e5398abb740
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_zh-TW.dll
executable
MD5: d2e9012bd5e8554ba368a27caa880932
SHA256: 60aff2b60701853715420922172368ca11df03e6767ab645c3f86ffbb60033ba
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_es.dll
executable
MD5: ea00525f26c1aef113de12a372ae8991
SHA256: f88a94696b9d56dfdf321487885637102d14647e7d8a0760debca367890e1845
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_en-GB.dll
executable
MD5: 366a9de7936e007204ea8fc7ecb90e26
SHA256: 238344f4667dc462a258b8bcf74651b79916c6591d02a11eae4da32917a672bf
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_fr.dll
executable
MD5: 862f3f6d1ed2ffc1d3c4b980f986074d
SHA256: 2d8dcb18fc7803111b2315a9392d5b28d19b21e39fc085158feca2b9ac01034e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_th.dll
executable
MD5: f5dc4f923b21a4a01c509ad6f02b3ee3
SHA256: 8bec853023bf4a1f62dcc98e14348a6f0b7afaef20dfd13dabb08ca75c7d1746
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateComRegisterShell64.exe
executable
MD5: 0d76c5a8bde1f2fd04e6c2f8e94ea79c
SHA256: d0cbebfd783e4e6ba3ec7ab81a8fd44fb7f60d62b8b803acdfabd13ee4e1efff
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateOnDemand.exe
executable
MD5: d1a91adc56b784dd7c0ee61d671724b9
SHA256: 166819d8d543272c87c8ec8c6b82c781b8ec8305175824187b22c0fa840b4985
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ko.dll
executable
MD5: 796eef8ce857344a247cf6181eefe7f9
SHA256: 9c8d8841b22e9f7bb795bd56463bdf7e2d618b3b16465a162f5a428225ba4c6d
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_zh-CN.dll
executable
MD5: 3d3e0f2d66a1a6e003e5d08ee36b284b
SHA256: f54e5bc472403e2e16d7106fa8977473efe3a6e565ee7c3289ae9e06136c2a5b
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_da.dll
executable
MD5: da5eaf971d5c5679b96e5787b16df202
SHA256: e53815c06e9aeb36cbfc4c479ed1eff98d1f45354c6567c2ec0db9401498b7e2
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_ca.dll
executable
MD5: 743506fc59a389aa9a2bd5e8d2702066
SHA256: abc481f711ad862f43b745b74cd5a84bb0c77d2214105ac91e2bd6f12a8c2bc7
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_fi.dll
executable
MD5: ec27199ae0eb25e8db62e456454b4b5c
SHA256: b3c6a1c6e730f994c7cb21fa46568ff24af35ad14c47f5145e3f6589de4cbcc7
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_vi.dll
executable
MD5: ea3962bbf7d26e8ac70d871b6c37c5bc
SHA256: 146fce52b3d3d4ee2e8367eecdec2ca56259dbe02f55602df7c0ab3d6dd27cdc
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\psmachine.dll
executable
MD5: af836d08102481ae912b669d22447b7b
SHA256: 6d20ddcce1ed4d770ad43e13397a2a7e45352f735f4b9ee7dcb09c3dd6492b39
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdateres_bn.dll
executable
MD5: d80aa53210d1ba5020b6c5daa618e057
SHA256: 8843e748d561bc4b64ba77144ff92f908b37d4d3eccdea35b2eac7f3691adc55
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ro.dll
executable
MD5: a3eee6cffdf88f1cf3a307c99aacbbf0
SHA256: 7d699e56be151031cedaeed5f75d233fb92e29676ccd68b7d203fc17f1f8f7f5
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\MaiarUpdate.exe
executable
MD5: 020584dbf4bef4e70c5bf55998f1290e
SHA256: ad15cae470ddef6053fc3dfd78fa90242de8866a9804e91400277be383769e4f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_en-GB.dll
executable
MD5: 366a9de7936e007204ea8fc7ecb90e26
SHA256: 238344f4667dc462a258b8bcf74651b79916c6591d02a11eae4da32917a672bf
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdateHelper.msi
executable
MD5: 84c36af6f17ea78f51ccd9226e1b93c4
SHA256: 5b69a712c0860e81876ae0f813895e3c8372bf83d895bd0b88e5330dfe25e33e
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_fa.dll
executable
MD5: 4b8949efb9f7bc4588bc26c0ad4c49dc
SHA256: 0137dce54858eeb5944b32b0ae95f85db1e97cd52435afd71ea31da7b5f19dc7
