General Info

URL

https://c2rsetup.officeapps.live.com/c2r/download.aspx?productreleaseid=skypeforbusinessentryretail&platform=x86&language=es-es&source=o16o365&version=o16ga

Full analysis
https://app.any.run/tasks/90267235-aec9-43c6-a470-69c69d52133f
Verdict
Malicious activity
Analysis date
12/6/2018, 08:17:37
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • OfficeClickToRun.exe (PID: 3084)
  • OfficeClickToRun.exe (PID: 2436)
Application was dropped or rewritten from another process
  • OfficeClickToRun.exe (PID: 2436)
  • OfficeClickToRun.exe (PID: 3084)
  • download[1].exe (PID: 2820)
  • download[1].exe (PID: 2244)
Changes settings of System certificates
  • OfficeClickToRun.exe (PID: 3084)
  • download[1].exe (PID: 2820)
Removes files from Windows directory
  • OfficeClickToRun.exe (PID: 3084)
Executable content was dropped or overwritten
  • OfficeClickToRun.exe (PID: 3084)
  • iexplore.exe (PID: 2856)
  • iexplore.exe (PID: 3252)
  • download[1].exe (PID: 2820)
Adds / modifies Windows certificates
  • OfficeClickToRun.exe (PID: 3084)
  • download[1].exe (PID: 2820)
Reads Internet Cache Settings
  • download[1].exe (PID: 2244)
  • download[1].exe (PID: 2820)
  • OfficeClickToRun.exe (PID: 2436)
Creates files in the user directory
  • powershell.exe (PID: 3924)
Executes PowerShell scripts
  • download[1].exe (PID: 2820)
Application launched itself
  • download[1].exe (PID: 2244)
Searches for installed software
  • download[1].exe (PID: 2820)
Creates files in the Windows directory
  • OfficeClickToRun.exe (PID: 3084)
Creates files in the program directory
  • OfficeClickToRun.exe (PID: 3084)
  • download[1].exe (PID: 2820)
Reads settings of System Certificates
  • OfficeClickToRun.exe (PID: 3084)
Reads Microsoft Office registry keys
  • OfficeClickToRun.exe (PID: 2436)
  • OfficeClickToRun.exe (PID: 3084)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2856)
  • iexplore.exe (PID: 3252)
Changes internet zones settings
  • iexplore.exe (PID: 2856)
Application launched itself
  • iexplore.exe (PID: 2856)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
40
Monitored processes
7
Malicious processes
4
Suspicious processes
1

Behavior graph

+
drop and start start drop and start iexplore.exe iexplore.exe download[1].exe download[1].exe powershell.exe no specs officeclicktorun.exe no specs officeclicktorun.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2856
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\download[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mlang.dll

PID
3252
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2856 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2244
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Office
Version
16.0.11029.20064
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\download[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\powrprof.dll

PID
2820
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe" ELEVATED
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe
Indicators
Parent process
download[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft Office
Version
16.0.11029.20064
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\download[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\powrprof.dll
c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe

PID
3924
CMD
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -WindowStyle Hidden -Command "& { $isOfficeInstalled = Get-AppxPackage Microsoft.Office.Desktop -allusers; if ($isOfficeInstalled -eq $null) { Out-File -FilePath 'C:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch' -InputObject '0' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch' -InputObject '1' -Encoding ascii } }"
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
No indicators
Parent process
download[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\windows\system32\netutils.dll

PID
2436
CMD
forcecentcheck= deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 productreleaseid=SkypeforBusinessEntryRetail platform=x86 culture=es-es defaultplatform=False lcid=3082 b= prereleasebuild=4419 storeid= tx= totalclientcabsize=20812258 productstoadd=SkypeforBusinessEntryRetail.16_es-es_x-none scenario=unknown mediatype.16=CDN SkypeforBusinessEntryRetail.excludedapps.16=groove updatesenabled.16=True cdnbaseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version.16=16.0.11029.20079 baseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 sourcetype.16=CDN flt.useexptransportinplacepl=unknown flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown
Path
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Indicators
No indicators
Parent process
download[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft Office Click-to-Run (SxS)
Version
16.0.11029.20079
Modules
Image
c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\common files\microsoft shared\clicktorun\vcruntime140.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\msvcp140.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
c:\program files\common files\microsoft shared\clicktorun\apiclient.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptsp.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystemcontroller.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\program files\common files\microsoft shared\clicktorun\c2rui.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\common files\microsoft shared\clicktorun\c2rintl.es-es.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\powrprof.dll

PID
3084
CMD
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
Path
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Office Click-to-Run (SxS)
Version
16.0.11029.20079
Modules
Image
c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\program files\common files\microsoft shared\clicktorun\vcruntime140.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\msvcp140.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shlwapi.dll
c:\program files\common files\microsoft shared\clicktorun\apiclient.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystemcontroller.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winrnr.dll
c:\program files\common files\microsoft shared\clicktorun\streamserver.dll
c:\windows\system32\msdelta.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\schannel.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\concrt140.dll

Registry activity

Total events
1840
Read events
1512
Write events
325
Delete events
3

Modification events

PID
Process
Operation
Key
Name
Value
2856
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2856
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{0E704B65-F927-11E8-BAD8-5254004A04AF}
0
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070C0004000600070011003B007B00
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070C0004000600070011003B009B00
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070C0004000600070011003B004601
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070C0004000600070011003B008501
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
41
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070C0004000600070011003B00D301
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
33
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E2070C0004000600070012001500560100000000
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
2856
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018120620181207
CacheRepair
0
3252
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CachePrefix
:2018120620181207:
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheLimit
8192
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheOptions
11
3252
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018120620181207
CacheRepair
0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
FirstSessionTriggered
1
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
UIFallbackLanguages
x-none
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
HelpLanguageTag
en-US
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
PreferredEditingLanguage
en-US
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
PreviousPreferredEditingLanguage
en-US
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
WordChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
WordMailChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
XLChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
PPTChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
AccessChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
OutlookChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
SharePointDesignerChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
PublisherChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
ProjectChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
InfoPathChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
OneNoteChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
WebDesignerChangeInstallLanguage
No
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources
LangTuneUp
OfficeCompleted
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
1
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common
UID
36D90C824A12934E83171D69792BE566
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
TasRequestPending
int32_t|0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
EcsRequestPending
0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
download[1].exe
Unknown_Error_Read_StreamPackageUrl
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2244
download[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration\USER-PC
SkypeforBusinessEntryRetail.AttemptGetKey
1
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableFileTracing
0
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
EnableConsoleTracing
0
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileTracingMask
4294901760
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
ConsoleTracingMask
4294901760
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
MaxFileSize
1048576
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASAPI32
FileDirectory
%windir%\tracing
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableFileTracing
0
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
EnableConsoleTracing
0
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileTracingMask
4294901760
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
ConsoleTracingMask
4294901760
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
MaxFileSize
1048576
2244
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\download[1]_RASMANCS
FileDirectory
%windir%\tracing
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
std::wstring|IT
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
BuildNumber
16.0.11029
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
Expires
int64_t|0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
1
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D353237373633343234383637373536323734363B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D442D32393633352D312D312C502D442D32373038372D312D392C502D442D32393731392D312D312C502D442D32393731382D312D312C502D442D32393539332D312D312C502D522D31383531332D312D3330222C2022434322203A20227374643A3A77737472696E677C4954222C2022446566436F6E667322203A20227374643A3A77737472696E677C222C202245787054696D6522203A2022696E7436345F747C31353434303834333032222C20224554616722203A20227374643A3A77737472696E677C5C224671555535682B4A473674792F5979642F4D302B2B3935654837364E457565674A595936537835764B6D553D5C22222C202246434D617022203A205B207B20224622203A20224D6963726F736F66742E4F66666963652E4543532E436F6E666967496444656C696D69746572496E4C6F67222C20225622203A20227374643A3A77737472696E677C3B22207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E4543532E456E61626C65536D61727445546167222C20225622203A2022696E7433325F747C3122207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E436C6F7564222C20225622203A20227374643A3A77737472696E677C5075626C696322207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E50657270657475616C4C6963656E7365222C20225622203A20227374643A3A77737472696E677C3022207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E5365676D656E74222C20225622203A20227374643A3A77737472696E677C4E4F4E4652444322207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5368617265642E4372634261736564556964222C20225622203A2022626F6F6C7C3122207D205D207D
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
ChunkCount
uint64_t|0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
VersionId
uint16_t|1
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
ConfigIds
P-D-29635-1-1,P-D-27087-1-9,P-D-29719-1-1,P-D-29718-1-1,P-D-29593-1-1,P-R-18513-1-30
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
ETag
std::wstring|"FqUU5h+JG6ty/Yyd/M0++95eH76NEuegJYY6Sx5vKmU="
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
Expires
int64_t|1544084302
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
DeferredConfigs
std::wstring|
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ImpressionId
std::wstring|
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightNumberlines
std::wstring|
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightingVersion
uint64_t|0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
1
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C32323230313439363031373938393331393B546173436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022446566436F6E667322203A20227374643A3A77737472696E677C222C20224554616722203A20227374643A3A77737472696E677C3738353838313734323733383533313137313431383139373034393335383234353132303937222C2022466C4E756D6C696E6522203A20227374643A3A77737472696E677C696F73726174696E6770726F6D70746366222C2022466C56657222203A202275696E7436345F747C3530303434333633222C2022496D70496422203A20227374643A3A77737472696E677C4446424437464145414633453443354641453343443137443133443335363245222C2022527154696D6522203A202275696E7436345F747C313331383835353433303235333030303030222C202246434D617022203A205B20205D207D
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
ChunkCount
uint64_t|0
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
VersionId
uint16_t|1
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ETag
std::wstring|78588174273853117141819704935824512097
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightNumberlines
std::wstring|iosratingpromptcf
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightingVersion
uint64_t|50044363
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
DeferredConfigs
std::wstring|
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ImpressionId
std::wstring|DFBD7FAEAF3E4C5FAE3CD17D13D3562E
2244
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightUpdateTime
uint64_t|131885543025456250
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
2
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
1
2820
download[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Registration\USER-PC
SkypeforBusinessEntryRetail.AttemptGetKey
1
2820
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Updates
UpdatesThrottleValue
963
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2820
download[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2820
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Blob
040000000100000010000000ACB694A59C17E0D791529BB19706A6E40B0000000100000030000000440069006700690043006500720074002000420061006C00740069006D006F0072006500200052006F006F007400000053000000010000006200000030603020060A2B06010401B13E01640130123010060A2B0601040182373C0101030200C0301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010130123010060A2B0601040182373C0101030200C00F0000000100000014000000CE0E658AA3E847E467A147B3049191093D055E6F140000000100000014000000E59D5930824758CCACFA085436867B3AB5044DF01D0000000100000010000000918AD43A9475F78BB5243DE886D8103C030000000100000014000000D4DE20D05E66FC53FE1A50882C78DB2852CAE47419000000010000001000000068CB42B035EA773E52EF50ECF50EC52909000000010000003E000000303C06082B0601050507030106082B0601050507030406082B0601050507030206082B0601050507030306082B0601050507030906082B0601050507030862000000010000002000000016AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB20000000010000007B030000308203773082025FA0030201020204020000B9300D06092A864886F70D0101050500305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F74301E170D3030303531323138343630305A170D3235303531323233353930305A305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001A3453043301D0603551D0E04160414E59D5930824758CCACFA085436867B3AB5044DF030120603551D130101FF040830060101FF020103300E0603551D0F0101FF040403020106300D06092A864886F70D01010505000382010100850C5D8EE46F51684205A0DDBB4F27258403BDF764FD2DD730E3A41017EBDA2929B6793F76F6191323B8100AF958A4D46170BD04616A128A17D50ABDC5BC307CD6E90C258D86404FECCCA37E38C637114FEDDD68318E4CD2B30174EEBE755E07481A7F70FF165C84C07985B805FD7FBE6511A30FC002B4F852373904D5A9317A18BFA02AF41299F7A34582E33C5EF59D9EB5C89E7C2EC8A49E4E08144B6DFD706D6B1A63BD64E61FB7CEF0F29F2EBB1BB7F250887392C2E2E3168D9A3202AB8E18DDE91011EE7E35AB90AF3E30947AD0333DA7650FF5FC8E9E62CF47442C015DBB1DB532D247D2382ED0FE81DC326A1EB5EE3CD5FCE7811D19C32442EA6339A9
2820
download[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
VersionToReport
16.0.11029.20079
3924
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2436
OfficeClickToRun.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
2
2436
OfficeClickToRun.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
1
2436
OfficeClickToRun.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
officeclicktorun.exe
Unknown_Error_Read_StreamPackageUrl
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
ClientFolder
C:\Program Files\Common Files\Microsoft Shared\ClickToRun
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
ClientVersionToReport
16.0.11029.20079
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
WatcherInterval
3600000
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
PipelineServerName
ClickToRun_Pipeline16
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
PackageLockerPath
C:\ProgramData\Microsoft\Office
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
VersionToReport
16.0.11029.20079
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun
ExecutingScenario
INSTALL
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ScenarioInstanceID
5581C551-4467-4661-9824-6B29C83105DA
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ScenarioName
unknown
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ProductsToAdd
SkypeforBusinessEntryRetail.16_es-es_x-none
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ProductsToRemove
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
Platform
x86
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ClientCulture
es-es
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
BitfieldValues
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
TotalClientCabSize
20812258
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
C2RFlighting.UseExperimentalTransportForInPlacePipe
unknown
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
C2RFlighting.UseOfficeHelperAddon
unknown
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
C2RFlighting.UseOutlookShareAddon
unknown
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
BaseUrl
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
Version
16.0.11029.20079
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
MediaType
CDN
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
CDNUrl
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
UpdatesEnabled
True
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
SourceType
CDN
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ExcludedApps
skypeforbusinessentryretail_groove