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\psmachine.dll
executable
MD5: af836d08102481ae912b669d22447b7b
SHA256: 6d20ddcce1ed4d770ad43e13397a2a7e45352f735f4b9ee7dcb09c3dd6492b39
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ar.dll
executable
MD5: 058d64078386089409159eee35ed4049
SHA256: 3821e0bf8a85d0c6c8a9c1b192599b667a74d00a4718a40d4027e65de04d6658
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\goopdate.dll
executable
MD5: bde15df787fbfb17f71137fd3643007b
SHA256: 7866c66c129268567b61698df17797bbe544cac966650020ff1d5ca58d90247c
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_id.dll
executable
MD5: fbad4ff67df41903fc1e06274f221b8b
SHA256: f440df6a6e23228c6fac5af9073338c47daa67ac2450f5fce2ce43f7c4e41408
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\psmachine_64.dll
executable
MD5: 5b2c7c72e10dc0b6a47d9c989ccb8905
SHA256: ba5de695095d7841cddc4c69167d21ebefd9ed9e5114d3503e0d249a85921f21
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ms.dll
executable
MD5: e3559d6a66d40e70570d0f5b4c0b223a
SHA256: 9b5ef6fe9050f508646128fdcd723eca1336a5207ef3dc61a4f61b009e0d99d8
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarCrashHandler.exe
executable
MD5: 34f3e7d519016f47b3d87e109e4064dc
SHA256: df0c06e47e9688ef092d1ac7b79d39914a43b54b31a09f533baacacbbc338438
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_es-419.dll
executable
MD5: 778bf5e7ca4c944a5d99201db50101b7
SHA256: e85eac1c6683937c0eb28af1478d0f9688c88f8ce2d96f592d07566a55c9c3f5
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateSetup.exe
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_et.dll
executable
MD5: f9a7ebc00e06097155cd76b24cb6456b
SHA256: 4e0077dd0da58cb89f9e09d3f0d557d824af9fbcad7bbdddc3c4ee33464c98e8
2908
MaiarSetup.exe
C:\Users\admin\AppData\Local\Temp\GUM4809.tmp\MaiarUpdate.exe
executable
MD5: 020584dbf4bef4e70c5bf55998f1290e
SHA256: ad15cae470ddef6053fc3dfd78fa90242de8866a9804e91400277be383769e4f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_mr.dll
executable
MD5: cacb8de05490ea56615138579719a86b
SHA256: 69adb00939894af0833a74d30e432ebbc34f09acd0d8f082946649bfc9431f49
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateBroker.exe
executable
MD5: 0e946ff02c2ae544661b0f4a3f6f7305
SHA256: 61971c98d73b9a65a5227aa7f50616a54284fec8adf64e4ea4b1c0ad4854110f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_fil.dll
executable
MD5: 2e926e9abb5f4a97329477cc69b40833
SHA256: 336161a4de45cc53477fca2c62c50fe9f18ce7fb9ebea7f746a7e33f580604f7
2956
chrome.exe
C:\Users\admin\Downloads\MaiarSetup.exe
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ru.dll
executable
MD5: e9d6ce1dee21512f35f8d4116eb8cc12
SHA256: ebc09a9d30168aee944411edda304c95d5875eeba4534e03202f2ba57c6e1782
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateWebPlugin.exe
executable
MD5: 4f0e1b1409cd41d5397f66589c3122f8
SHA256: 535c822b4bde312cdddf2e1acd691fca4c3cc31c076a23d71b88fb77a0df988c
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_hi.dll
executable
MD5: 34190b057fed81df178d82f2da2b0e43
SHA256: b463f5f68ef88b7ef9f5ae9aa6d8ff909297a4acddc7695820d10ef3c063bd29
2956
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 194668.crdownload
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_sk.dll
executable
MD5: 7e1b414399f195ea8648068ca682f348
SHA256: 8750edbe14310fc981e2263297acc947582e6d3ec95c64fe976c93d4602c60ed
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\MaiarUpdateOnDemand.exe
executable
MD5: d1a91adc56b784dd7c0ee61d671724b9
SHA256: 166819d8d543272c87c8ec8c6b82c781b8ec8305175824187b22c0fa840b4985
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_hu.dll
executable
MD5: a9485fa4adc57199b6a90fc92d44166b