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
DeliveryMechanism
492350f6-3a01-4f97-b9c0-c7c6ddf67d60
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
ScenarioCulture
es-es
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
SCENARIO:{FB9843BB-0D8A-4347-A227-C759C3FC9103}
TASKSTATE_EXECUTING
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
PROMPTUSER:{0468216F-0C80-4620-AA53-3F53A84CDFC4}
TASKSTATE_EXECUTING
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
InstallID
28FDF027-C89A-44FA-B012-7F171838F844
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\Condition
PromptAnswer
Continue
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
PROMPTUSER:{0468216F-0C80-4620-AA53-3F53A84CDFC4}
TASKSTATE_COMPLETED
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
BRANCH:{DF3BBBD9-F521-43BA-BE89-8749E5F80983}
TASKSTATE_EXECUTING
2436
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
GROUP:{8D3B8D3F-A1B6-4149-8187-5530518A3849}
TASKSTATE_EXECUTING
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
FirstSessionTriggered
1
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
UIFallbackLanguages
x-none
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
HelpLanguageTag
en-US
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
PreferredEditingLanguage
en-US
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
PreviousPreferredEditingLanguage
en-US
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
WordChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
WordMailChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
XLChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
PPTChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
AccessChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
OutlookChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
SharePointDesignerChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
PublisherChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
ProjectChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
InfoPathChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
OneNoteChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
WebDesignerChangeInstallLanguage
No
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources
LangTuneUp
OfficeCompleted
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
1
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Common
UID
D70257EE062CB74CB23BF1EAFB1A7ACC
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
TasRequestPending
int32_t|0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
EcsRequestPending
0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Shared
OfficeUILanguage
1033
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\RulesLastAudienceReported
officeclicktorun.exe
Unknown_Error_Read_StreamPackageUrl
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
EnableFileTracing
0
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
EnableConsoleTracing
0
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
FileTracingMask
4294901760
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
ConsoleTracingMask
4294901760
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
MaxFileSize
1048576
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASAPI32
FileDirectory
%windir%\tracing
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
EnableFileTracing
0
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
EnableConsoleTracing
0
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
FileTracingMask
4294901760
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
ConsoleTracingMask
4294901760
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
MaxFileSize
1048576
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OfficeClickToRun_RASMANCS
FileDirectory
%windir%\tracing
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL\TasksState
CONFIGURELIGHT:{363FEBED-07D2-4993-B860-5925C6FAF115}
TASKSTATE_EXECUTING
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
SourceType
CDN
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
ScenarioSubType
Install
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Scenario\INSTALL
LowBandwidthStreaming
True
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
Platform
x86
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
InstallationPath
C:\Program Files\Microsoft Office
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
ClientCulture
es-es
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
CDNBaseUrl
http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
AudienceId
492350f6-3a01-4f97-b9c0-c7c6ddf67d60
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
AudienceData
Production::CC
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
SkypeforBusinessEntryRetail.MediaType
CDN
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
UpdatesEnabled
True
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\propertyBag
Version
15.0.9999.9999
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration
SkypeforBusinessEntryRetail.ExcludedApps
groove
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3084
OfficeClickToRun.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5
Blob
040000000100000010000000A266BB7DCC38A562631361BBF61DD11B0F000000010000002000000008FBA831C08544208F5208686B991CA1B2CFC510E7301784DDF1EB5BF03932390B00000001000000540000004D006900630072006F0073006F0066007400200052006F006F007400200043006500720074006900660069006300610074006500200041007500740068006F007200690074007900200032003000310030000000620000000100000020000000DF545BF919A2439C36983B54CDFC903DFA4F37D3996D8D84B4C31EEC6F3C163E140000000100000014000000D5F656CB8FE8A25C6268D13D94905BD7CE9A18C41D000000010000001000000083D006C6D15405E6CE2847A90A3F3EC969000000010000000E000000300C060A2B0601040182373C03020300000001000000140000003B1EFD3A66EA28B16697394703A72CA340A05BD51900000001000000100000003C70FAEA25600CE3B2CC5F0B222ED6292000000001000000F1050000308205ED308203D5A003020102021028CC3A25BFBA44AC449A9B586B4339AA300D06092A864886F70D01010B0500308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F726974792032303130301E170D3130303632333231353732345A170D3335303632333232303430315A308188310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361746520417574686F72697479203230313030820222300D06092A864886F70D01010105000382020F003082020A0282020100B9089E28E4E4EC064E5068B341C57BEBAEB68EAF81BA22441F6534694CBE704017F2167BE279FD86ED0D39F41BA8AD92901ECB3D768F5AD9B591102E3C058D8A6D2454E71FED56AD83B4509C15A51774885920FC08C58476D368D46F2878CE5CB8F3509044FFE3635FBEA19A2C961504D607FE1E8421E0423111C4283694CF50A4629EC9D6AB7100B25B0CE696D40A2496F5FFC6D5B71BD7CBB72162AF12DCA15D37E31AFB1A4698C09BC0E7631F2A0893027E1E6A8EF29F1889E42285A2B1845740FFF50ED86F9CEDE2453101CD17E97FB08145E3AA214026A172AAA74F3C01057EEE8358B15E06639962917882B70D930C246AB41BDB27EC5F95043F934A30F59718B3A7F919A793331D01C8DB22525CD725C946F9A2FB875943BE9B62B18D2D86441A46AC78617E3009FAAE89C4412A2266039139459CC78B0CA8CA0D2FFB52EA0CF76333239DFEB01FAD67D6A75003C6047063B52CB1865A43B7FBAEF96E296E21214126068CC9C3EEB0C28593A1B985D9E6326C4B4C3FD65DA3E5B59D77C39CC055B77400E3B838AB839750E19A42241DC6C0A330D11A5AC85234F773F1C7181F33AD7AECCB4160F3239420C24845AC5C51C62E80C2E27715BD8587ED369D9691EE00B5A370EC9FE38D80688376BAAF5D70522216E266FBBAB3C5C2F73E2F77A6CADEC1A6C6484CC3375123D327D7B84E7096F0A14476AF78CF9AE166130203010001A351304F300B0603551D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414D5F656CB8FE8A25C6268D13D94905BD7CE9A18C4301006092B06010401823715010403020100300D06092A864886F70D01010B05000382020100ACA5968CBFBBAEA6F6D7718743315688FD1C32715B35B7D4F091F2AF37E214F1F30226053E16147F14BAB84FFB89B2B2E7D409CC6DB95B3B64657066B7F2B15ADF1A02F3F551B8676D79F3BF567BE484B92B1E9B409C2634F947189869D81CD7B6D1BF8F61C267C4B5EF60438E101B3649E420CAADA7C1B1276509F8CDF55B2AD08433F3EF1FF2F59C0B589337A075A0DE72DE6C752A6622F58C0630569F40B930AA40771582D78BECC0D3B2BD83C5770C1EAEAF1953A04D79719F0FAF30CE67F9D62CCC22417A07F2974218CE59791055DE6F10E4B8DA836640160968235B972E269A02BB578CC5B8BA69623280899EA1FDC0927C7B2B3319842A63C5006862FA9F478D997A453AA7E9EDEE6942B5F3819B4756107BFC7036841873EAEFF9974D9E3323DD260BBA2AB73F44DC8327FFBD61592B11B7CA4FDBC58B0C1C31AE32F8F8B942F77FDC619A76B15A04E1113D6645B71871BEC92485D6F3D4BA41345D122D25B98DA613486D4BB0077D99930961817457268AAB69E3E4D9C788CC24D8EC52245C1EBC9114E296DEEB0ADA9EDD5FB35BDBD482ECC620508725403AFBC7EECDFE33E56EC3840955032539C0E9355D6531A8F6BFA009CD29C7B336322EDC95F383C15ACF8B8DF6EAB321F8A4ED1E310EB64C11AB600BA412232217A3366482910412E0AB6F1ECB500561B440FF598671D1D533697CA9738A38D7640CF169
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings
4600000002000000090000000000000000000000000000000400000000000000E0A3E0E5338DD401000000000000000000000000020000001700000000000000FE80000000000000A179B3FF019923140B0000007FE0DA077FE00A077FE07A077FE0AA067FE01A067FE04A067FE0BA057FE0EA057FE012037FE03A017FE0227F7FE04A7D7FE0727B7FE0FA7A7FE0C2727FE09A727FE0BA767FE0BA757FE06A6F7FE08A607FE00A607FE022607FE0925F7FE0325F7FE0625F02000000C0A864C100000000000000007FE05A527FE08A517FE0024F7FE0624F7FE02A4B7FE0824A7FE07A497FE0AA487FE01A487EE03A9A7EE092997EE0EA997EE042997EE0F2957EE0F2947EE0F2937EE0F2927EE0F2917EE0928F7EE062887EE002867EE03A837EE0DA817EE07A807EE0D2FF7EE02AFF7EE0A2FB7EE032FA
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs
CountryCode
std::wstring|IT
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\Experiment\officeclicktorun
BuildNumber
16.0.11029
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
Expires
int64_t|0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
1
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D333532373338383633313837353532383936303B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D442D32393633352D312D312C502D442D32373038372D312D392C502D442D32393731392D312D312C502D442D32393731382D312D312C502D442D32393539332D312D312C502D522D31383531332D312D3330222C2022434322203A20227374643A3A77737472696E677C4954222C2022446566436F6E667322203A20227374643A3A77737472696E677C222C202245787054696D6522203A2022696E7436345F747C31353434303834333135222C20224554616722203A20227374643A3A77737472696E677C5C224671555535682B4A473674792F5979642F4D302B2B3935654837364E457565674A5959365552436F464B453D5C22222C202246434D617022203A205B207B20224622203A20224D6963726F736F66742E4F66666963652E4543532E436F6E666967496444656C696D69746572496E4C6F67222C20225622203A20227374643A3A77737472696E677C3B22207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E4543532E456E61626C65536D61727445546167222C20225622203A2022696E7433325F747C3122207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E436C6F7564222C20225622203A20227374643A3A77737472696E677C5075626C696322207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E50657270657475616C4C6963656E7365222C20225622203A20227374643A3A77737472696E677C3022207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5365676D656E746174696F6E2E5365676D656E74222C20225622203A20227374643A3A77737472696E677C4E4F4E4652444322207D2C207B20224622203A20224D6963726F736F66742E4F66666963652E5368617265642E4372634261736564556964222C20225622203A2022626F6F6C7C3122207D205D207D
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
ChunkCount
uint64_t|0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData
VersionId
uint16_t|1
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
ConfigIds
P-D-29635-1-1,P-D-27087-1-9,P-D-29719-1-1,P-D-29718-1-1,P-D-29593-1-1,P-R-18513-1-30
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
ETag
std::wstring|"FqUU5h+JG6ty/Yyd/M0++95eH76NEuegJYY6URCoFKE="
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
Expires
int64_t|1544084315
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun
DeferredConfigs
std::wstring|
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ImpressionId
std::wstring|
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightNumberlines
std::wstring|
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightingVersion
uint64_t|0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
1
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D343139373539383136363336303730393134353B546173436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022446566436F6E667322203A20227374643A3A77737472696E677C222C20224554616722203A20227374643A3A77737472696E677C333535353333343730353530343636363238343135313337363831373835343236373432373237222C2022466C4E756D6C696E6522203A20227374643A3A77737472696E677C222C2022466C56657222203A202275696E7436345F747C3530303434333633222C2022496D70496422203A20227374643A3A77737472696E677C3739453739444636383330303445303938394230343830383135323035463644222C2022527154696D6522203A202275696E7436345F747C313331383835353433313432343837353030222C202246434D617022203A205B20205D207D
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
ChunkCount
uint64_t|0
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun\ConfigContextData
VersionId
uint16_t|1
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ETag
std::wstring|355533470550466628415137681785426742727
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightingVersion
uint64_t|50044363
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
DeferredConfigs
std::wstring|
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
ImpressionId
std::wstring|79E79DF683004E0989B0480815205F6D
3084
OfficeClickToRun.exe
write
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Tas\officeclicktorun
FlightUpdateTime
uint64_t|131885543142643750

Files activity

Executable files
182
Suspicious files
15
Text files
23
Unknown types
9

Dropped files

PID
Process
Filename
Type
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\setupskypeforbusinessentryretail.x86.es-es_[1].exe
executable
MD5: 1d65debecf6d631e2fda1dbff0174e42
SHA256: f1f981a68d6503ef56574204ecd6673087eb6feb6b9fbe4f5ab1413f90a5f1ee
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.da-dk.dll
executable
MD5: cf6cf419f3e89e979121f467f7322058
SHA256: cbf59fdd0b2fd71990661a6ffed28c5b8cbc1cfe7cc7a15f936aeda7aa760274
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ar-sa.dll
executable
MD5: 86e3b77293a683981aea83d66e5e70b2
SHA256: 172027248976ee0114d590267285a87ae6eb9a4a42396453069becf11a5a0c1f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.it-it.dll
executable
MD5: 4acb7bc0d6810b18c969fc771ffc857a
SHA256: 5738a566e3c1dc16bcd6da606bb94825ad486fd049c12bf7a3c59d116dd66692
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.en-us.dll
executable
MD5: af9d29141d5cd14811a64990daae4892
SHA256: a85bfa284b859275d02679a6d358e8cf1b2b327f3a5be456e2c6001c92b78964
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.fi-fi.dll
executable
MD5: e7dd79fe48108e510019911191487a82
SHA256: 2a0c69a2770cf0be372db90bc6c2af92ddbf275199982877bad39f055899bc3d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.et-ee.dll
executable
MD5: f83117cdfb2801d212fd8ad94a293a2c
SHA256: da24db6d29dc0cd1fb531eeed1260288ef8584aab30c8d9d39e2d2b87d8d32af
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.el-gr.dll
executable
MD5: cf97de56a538179ab54475ca742657fe
SHA256: d01ab3d86dc8a4b242d591c65d4dcd539077fe545118beb55715f985b168a1f1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.de-de.dll
executable
MD5: 56e6aa55574e54b9e64b6742cd5078d3
SHA256: 528540959c0ad17607d0c3e5208e8c7b77f4881e2024eff475cec152e730109b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.hi-in.dll
executable
MD5: 99d1ef91b7850700c9415d3d210fb8d0
SHA256: 2d2948244a5cd326ccaea40f8caa234b7134ea761f5654b32a5cd7517cc98af0
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.bg-bg.dll
executable
MD5: 3add1ffc1a4abed60dff0678b44b943b
SHA256: e02b3353d3de2c487ca72baebb6cd63dd85baf2e602d561d954397454eb86a43
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.cs-cz.dll
executable
MD5: 2ea38af63b75ef9ed93410d699a1ecec
SHA256: 0d284725dc19d58e66cdec7c6de99db7d3b96af1d5e0dc377154ad171ce560d6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.es-es.dll
executable
MD5: 175bed3e1ec4dbbfea202919bb6ce559
SHA256: 2681e541e1ad9bfa2906c6f4d8b189b5dfc6899fae0c0bc54f7573df6cac0344
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.de-de.dll
executable
MD5: 56e6aa55574e54b9e64b6742cd5078d3
SHA256: 528540959c0ad17607d0c3e5208e8c7b77f4881e2024eff475cec152e730109b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.cs-cz.dll
executable
MD5: 2ea38af63b75ef9ed93410d699a1ecec
SHA256: 0d284725dc19d58e66cdec7c6de99db7d3b96af1d5e0dc377154ad171ce560d6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.da-dk.dll
executable
MD5: cf6cf419f3e89e979121f467f7322058
SHA256: cbf59fdd0b2fd71990661a6ffed28c5b8cbc1cfe7cc7a15f936aeda7aa760274
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.fi-fi.dll
executable
MD5: e7dd79fe48108e510019911191487a82
SHA256: 2a0c69a2770cf0be372db90bc6c2af92ddbf275199982877bad39f055899bc3d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.es-es.dll
executable
MD5: 175bed3e1ec4dbbfea202919bb6ce559
SHA256: 2681e541e1ad9bfa2906c6f4d8b189b5dfc6899fae0c0bc54f7573df6cac0344
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ar-sa.dll
executable
MD5: 86e3b77293a683981aea83d66e5e70b2
SHA256: 172027248976ee0114d590267285a87ae6eb9a4a42396453069becf11a5a0c1f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.el-gr.dll
executable
MD5: cf97de56a538179ab54475ca742657fe
SHA256: d01ab3d86dc8a4b242d591c65d4dcd539077fe545118beb55715f985b168a1f1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2R32.dll
executable
MD5: 43b875907341c20d983f0d63e3484c3b
SHA256: e632ab410048d803173f794fcc9c9f873bba5ba6d12b04ab66f2a0570558fd06
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.et-ee.dll
executable
MD5: f83117cdfb2801d212fd8ad94a293a2c
SHA256: da24db6d29dc0cd1fb531eeed1260288ef8584aab30c8d9d39e2d2b87d8d32af
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll
executable
MD5: 43b875907341c20d983f0d63e3484c3b
SHA256: e632ab410048d803173f794fcc9c9f873bba5ba6d12b04ab66f2a0570558fd06
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVShNotify.exe
executable
MD5: a95552ad9dc9b8d4a44af1dbbec7c4b3
SHA256: be4a59a9767761e1b9851680f52f528a911eff292a096637876a97423809538b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.nb-no.dll
executable
MD5: 8f421ad186da90c2fbbeac8a4ec14530
SHA256: 9d8d8d99b903e5f64cce4a72f25ff1538bf0b094b3a20ae71f94786bfccfc3a7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.he-il.dll
executable
MD5: 01d9d15d78c28695f8e437d3bafbbc98
SHA256: bd0beb7d40c0294c4e9d32eecc5388e3af25f99cf45002df41e4c809edef3ddc
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVScripting.dll
executable
MD5: 62cf6187633d324c377606a87037e375
SHA256: ffe2250fb739a3074ce889437d9fe4b6fadabdc93ad0ef804fd9d45c0256a5d6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVScripting.dll
executable
MD5: 62cf6187633d324c377606a87037e375
SHA256: ffe2250fb739a3074ce889437d9fe4b6fadabdc93ad0ef804fd9d45c0256a5d6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.nl-nl.dll
executable
MD5: cbccf35065fdb724c939108cb0dcf222
SHA256: 415accebd225b225f5669ddacaa59ce5cb7e6bdbdefc2d422099d17c82a8f4b6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.id-id.dll
executable
MD5: d8d7ad60c75dc5084ecc74e095388bc9
SHA256: 1a82174a239b0936119cee28bb5a0953984603ace90208f2ea0b0efad05d58f7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
executable
MD5: a95552ad9dc9b8d4a44af1dbbec7c4b3
SHA256: be4a59a9767761e1b9851680f52f528a911eff292a096637876a97423809538b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVPolicy.dll
executable
MD5: 7ab3689a6b26081b1e399bc515efb9cc
SHA256: fada1dfdbeffca061152e43c70fcf00964bdac707473a780604bc87235da95f8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.hr-hr.dll
executable
MD5: 2cc6477b745f079b7b97d37f7f6abee3
SHA256: d1f25012af0caec8e68b6d5aba4d5dda9387f91704db916778410d5d38ae354d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.fr-fr.dll
executable
MD5: fc2f1a7300e68bdbec41184cb012d9ee
SHA256: 9cafacdc6a24a5f66c717fac882bb675493e46338f2c1af528dce5357fb3e5b1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll
executable
MD5: 5e2fbba6ce9d6396082b2d0a5bcb0bd3
SHA256: e282b8e35f4a8b41071f91af98574f8011cd9c6bcc01d0a58646f38695fab2f8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVOrchestration.dll
executable
MD5: 938a5f4abc82152177200f06f3d10a22
SHA256: aa3d75eea4c5decdd0f552e7b56cff552fae04308f2975ca504188be9b7a58a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.it-it.dll
executable
MD5: 4acb7bc0d6810b18c969fc771ffc857a
SHA256: 5738a566e3c1dc16bcd6da606bb94825ad486fd049c12bf7a3c59d116dd66692
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.hr-hr.dll
executable
MD5: 2cc6477b745f079b7b97d37f7f6abee3
SHA256: d1f25012af0caec8e68b6d5aba4d5dda9387f91704db916778410d5d38ae354d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVPolicy.dll
executable
MD5: 7ab3689a6b26081b1e399bc515efb9cc
SHA256: fada1dfdbeffca061152e43c70fcf00964bdac707473a780604bc87235da95f8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVManifest.dll
executable
MD5: 8de7fc8a2732102ffdfd4c89a1963522
SHA256: c8d373dd84239ee851d64031d49b0d1de804d405e9281d750c57ecd2621956b4
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.pl-pl.dll
executable
MD5: 51e7010a8525af0b5c01e74b765dfcb2
SHA256: 170e17a768cb8f8e7167b75d823dd6f670798d3686011b9242e9933356db9717
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.en-us.dll
executable
MD5: af9d29141d5cd14811a64990daae4892
SHA256: a85bfa284b859275d02679a6d358e8cf1b2b327f3a5be456e2c6001c92b78964
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll
executable
MD5: ee540bb7f119dc7596c49227cb448f97
SHA256: e9e93dd6b0b24928226e44e9d67704d8ba5a600a97bad4343c01cfffa2a21531
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVIsvVirtualization.dll
executable
MD5: 730a06c50844fdf5e522dde60f969917
SHA256: f332606e25dbed34a12002c845b8a6ad76ba9ededbc4f331838374efb839102d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.hu-hu.dll
executable
MD5: c598ac3a47ed5e4ef96473e5f5e9a4aa
SHA256: 2bb19413c05bac4d7a4624a36f256d0c25477f01a387c37c9bccce66859e1e9d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.hu-hu.dll
executable
MD5: c598ac3a47ed5e4ef96473e5f5e9a4aa
SHA256: 2bb19413c05bac4d7a4624a36f256d0c25477f01a387c37c9bccce66859e1e9d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll
executable
MD5: e5dd6dfa3722f451a057fdf1d6a99931
SHA256: e676d781675a306dd5e7835061fa4747e3a9976440c5fe2d062cf0ce7787f692
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppvIsvSubsystems32.dll
executable
MD5: 35c6f2335988cd587a065b18bd339c04
SHA256: 0e1220098b41476066e88f842cd9f95efe001cb8ac0bcb0f567c7eb7fb2dc872
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.hi-in.dll
executable
MD5: 99d1ef91b7850700c9415d3d210fb8d0
SHA256: 2d2948244a5cd326ccaea40f8caa234b7134ea761f5654b32a5cd7517cc98af0
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ro-ro.dll
executable