SHA256: 3ea98ae943aaae9781fa898894c114fe9a88778bb48a645a39cc463bdc919651
2096
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
executable
MD5: 0557c843386d5b086032369a6004a9b9
SHA256: c76a0476ecf35be62c0edd364edd2a00ba44850c21dee4b09c2ce2d9401c81cb
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_is.dll
executable
MD5: 31f6b68cbf42a004784568653dc725d5
SHA256: 7d728b35367e3817ab2a3029e0649e9b1ed9cac642f083ad0b449bdc6226f06e
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\npMaiarUpdate3.dll
executable
MD5: bf96f2ef043c85a5ba8ffa6a92b8c6bf
SHA256: 0c55025fe41fff9ea4d722cdeec3b53df7f8e29afc050097512c03cf343687ea
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_ja.dll
executable
MD5: 950b71a27dd86b7e8a8331b0f0e4e527
SHA256: ad1118b66012b73fdb53194accadec10c46b686fa526e522d3f577d8730372e4
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_gu.dll
executable
MD5: cb3cae9454364255751a7064e7af5be5
SHA256: 958b57ce088e8289a2d71e9f692318f307115fc3fdbc23fe0ecf5d5d9c699b0f
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_iw.dll
executable
MD5: 9504e369e2da447e26b6687437a67459
SHA256: b2b725d26bcb3b80746e3d7cc28f74883a10c8047fe41697fba1d617767266b7
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\goopdateres_no.dll
executable
MD5: 24f655881cc233dd203af14b96963fa7
SHA256: 9fe2a1e843d47d4307f52f6eed3f839c160e0d014fcd2c0af28818a690037843
868
MaiarUpdate.exe
C:\Program Files\Elrond\Update\1.3.97.0\goopdateres_cs.dll
executable
MD5: c0a060ff9326ce4b3516d04687aeda22
SHA256: 89604ab2f23ef53f798e2a3c3f9a11a8a2605dc4229e3180c00c871f7d6da6a9
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: f6d6d028b0bf6f7c13e9498d68282cbc
SHA256: 3ae7b90800add2afcfb94a75953ca85c1d004335e6de79c9bbfd732dcf759809
3604
MaiarUpdateSetup.exe
C:\Program Files\GUM4E23.tmp\MaiarUpdateSetup.exe\:Zone.Identifier:$DATA
––
MD5:  ––
SHA256:  ––
2572
MaiarUpdate.exe
C:\Program Files\Elrond\Update\Install\{C3FAF68D-4D76-486A-8780-4766701EA013}\72.0.59.100.exe
––
MD5:  ––
SHA256:  ––
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: dfd9c7dcc70528ce193f58afaebe20f5
SHA256: 921c85e0c0dc77a40fdb41435ad9aaaec494cb65195de248fae735d5c79cfd26
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: cec50a48d5ed4a00a2f975a5843c2b59
SHA256: 5865a30fa7ca3c271556112ea71cb858a0035c3a3b4bfe995f923d2b883fa7c9
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF134569.TMP
text
MD5: cec50a48d5ed4a00a2f975a5843c2b59
SHA256: 5865a30fa7ca3c271556112ea71cb858a0035c3a3b4bfe995f923d2b883fa7c9
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\c2034d20-1e04-45e6-bf34-a6a385409743.tmp
––
MD5:  ––
SHA256:  ––
2096
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF13453a.TMP
text
MD5: 9fe0e85154753a6fc663cfc91a08ad99
SHA256: 056a26081e973c19b8ac29efdad1cef036e9dfe1e84af72d6aab44dbdffe8291
2096
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 9fe0e85154753a6fc663cfc91a08ad99
SHA256: 056a26081e973c19b8ac29efdad1cef036e9dfe1e84af72d6aab44dbdffe8291
2096
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cookies
sqlite
MD5: 795479541b944fe4536188187fd873d5
SHA256: b4b8c7e47017c2c177a10dcbe709d007fc90f3853090e5ca35805abb6e1c3179
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: ab9133bfe258a1bbf9d38db9fa4e561f
SHA256: 7090d13b2f3b4a9371bb181eebab6ce6d4518897ea7dd5b62cceeb791d3a72ad
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF13453a.TMP
text
MD5: ab9133bfe258a1bbf9d38db9fa4e561f
SHA256: 7090d13b2f3b4a9371bb181eebab6ce6d4518897ea7dd5b62cceeb791d3a72ad
2956
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF13453a.TMP
text
MD5: 92e39f950c5241439f4690004b99d570
SHA256: 63df5f39db753be5a004e25025a141095ca845a302fd80210c69fc5667cd49cf
2096
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Us