MD5: 08d6572d8d1114725cdf8ed96e90c9c6
SHA256: c50c02fe50d1b06027ba72236c5834eccb3985325fb3dbc01dec22ab52e432a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll
executable
MD5: 730a06c50844fdf5e522dde60f969917
SHA256: f332606e25dbed34a12002c845b8a6ad76ba9ededbc4f331838374efb839102d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVIsvSubsystemController.dll
executable
MD5: 5e2fbba6ce9d6396082b2d0a5bcb0bd3
SHA256: e282b8e35f4a8b41071f91af98574f8011cd9c6bcc01d0a58646f38695fab2f8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.he-il.dll
executable
MD5: 01d9d15d78c28695f8e437d3bafbbc98
SHA256: bd0beb7d40c0294c4e9d32eecc5388e3af25f99cf45002df41e4c809edef3ddc
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.pt-pt.dll
executable
MD5: 28d8f2fdb195e5331306aaff247bfd98
SHA256: f3a54f3134b76a4d13d2513d4da279ffe19443fb15ba9c3eca7b80890987254c
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll
executable
MD5: 938a5f4abc82152177200f06f3d10a22
SHA256: aa3d75eea4c5decdd0f552e7b56cff552fae04308f2975ca504188be9b7a58a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVIsvApi.dll
executable
MD5: e5dd6dfa3722f451a057fdf1d6a99931
SHA256: e676d781675a306dd5e7835061fa4747e3a9976440c5fe2d062cf0ce7787f692
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.lv-lv.dll
executable
MD5: 7ce935eb25be2fb56b2b2d581dde461d
SHA256: 7aba99dfd7731e21f118810b5c96169ed2b305cca704cb23913f320d03497fa5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ja-jp.dll
executable
MD5: 47746d2318f2c6697f5126ce120e8065
SHA256: 607a04d53a205973b243ca02ea0efda9c95184edcbe58a8c4beb7dd9913fb32d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll
executable
MD5: 35c6f2335988cd587a065b18bd339c04
SHA256: 0e1220098b41476066e88f842cd9f95efe001cb8ac0bcb0f567c7eb7fb2dc872
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVIsvStreamingManager.dll
executable
MD5: ee540bb7f119dc7596c49227cb448f97
SHA256: e9e93dd6b0b24928226e44e9d67704d8ba5a600a97bad4343c01cfffa2a21531
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ja-jp.dll
executable
MD5: 47746d2318f2c6697f5126ce120e8065
SHA256: 607a04d53a205973b243ca02ea0efda9c95184edcbe58a8c4beb7dd9913fb32d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.kk-kz.dll
executable
MD5: 49aac1b980a91cbae430db1f1f6ea4b7
SHA256: 27c97c2729256f657d97dcdef0e8fe883b51ab99cb1a05a09b08e476c9b2d8a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVManifest.dll
executable
MD5: 8de7fc8a2732102ffdfd4c89a1963522
SHA256: c8d373dd84239ee851d64031d49b0d1de804d405e9281d750c57ecd2621956b4
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll
executable
MD5: f6d1216e974fb76585fd350ebdc30648
SHA256: 348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.pt-br.dll
executable
MD5: 282d403fe9ff4fb04811401fb60f7833
SHA256: 282c4d5d8f70d83d6cbe2088c73fe31235c4ea30e81ea0ce9670d936be915810
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.lv-lv.dll
executable
MD5: 7ce935eb25be2fb56b2b2d581dde461d
SHA256: 7aba99dfd7731e21f118810b5c96169ed2b305cca704cb23913f320d03497fa5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll
executable
MD5: 7b0b4941659579ad3dbf60d29259eb09
SHA256: 665f07caab33e1bec2c83ec74b1042fb8dd3b41e4a8053a78a2dd41806f48e33
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVFileSystemMetadata.dll
executable
MD5: 76e137d782330050f4bc5b1e9314002e
SHA256: 79b8fc4c7a0be8fddbe19a23e702615087237ce42e106c65304c7f61e60ab0fb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ms-my.dll
executable
MD5: 18e447197771ca735b4abc7bd2debe5b
SHA256: 0246feeeee5396497c24285a9ad7fed5c074a645d33c01133e656103ce292eea
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.pl-pl.dll
executable
MD5: 51e7010a8525af0b5c01e74b765dfcb2
SHA256: 170e17a768cb8f8e7167b75d823dd6f670798d3686011b9242e9933356db9717
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll
executable
MD5: 5e72659b38a2977984bbc23ed274f007
SHA256: 44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\appvcleaner.exe
executable
MD5: f217d10d3fcd273e1ce32abdd09cc8a7
SHA256: 3d642d1912eb21ce81aa7e6a79ee52b3740b2523e1da6aba0611dc45b6d4eb32
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.id-id.dll
executable
MD5: d8d7ad60c75dc5084ecc74e095388bc9
SHA256: 1a82174a239b0936119cee28bb5a0953984603ace90208f2ea0b0efad05d58f7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ms-my.dll
executable
MD5: 18e447197771ca735b4abc7bd2debe5b
SHA256: 0246feeeee5396497c24285a9ad7fed5c074a645d33c01133e656103ce292eea
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll
executable
MD5: d6abf5c056d80592f8e2439e195d61ac
SHA256: 8858d883d180cea63e3bf4a3f5bc9e0f9fa16c9a35a84c4efe65308cea13a364
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVCatalog.dll
executable
MD5: 5f1f3fe338932e9ae58686a1987fb325
SHA256: 087e5b8f5595e4e4d1f3f1559131e4ac67285625d96d2e41e70fe3514c559a03
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.pt-pt.dll
executable
MD5: 28d8f2fdb195e5331306aaff247bfd98
SHA256: f3a54f3134b76a4d13d2513d4da279ffe19443fb15ba9c3eca7b80890987254c
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ko-kr.dll
executable
MD5: 21b890de3d3c396e397de9f795323511
SHA256: b319a2ed385987961b4eada8df2266f1b374f57c7db8071a05d2108db666f27b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll
executable
MD5: 5f1f3fe338932e9ae58686a1987fb325
SHA256: 087e5b8f5595e4e4d1f3f1559131e4ac67285625d96d2e41e70fe3514c559a03
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-multibyte-l1-1-0.dll
executable
MD5: 809bc1010eaf714cd095189af236ce2f
SHA256: b52f2b9de19d12b0e727e13e3dde93009e487bfb2dd97fd23952c7080949d97e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.kk-kz.dll
executable
MD5: 49aac1b980a91cbae430db1f1f6ea4b7
SHA256: 27c97c2729256f657d97dcdef0e8fe883b51ab99cb1a05a09b08e476c9b2d8a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.lt-lt.dll
executable
MD5: fb9c78283db6d116ec847d9f5682f236
SHA256: 2ce5206894a0971b3842ada8102ebc6d3a41f35d7b8d2a5f98429867690fbfd5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll
executable
MD5: ae3fa6bf777b0429b825fb6b028f8a48
SHA256: 66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ApiClient.dll
executable
MD5: b6de04192a43e3a0026f600cf717c7b0
SHA256: 42995eb81489416fe7fd3a3b9919f4e79f9837f887b3cdc9ae9d06853f66a3b9
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.lt-lt.dll
executable
MD5: fb9c78283db6d116ec847d9f5682f236
SHA256: 2ce5206894a0971b3842ada8102ebc6d3a41f35d7b8d2a5f98429867690fbfd5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.nb-no.dll
executable
MD5: 8f421ad186da90c2fbbeac8a4ec14530
SHA256: 9d8d8d99b903e5f64cce4a72f25ff1538bf0b094b3a20ae71f94786bfccfc3a7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVFileSystemMetadata.dll
executable
MD5: 76e137d782330050f4bc5b1e9314002e
SHA256: 79b8fc4c7a0be8fddbe19a23e702615087237ce42e106c65304c7f61e60ab0fb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-private-l1-1-0.dll
executable
MD5: 1dd5666125b8734e92b1041139fa6c37
SHA256: d0ff5f6bb94961d4c17f0709297a6b5a5fa323c9ac82f4fe27187912b4b13cf3
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.fr-fr.dll
executable
MD5: fc2f1a7300e68bdbec41184cb012d9ee
SHA256: 9cafacdc6a24a5f66c717fac882bb675493e46338f2c1af528dce5357fb3e5b1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.nl-nl.dll
executable
MD5: cbccf35065fdb724c939108cb0dcf222
SHA256: 415accebd225b225f5669ddacaa59ce5cb7e6bdbdefc2d422099d17c82a8f4b6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\appvcleaner.exe
executable
MD5: f217d10d3fcd273e1ce32abdd09cc8a7
SHA256: 3d642d1912eb21ce81aa7e6a79ee52b3740b2523e1da6aba0611dc45b6d4eb32
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-math-l1-1-0.dll
executable
MD5: d0d380af839124368a96d6aa82c7c8ae
SHA256: 06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ko-kr.dll
executable
MD5: 21b890de3d3c396e397de9f795323511
SHA256: b319a2ed385987961b4eada8df2266f1b374f57c7db8071a05d2108db666f27b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.ru-ru.dll
executable
MD5: 440fb4ceca4ae0359e869ad31240b003
SHA256: 26d32ee173455b57b189f18cb2845d6fa7c4bd29e226280dfcf0d950fe687a6f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
executable
MD5: b6de04192a43e3a0026f600cf717c7b0
SHA256: 42995eb81489416fe7fd3a3b9919f4e79f9837f887b3cdc9ae9d06853f66a3b9
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-runtime-l1-1-0.dll
executable
MD5: ae3fa6bf777b0429b825fb6b028f8a48
SHA256: 66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.tr-tr.dll
executable
MD5: 616b76f2c8c9202030ca393e4e971fbe
SHA256: b752bcdc9c1738f89042e6c850652c2d417bc0d0fcd490b65940243054ed4170
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.pt-br.dll
executable
MD5: 282d403fe9ff4fb04811401fb60f7833
SHA256: 282c4d5d8f70d83d6cbe2088c73fe31235c4ea30e81ea0ce9670d936be915810
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll
executable
MD5: 8f8a47617dfd829a63e3ec4aff2718d9
SHA256: 6d4a1aad695a3451c2d3f564c7cc8d37192cd35539874df6ae55e24847e51784
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-string-l1-1-0.dll
executable
MD5: 5e72659b38a2977984bbc23ed274f007
SHA256: 44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.uk-ua.dll
executable
MD5: 7de4ab0bea279e8cfdf6c4a552a2770b
SHA256: 63872e1928e33bef033e06bf7ff695b59206a2fe3077378ee6651fbf9bda9093
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.tr-tr.dll
executable
MD5: 616b76f2c8c9202030ca393e4e971fbe
SHA256: b752bcdc9c1738f89042e6c850652c2d417bc0d0fcd490b65940243054ed4170
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll
executable
MD5: 1fa7c2b81cdfd7ace42a2a9a0781c946
SHA256: cafdb772a1d7acf0807478fdba1e00fd101fc29c136547b37131f80d21dacffd
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-utility-l1-1-0.dll
executable
MD5: d6abf5c056d80592f8e2439e195d61ac
SHA256: 8858d883d180cea63e3bf4a3f5bc9e0f9fa16c9a35a84c4efe65308cea13a364
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.sv-se.dll
executable
MD5: 24684bcc392329b2a226aeb85e36e686
SHA256: c6f3a5adf3c437d289f8b4bf81a4416413787d4be227a0f09873034a5cd8c7e2
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.sr-latn-rs.dll
executable
MD5: 952422de4568fa19bb3e9526d795e7a1
SHA256: 460f6ea059455f602e94795de39ca12d3a09416dc6a310402c81277c8672fe41
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll
executable
MD5: 32d7b95b1bce23db9fbd0578053ba87f
SHA256: 104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-time-l1-1-0.dll
executable
MD5: 1fa7c2b81cdfd7ace42a2a9a0781c946
SHA256: cafdb772a1d7acf0807478fdba1e00fd101fc29c136547b37131f80d21dacffd
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.zh-cn.dll
executable
MD5: 9e33c80e326bc54b8eb1c96c6d66275c
SHA256: 254c111de0d42de4809f8e5c917ce5441e75d6bea32d7c203957a12018946dae
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.zh-cn.dll
executable
MD5: 9e33c80e326bc54b8eb1c96c6d66275c
SHA256: 254c111de0d42de4809f8e5c917ce5441e75d6bea32d7c203957a12018946dae
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll
executable
MD5: 1dd5666125b8734e92b1041139fa6c37
SHA256: d0ff5f6bb94961d4c17f0709297a6b5a5fa323c9ac82f4fe27187912b4b13cf3
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-stdio-l1-1-0.dll
executable
MD5: 32d7b95b1bce23db9fbd0578053ba87f
SHA256: 104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ru-ru.dll
executable
MD5: 440fb4ceca4ae0359e869ad31240b003
SHA256: 26d32ee173455b57b189f18cb2845d6fa7c4bd29e226280dfcf0d950fe687a6f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll
executable
MD5: 899714273669f9243d620555b2eba141
SHA256: 1d655f3892b8bee99d641a9995e74c61bb9a8b211f42ab03766311c0434aef35
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll
executable
MD5: d0d380af839124368a96d6aa82c7c8ae
SHA256: 06985d00bf4985024e95442702bbdb53c2127e99f16440424f3380a88883f1a5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-process-l1-1-0.dll
executable
MD5: 8f8a47617dfd829a63e3ec4aff2718d9
SHA256: 6d4a1aad695a3451c2d3f564c7cc8d37192cd35539874df6ae55e24847e51784
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.sl-si.dll
executable
MD5: 5368a6bd8459ab72d17f778e75b398d7
SHA256: e4616886cbf7c7134513663eee0ec0131eaf2e84b625ba16b01bb88187350f79
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.th-th.dll
executable
MD5: 2dfdd2698a9267cb1bc30d8564817785
SHA256: f2476344b323050d8c28385022e86c4d2eae7c097e72483a3120562918bb763e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll
executable
MD5: ab8734c2328a46e7e9583befeb7085a2
SHA256: 921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-localization-l1-2-0.dll
executable
MD5: 3b9d034ca8a0345bc8f248927a86bf22
SHA256: a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.th-th.dll
executable
MD5: 2dfdd2698a9267cb1bc30d8564817785
SHA256: f2476344b323050d8c28385022e86c4d2eae7c097e72483a3120562918bb763e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.vi-vn.dll
executable
MD5: 04044c5fbf8fc0b9d8f6cd72e0ee3eb7
SHA256: 917b771634b67538fe2f50137daabe8d014f64a31f3d928d1f01f86b3f99377c
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll
executable
MD5: e70d8fe9d21841202b4fd1cf55d37ac5
SHA256: e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-locale-l1-1-0.dll
executable
MD5: e70d8fe9d21841202b4fd1cf55d37ac5
SHA256: e087f611b3659151dfb674728202944a7c0fe71710f280840e00a5c4b640632d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.sk-sk.dll
executable
MD5: fd021438770f80900e870c95e89b9bad
SHA256: 40d69d33ec0127166c18050ba77384ac6810f50f9be0b9f0cf4ff6b0006804e6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.sv-se.dll
executable
MD5: 24684bcc392329b2a226aeb85e36e686
SHA256: c6f3a5adf3c437d289f8b4bf81a4416413787d4be227a0f09873034a5cd8c7e2
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll
executable
MD5: 45c54a21261180410091cefb23f6a5ae
SHA256: 2b0fea07db507b7266346eab3ca7ede3821876aadc519daf059b130b85640918
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-conio-l1-1-0.dll
executable
MD5: 3b038338c1eb179d8eee3883cf42bc3e
SHA256: c17786e9031062f56e4b205f394a795e11ef9367b922763ddf391f2acab2e979
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.vi-vn.dll
executable
MD5: 04044c5fbf8fc0b9d8f6cd72e0ee3eb7
SHA256: 917b771634b67538fe2f50137daabe8d014f64a31f3d928d1f01f86b3f99377c
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.uk-ua.dll
executable
MD5: 7de4ab0bea279e8cfdf6c4a552a2770b
SHA256: 63872e1928e33bef033e06bf7ff695b59206a2fe3077378ee6651fbf9bda9093
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll
executable
MD5: 809bc1010eaf714cd095189af236ce2f
SHA256: b52f2b9de19d12b0e727e13e3dde93009e487bfb2dd97fd23952c7080949d97e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-convert-l1-1-0.dll
executable
MD5: 5245f303e96166b8e625dd0a97e2d66a
SHA256: 90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.sr-latn-rs.dll
executable
MD5: 952422de4568fa19bb3e9526d795e7a1
SHA256: 460f6ea059455f602e94795de39ca12d3a09416dc6a310402c81277c8672fe41
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.sk-sk.dll
executable
MD5: fd021438770f80900e870c95e89b9bad
SHA256: 40d69d33ec0127166c18050ba77384ac6810f50f9be0b9f0cf4ff6b0006804e6
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll
executable
MD5: 3b9d034ca8a0345bc8f248927a86bf22
SHA256: a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-processthreads-l1-1-1.dll
executable
MD5: c2ead5fcce95a04d31810768a3d44d57
SHA256: 42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.ro-ro.dll
executable
MD5: 08d6572d8d1114725cdf8ed96e90c9c6
SHA256: c50c02fe50d1b06027ba72236c5834eccb3985325fb3dbc01dec22ab52e432a8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.sl-si.dll
executable
MD5: 5368a6bd8459ab72d17f778e75b398d7
SHA256: e4616886cbf7c7134513663eee0ec0131eaf2e84b625ba16b01bb88187350f79
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll
executable
MD5: f6b4d8d403d22eb87a60bf6e4a3e7041
SHA256: 25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-filesystem-l1-1-0.dll
executable
MD5: ab8734c2328a46e7e9583befeb7085a2
SHA256: 921b7cf74744c4336f976db6750921b2a0960e8aa11268457f5ed27c0e13b2c8
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.zh-tw.dll
executable
MD5: 39733310c25a1efaac9e6b23f43e52d2
SHA256: 20e5ae539cec111e8250381a0ca7c6b219bcb4ed245dd698f8bf3540a965b18f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RINTL.zh-tw.dll
executable
MD5: 39733310c25a1efaac9e6b23f43e52d2
SHA256: 20e5ae539cec111e8250381a0ca7c6b219bcb4ed245dd698f8bf3540a965b18f
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll
executable
MD5: 3b038338c1eb179d8eee3883cf42bc3e
SHA256: c17786e9031062f56e4b205f394a795e11ef9367b922763ddf391f2acab2e979
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-timezone-l1-1-0.dll
executable
MD5: a20084f41b3f1c549d6625c790b72268
SHA256: 0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RUI.dll
executable
MD5: 899714273669f9243d620555b2eba141
SHA256: 1d655f3892b8bee99d641a9995e74c61bb9a8b211f42ab03766311c0434aef35
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
executable
MD5: c0cede0b5ce9508428449aa9276cfda4
SHA256: 6fbd4b7e1130e6d0b9e8a34dec6af00544391b8d760a14b67e0f211e8589ca53
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll
executable
MD5: c2ead5fcce95a04d31810768a3d44d57
SHA256: 42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-file-l1-2-0.dll
executable
MD5: f6d1216e974fb76585fd350ebdc30648
SHA256: 348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\concrt140.dll
executable
MD5: 1e5b9799a91d80b9a82df786ad98fd47
SHA256: 9068d558632422427e8c6a3e6b3223d314717009498f4566365699ebe8a040eb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\concrt140.dll
executable
MD5: 1e5b9799a91d80b9a82df786ad98fd47
SHA256: 9068d558632422427e8c6a3e6b3223d314717009498f4566365699ebe8a040eb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll
executable
MD5: 39d81596a7308e978d67ad6fdccdd331
SHA256: 3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-file-l2-1-0.dll
executable
MD5: bfb08fb09e8d68673f2f0213c59e2b97
SHA256: 6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ClientTelemetry.dll
executable
MD5: c0cede0b5ce9508428449aa9276cfda4
SHA256: 6fbd4b7e1130e6d0b9e8a34dec6af00544391b8d760a14b67e0f211e8589ca53
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\IntegratedOffice.exe
executable
MD5: 34e1f06209f103441fede45f0d901c4a
SHA256: 579d689827f64476c1dd45084dc744380f3c8b6a40966e0d88dfd2f6b2f90bbe
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll
executable
MD5: a20084f41b3f1c549d6625c790b72268
SHA256: 0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-xstate-l2-1-0.dll
executable
MD5: e20c50cb320a5718ae869d8ec4d460ca
SHA256: 48c776f38eaed72cb05a993484f60cbfdf5af59aebc48e53481a997ae7ded8dc
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\cpprestsdk.dll
executable
MD5: 3b6737e9d57eba96eb60ad02631d34dc
SHA256: 67110490f2005ce43abd7eb99b842a18c3d650747f39201d10d7926058d1f82b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\cpprestsdk.dll
executable
MD5: 3b6737e9d57eba96eb60ad02631d34dc
SHA256: 67110490f2005ce43abd7eb99b842a18c3d650747f39201d10d7926058d1f82b
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll
executable
MD5: e20c50cb320a5718ae869d8ec4d460ca
SHA256: 48c776f38eaed72cb05a993484f60cbfdf5af59aebc48e53481a997ae7ded8dc
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-heap-l1-1-0.dll
executable
MD5: 39d81596a7308e978d67ad6fdccdd331
SHA256: 3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\IntegratedOffice.exe
executable
MD5: 34e1f06209f103441fede45f0d901c4a
SHA256: 579d689827f64476c1dd45084dc744380f3c8b6a40966e0d88dfd2f6b2f90bbe
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msvcr120.dll
executable
MD5: 1a22ac29230ff06e278cf85992f48c86
SHA256: 3a3f61f1d187142bba9b37b318f6052a09743ff24fcdb3cee478d1bc5c68d300
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll
executable
MD5: bfb08fb09e8d68673f2f0213c59e2b97
SHA256: 6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-crt-environment-l1-1-0.dll
executable
MD5: 45c54a21261180410091cefb23f6a5ae
SHA256: 2b0fea07db507b7266346eab3ca7ede3821876aadc519daf059b130b85640918
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\msvcp120.dll
executable
MD5: e3244fdcec84c99e4b60227eb3b70893
SHA256: 81fbc2824e73f0d101d91854694a52e79db0ffaadbb2a10deaaf47b3b7f9b2b0
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msvcp120.dll
executable
MD5: e3244fdcec84c99e4b60227eb3b70893
SHA256: 81fbc2824e73f0d101d91854694a52e79db0ffaadbb2a10deaaf47b3b7f9b2b0
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\mso40uires.dll
executable
MD5: 0171085fb3161d2a125bf289298d4372
SHA256: 3b7a093feca175f6523cd7604b6299d6990fe47c6c371497e4de74698f0f2ecb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\api-ms-win-core-synch-l1-2-0.dll
executable
MD5: f6b4d8d403d22eb87a60bf6e4a3e7041
SHA256: 25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\msvcp140.dll
executable
MD5: 774997bd018a0cc54c42bb545ebb400c
SHA256: 7bf763dab6ec4c1840e1ec884e23c42ab78ab1e59d706b7fa994025c8d31219a
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msvcp140.dll
executable
MD5: 774997bd018a0cc54c42bb545ebb400c
SHA256: 7bf763dab6ec4c1840e1ec884e23c42ab78ab1e59d706b7fa994025c8d31219a
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\msvcr120.dll
executable
MD5: 1a22ac29230ff06e278cf85992f48c86
SHA256: 3a3f61f1d187142bba9b37b318f6052a09743ff24fcdb3cee478d1bc5c68d300
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\msointl30.es-es.dll
executable
MD5: e7d731250f4da80dc2f0a7539c936bc0
SHA256: e11cf6a41cfabb2d374d97f0d91796eda1bd4a0285bb496373d0ecc62aad108e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\OfficeC2RClient.exe
executable
MD5: ace3660770112bf0bf8edb78ef2d5503
SHA256: 95d37c63615c7bd537b896ecedd3f1e13e00938d19535c37cb5d80ef8f7d1258
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso40uires.dll
executable
MD5: 0171085fb3161d2a125bf289298d4372
SHA256: 3b7a093feca175f6523cd7604b6299d6990fe47c6c371497e4de74698f0f2ecb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll
executable
MD5: 5245f303e96166b8e625dd0a97e2d66a
SHA256: 90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe
executable
MD5: 1d65debecf6d631e2fda1dbff0174e42
SHA256: f1f981a68d6503ef56574204ecd6673087eb6feb6b9fbe4f5ab1413f90a5f1ee
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\OfficeClickToRun.exe
executable
MD5: 82f6960dd084606c49edf9b615c4b36b
SHA256: 71327dc9344115fc530d21a4c6401ed003d75dab491cec72f93bb3631db0e866
3084
OfficeClickToRun.exe
C:\Program Files\Microsoft Office 15\ClientX86\IntegratedOffice.exe
executable
MD5: 34e1f06209f103441fede45f0d901c4a
SHA256: 579d689827f64476c1dd45084dc744380f3c8b6a40966e0d88dfd2f6b2f90bbe
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\StreamServer.dll
executable
MD5: 1aba451b32f0a6349c249b043552dd4e
SHA256: 185cdab6eebbca29bc57056918d348be4c3161d9e54d9e86e434910e81da63df
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\OfficeC2RCom.dll
executable
MD5: 543037838352e391fbb681f7a113b9cf
SHA256: c8fb5e31e81e7eee7c635efe197257611254c080f13833288e8694c935991158
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RINTL.bg-bg.dll
executable
MD5: 3add1ffc1a4abed60dff0678b44b943b
SHA256: e02b3353d3de2c487ca72baebb6cd63dd85baf2e602d561d954397454eb86a43
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVIntegration.dll
executable
MD5: 7b0b4941659579ad3dbf60d29259eb09
SHA256: 665f07caab33e1bec2c83ec74b1042fb8dd3b41e4a8053a78a2dd41806f48e33
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R61FEF9E2-43DE-451D-8B5A-AAE4C346471F\i323082.hash
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\i320.hash
text
MD5: 9e70dba881b6807f3125b32f1954b5da
SHA256: 0772f3cd9654ac48752085bef6cc39bb02cd4d600a2452830d0ba696c2ac06df
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVClient.man
xml
MD5: 98bf5a6cf9d866640e120894824304f6
SHA256: ac5575f583abf5d0d20b926f7c989131586bda9cf19db3d719af7a01dfc2273a
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\AppVClientIsv.man
xml
MD5: eff70efd2c66a9241291560f3977b195
SHA256: 6b5cc677bb215c5f402e1413b0872eba465c8755fdaef0cf9e6af20b1866aaa9
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVClient.man
xml
MD5: 98bf5a6cf9d866640e120894824304f6
SHA256: ac5575f583abf5d0d20b926f7c989131586bda9cf19db3d719af7a01dfc2273a
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2CD1F910DD5DC23C234E99A91DE345C0
binary
MD5: c188df4ec4f95a1b2800bfe07762ae73
SHA256: f5e2f71a0fd25e9b62f90282fd9a41a8010554dc03a8eee5a98c2584ee0e76cf
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A583E2A51BFBDC1E492A57B7C8325850
binary
MD5: cfe1023713d899ac45661069e6b12fa6
SHA256: 178760be131ec4577ecdb5d5f5dc70814b368f2a8ee5b6fe98d2ad2d955c9302
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\vcruntime140.dll
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\vccorlib140.dll
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ucrtbase.dll
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\SubsystemController.man
xml
MD5: aacf231fb3529afd5b2488704f8f9b82
SHA256: 7c112558cd5777f787e3d4bcced67b08cc63541294635e8bdbc0063c3c7fa081
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A583E2A51BFBDC1E492A57B7C8325850
der
MD5: e2cd4b6908951c3ac33fff1180f3a820
SHA256: 9aa22c7f0083d9a2f3e52d2dd5217615a69a0be398af3b1cf0d123eaadf747f2
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientCapabilities.json
text
MD5: 96ce107c5fb9ce67de12d7df7a9275e8
SHA256: 0f3a635894e56d558346837a983473090c866b909872c482c2e9fac65b298ddb
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\SharedPerformance.man
xml
MD5: e21b7e03173fd8591b9906096c451e1a
SHA256: 6fbbb678f1bf875900bcacc5cdbf73aff82147fbf8f35c0fd57391bfc094693e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\C2RHeartbeatConfig.xml
xml
MD5: cdd1fb1c46f6c3b304625a288dbf7c99
SHA256: dcd0aab257eb6514847f82070f947fd3c5a760f9a510084db980f6fdee53c9b0
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ServiceWatcherSchedule.xml
xml
MD5: eebd1ed93f54772302324ae7fc741ac7
SHA256: f3b0dc236db906b513e7faa2185ee38112079a71cfb8dcf489f8c022f292c82d
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\OfficeUpdateSchedule.xml
xml
MD5: 3a883f8166d0a0f41127505491ef19f3
SHA256: ed69a0b39842b0eac3a99ceb1a82985ed226ca823efd95bb5d72c50ec6d9391b
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
binary
MD5: 4ce6795c1fbb8583bd303e5fc4d1e41e
SHA256: 13cf569886fb4bee5534c62316a9fe078338c0de272b71bd84ab4dc2558dd573
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4C7F163ED126D5C3CB9457F68EC64E9E
der
MD5: f9c0300cd467835c6960fcd8b7e04167
SHA256: 1c3ef86d25259eb272d38529a5150fe666c9febe0221fc6869c415fd57fc2ced
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4C7F163ED126D5C3CB9457F68EC64E9E
binary
MD5: e0874f2436420050c7379e507fcc8612
SHA256: 3566a261edc2fcde9206eb086c2a747d75ffa8a96a92ed360440058452507fea
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RHeartbeatConfig.xml
xml
MD5: cdd1fb1c46f6c3b304625a288dbf7c99
SHA256: dcd0aab257eb6514847f82070f947fd3c5a760f9a510084db980f6fdee53c9b0
3084
OfficeClickToRun.exe
C:\Windows\TEMP\Tar33D4.tmp
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ClientEventLogMessages.man
xml
MD5: 9a9a5f91ca03c8fea03bb8ac25475a12
SHA256: f3dc361d94356c8f4c4632ff98f5e990ebe80a18f0624896dcb9159aff0834e1
3084
OfficeClickToRun.exe
C:\Windows\TEMP\Cab33D3.tmp
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\FrequentOfficeUpdateSchedule.xml
xml
MD5: 34c23504fb391504b56f6c9638683c85
SHA256: d9f27a03289fa1186e4c5b525597ec07aa308342967a7227f54904730ed4c40a
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\FrequentOfficeUpdateSchedule.xml
xml
MD5: 34c23504fb391504b56f6c9638683c85
SHA256: d9f27a03289fa1186e4c5b525597ec07aa308342967a7227f54904730ed4c40a
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
der
MD5: ac52b7d4532886829cfb43fd2f95f870
SHA256: db6c5ef92fbca07982eb1fac39553e923c0b2eb7fdd77a2d4fd3d6fcb6d1fba5
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\i320.hash
text
MD5: 9e70dba881b6807f3125b32f1954b5da
SHA256: 0772f3cd9654ac48752085bef6cc39bb02cd4d600a2452830d0ba696c2ac06df
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RA9E77CBE-4F78-4119-8EE8-E83D267D36E1\i320.cab
––
MD5:  ––
SHA256:  ––
3084
OfficeClickToRun.exe
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2CD1F910DD5DC23C234E99A91DE345C0
der
MD5: 4a19ffa897d39642f42ad72da7e703cd
SHA256: 2fe799d07463ae7e0e07fdc4a1b5ee7bfe42f2e402da9d4eca35e2166d99cd01
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\i323082.hash
text
MD5: 8db1f90fe553f9bf3e7bf68bf3a39a1f
SHA256: f6fac8ab483ea2af190a62e3d339a05309d8ff8d1320b11c0bf32e9cf2c78b4e
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R61FEF9E2-43DE-451D-8B5A-AAE4C346471F\msointl30.es-es.dll
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ClientCapabilities.json
text
MD5: 96ce107c5fb9ce67de12d7df7a9275e8
SHA256: 0f3a635894e56d558346837a983473090c866b909872c482c2e9fac65b298ddb
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2R0B9502A0-52D5-4770-B1C3-3AF3E790929E\i323082.cab
––
MD5:  ––
SHA256:  ––
3924
powershell.exe
C:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch
––
MD5:  ––
SHA256:  ––
3924
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
binary
MD5: 901ecdf767744e6bb59cb023757886e3
SHA256: 48a990a7b1201bfd70f417698302a6299d036a6574e558a96000af48469479e1
3924
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF19f2e2.TMP
binary
MD5: 901ecdf767744e6bb59cb023757886e3
SHA256: 48a990a7b1201bfd70f417698302a6299d036a6574e558a96000af48469479e1
3924
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XIB7ZESJHRZ2OE8NNC2U.temp
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RFFF641DA-ED0D-4DC3-AFFE-734878431F68\VersionDescriptor.xml
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RFFF641DA-ED0D-4DC3-AFFE-734878431F68OfficeC2RA2ADB74C-2A70-4BD0-B907-FEF8A7FF81A5\VersionDescriptor.xml
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RFFF641DA-ED0D-4DC3-AFFE-734878431F68\v32.hash
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RFFF641DA-ED0D-4DC3-AFFE-734878431F68OfficeC2RA2ADB74C-2A70-4BD0-B907-FEF8A7FF81A5\v32.hash
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
binary
MD5: bd974b315702eea53a6dda7b4e91a053
SHA256: d1783ae32955ac85ffed13bc07ec4719caddb6bc256ebdb99f34411722c362fc
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76
der
MD5: 2a90a343905eda4fe4644428990fcade
SHA256: b53206c385cac48a181602e1740d4c706d065bf4a53bbe2ec8513b32ee811f5c
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21
binary
MD5: 4846def99bb0539ad90980b6a4fa71d5
SHA256: bb857f56ec95978fb937af98c876cb7462f4bc7e889d21bd0c4aa2850759afb2
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21
der
MD5: 1024e2a88ce5c36229a8b24da45ce102
SHA256: 480b5e6078da1927d7e59ae7fadcd0d1586764bb66bd98f8b65f75e097e12e9d
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\TarF014.tmp
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\CabF013.tmp
––
MD5:  ––
SHA256:  ––
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
binary
MD5: e26cd784d2a0ef9ce7050898f6b1658f
SHA256: e98c9afc37da1a5c8f57a54e59c0fc11d1262d1a87fab9ca434b909fe1cf12e3
2820
download[1].exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
der
MD5: ac52b7d4532886829cfb43fd2f95f870
SHA256: db6c5ef92fbca07982eb1fac39553e923c0b2eb7fdd77a2d4fd3d6fcb6d1fba5
2820
download[1].exe
C:\Users\admin\AppData\Local\Temp\OfficeC2RFFF641DA-ED0D-4DC3-AFFE-734878431F68\v32_16.0.11029.20079.cab
compressed
MD5: 5e64f192a1bbb97d433548a9ce01a265
SHA256: f2647a4c00a35df0fe2e014a434148c9b7bd01fb803170b171c32e3f2c203e46
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0E704B65-F927-11E8-BAD8-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2856
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFE01783410B5D7EEE.TMP
––
MD5:  ––
SHA256:  ––
3252
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 4562288aa8050ffb1aedf2a837b60ca6
SHA256: 88fb8ec487525d89946f71a4102c69707c6246f11fffa490e7a4630d0b1c39c0
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: 45650b17a0dff54865f0dfb4ce557f89
SHA256: bca6c381710fcfea1ab8f2d84d43870e761580c1d43c3dd9ff76db30f9e42174
3252
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012018120620181207\index.dat
dat
MD5: 08805c465209cbe8a03188a68f2b06db
SHA256: 01fd7080dde4e2978b19b7b9985ec76aae7c401782d66cd5894a7e6118057a4c
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\setupskypeforbusinessentryretail.x86.es-es_[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\download[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVClientIsv.man
xml
MD5: eff70efd2c66a9241291560f3977b195
SHA256: 6b5cc677bb215c5f402e1413b0872eba465c8755fdaef0cf9e6af20b1866aaa9
2820
download[1].exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRunOfficeC2R046FC68E-D091-4F94-A926-9D2093E6D9E5\ClientEventLogMessages.man
xml
MD5: 9a9a5f91ca03c8fea03bb8ac25475a12
SHA256: f3dc361d94356c8f4c4632ff98f5e990ebe80a18f0624896dcb9159aff0834e1
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{0E704B66-F927-11E8-BAD8-5254004A04AF}.dat
binary
MD5: 0cf20415135839e9a38aa1e5bee61855
SHA256: 108f22fb2439e21eb44c18ac925c99dd7461d009e4d04607e3d3cda4f9bdde2a
2856
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF812FCEA904287765.TMP
––
MD5:  ––
SHA256:  ––
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2856
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2856
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
23
TCP/UDP connections
12
DNS requests
9
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2856 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2820 download[1].exe HEAD 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
––
––
whitelisted
2820 download[1].exe HEAD 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
––
––
whitelisted
2820 download[1].exe HEAD 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
––
––
whitelisted
2820 download[1].exe HEAD 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
––
––
whitelisted
2820 download[1].exe GET 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
––
––
whitelisted
2820 download[1].exe GET 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.11029.20079.cab unknown
compressed
whitelisted
2820 download[1].exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl unknown
der
whitelisted
2820 download[1].exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl unknown
der
whitelisted
2820 download[1].exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl unknown
der
whitelisted
2820 download[1].exe HEAD 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i323082.cab unknown
––
––
whitelisted
2820 download[1].exe HEAD 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i323082.cab unknown
compressed
whitelisted
2820 download[1].exe GET 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i323082.cab unknown
––
––
whitelisted
2820 download[1].exe GET 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i323082.cab unknown
compressed
whitelisted
2820 download[1].exe HEAD 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i320.cab unknown
––
––
whitelisted
2820 download[1].exe HEAD 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i320.cab unknown
compressed
whitelisted
2820 download[1].exe GET 301 2.18.232.120:80 http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i320.cab unknown
––
––
whitelisted
2820 download[1].exe GET 200 2.16.186.83:80 http://officecdn.microsoft.com.edgesuite.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.11029.20079/i320.cab unknown
compressed
whitelisted
3084 OfficeClickToRun.exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl unknown
der
whitelisted
3084 OfficeClickToRun.exe GET 200 2.21.41.70:80 http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl FR
der
whitelisted
3084 OfficeClickToRun.exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl unknown
der
whitelisted
3084 OfficeClickToRun.exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl unknown
der
whitelisted
3084 OfficeClickToRun.exe GET 200 2.16.186.74:80 http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl unknown
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2856 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3252 iexplore.exe 52.109.20.8:443 Microsoft Corporation US unknown
2244 download[1].exe 52.232.69.150:443 Microsoft Corporation NL whitelisted
2244 download[1].exe 13.107.3.128:443 Microsoft Corporation US whitelisted
2820 download[1].exe 52.109.76.40:443 Microsoft Corporation IE unknown
2820 download[1].exe 2.18.232.120:80 Akamai International B.V. –– whitelisted
2820 download[1].exe 2.16.186.83:80 Akamai International B.V. –– whitelisted
2820 download[1].exe 2.16.186.74:80 Akamai International B.V. –– whitelisted
3084 OfficeClickToRun.exe 52.232.69.150:443 Microsoft Corporation NL whitelisted
3084 OfficeClickToRun.exe 13.107.3.128:443 Microsoft Corporation US whitelisted
3084 OfficeClickToRun.exe 2.16.186.74:80 Akamai International B.V. –– whitelisted
3084 OfficeClickToRun.exe 2.21.41.70:80 GTT Communications Inc. FR suspicious

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
c2rsetup.officeapps.live.com 52.109.20.8
whitelisted
client-office365-tas.msedge.net 52.232.69.150
whitelisted
config.edge.skype.com 13.107.3.128
whitelisted
mrodevicemgr.officeapps.live.com 52.109.76.40
whitelisted
officecdn.microsoft.com 2.18.232.120
whitelisted
officecdn.microsoft.com.edgesuite.net 2.16.186.83
2.16.186.90
whitelisted
crl.microsoft.com 2.16.186.74
2.16.186.120
whitelisted
www.microsoft.com 2.21.41.70
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.