General Info

URL

http://uploads.treeunfe.me/downloads/instalar-freenfe.exe

Full analysis
https://app.any.run/tasks/fb486e64-f53b-4163-8937-f492ea06b42f
Verdict
Malicious activity
Analysis date
7/11/2019, 21:33:36
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • hmnfe.exe (PID: 1416)
  • fbguard.exe (PID: 3444)
  • fbserver.exe (PID: 2680)
  • instclient.exe (PID: 3408)
  • regsvr32.exe (PID: 3104)
  • regsvr32.exe (PID: 3900)
Application was dropped or rewritten from another process
  • fbserver.exe (PID: 2680)
  • instsvc.exe (PID: 4020)
  • instsvc.exe (PID: 3260)
  • instsvc.exe (PID: 1436)
  • instreg.exe (PID: 2700)
  • instclient.exe (PID: 3408)
  • fbguard.exe (PID: 3444)
  • Firebird-2.5.7.27050_0_Win32.exe (PID: 2548)
  • AnyDeskMSI.exe (PID: 3072)
  • AnyDeskMSI.exe (PID: 412)
  • instalar-freenfe.exe (PID: 3468)
  • instalar-freenfe.exe (PID: 3180)
Writes to a start menu file
  • msiexec.exe (PID: 3188)
Changes settings of System certificates
  • msiexec.exe (PID: 3188)
Registers / Runs the DLL via REGSVR32.EXE
  • instalar-freenfe.tmp (PID: 2440)
Downloads executable files from the Internet
  • chrome.exe (PID: 2752)
Executed as Windows Service
  • fbserver.exe (PID: 2680)
  • fbguard.exe (PID: 3444)
  • AnyDeskMSI.exe (PID: 3072)
Creates files in the program directory
  • fbserver.exe (PID: 2680)
  • fbguard.exe (PID: 3444)
  • AnyDeskMSI.exe (PID: 3072)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 3120)
Creates files in the Windows directory
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • instclient.exe (PID: 3408)
  • msiexec.exe (PID: 3188)
  • instalar-freenfe.tmp (PID: 2440)
Executable content was dropped or overwritten
  • instclient.exe (PID: 3408)
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • Firebird-2.5.7.27050_0_Win32.exe (PID: 2548)
  • msiexec.exe (PID: 3188)
  • instalar-freenfe.tmp (PID: 2440)
  • instalar-freenfe.exe (PID: 3468)
  • instalar-freenfe.exe (PID: 3180)
  • chrome.exe (PID: 3120)
Starts Microsoft Installer
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • instalar-freenfe.tmp (PID: 2440)
Removes files from Windows directory
  • msiexec.exe (PID: 3188)
Modifies the open verb of a shell class
  • msiexec.exe (PID: 3188)
Creates files in the user directory
  • AnyDeskMSI.exe (PID: 412)
Adds / modifies Windows certificates
  • msiexec.exe (PID: 3188)
Creates COM task schedule object
  • regsvr32.exe (PID: 3104)
  • regsvr32.exe (PID: 3900)
Creates a software uninstall entry
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • msiexec.exe (PID: 3188)
  • instalar-freenfe.tmp (PID: 2440)
Application was dropped or rewritten from another process
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • instalar-freenfe.tmp (PID: 2440)
  • instalar-freenfe.tmp (PID: 2504)
Loads dropped or rewritten executable
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
  • MsiExec.exe (PID: 2060)
  • MsiExec.exe (PID: 3052)
Application launched itself
  • msiexec.exe (PID: 3188)
  • chrome.exe (PID: 3120)
Creates files in the program directory
  • msiexec.exe (PID: 3188)
  • instalar-freenfe.tmp (PID: 2440)
  • Firebird-2.5.7.27050_0_Win32.tmp (PID: 556)
Changes settings of System certificates
  • chrome.exe (PID: 3120)
Reads settings of System Certificates
  • chrome.exe (PID: 2752)
Creates files in the user directory
  • chrome.exe (PID: 3120)
Reads Internet Cache Settings
  • chrome.exe (PID: 3120)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
90
Monitored processes
45
Malicious processes
13
Suspicious processes
2

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs instalar-freenfe.exe instalar-freenfe.tmp no specs instalar-freenfe.exe instalar-freenfe.tmp chrome.exe no specs regsvr32.exe no specs regsvr32.exe no specs msiexec.exe no specs msiexec.exe msiexec.exe no specs msiexec.exe no specs anydeskmsi.exe anydeskmsi.exe no specs firebird-2.5.7.27050_0_win32.exe firebird-2.5.7.27050_0_win32.tmp msiexec.exe no specs msiexec.exe no specs instreg.exe no specs instclient.exe instsvc.exe no specs instsvc.exe no specs instsvc.exe no specs fbguard.exe no specs fbserver.exe no specs hmnfe.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3120
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://uploads.treeunfe.me/downloads/instalar-freenfe.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\audioses.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\instalar-freenfe.exe
c:\windows\system32\credssp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\mpr.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll

PID
3796
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6c88a9d0,0x6c88a9e0,0x6c88a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3036
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3124 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
2344
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3658274024533897725 --mojo-platform-channel-handle=1048 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2752
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=2204359952594459775 --mojo-platform-channel-handle=1624 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
2756
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13637798891525147456 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3580
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=70674444237992938 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1632
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10439607393046261428 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3308
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16484287945293066915 --mojo-platform-channel-handle=3468 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2976
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=116577591184681208 --mojo-platform-channel-handle=3000 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3180
CMD
"C:\Users\admin\Downloads\instalar-freenfe.exe"
Path
C:\Users\admin\Downloads\instalar-freenfe.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
FreeNFe
Description
Emissor de Nota Fiscal Eletrônica - NFe e NFCe
Version
2019
Modules
Image
c:\users\admin\downloads\instalar-freenfe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-9j2db.tmp\instalar-freenfe.tmp

PID
2504
CMD
"C:\Users\admin\AppData\Local\Temp\is-9J2DB.tmp\instalar-freenfe.tmp" /SL5="$5012E,46520509,57856,C:\Users\admin\Downloads\instalar-freenfe.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-9J2DB.tmp\instalar-freenfe.tmp
Indicators
No indicators
Parent process
instalar-freenfe.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-9j2db.tmp\instalar-freenfe.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3468
CMD
"C:\Users\admin\Downloads\instalar-freenfe.exe" /SPAWNWND=$30168 /NOTIFYWND=$5012E
Path
C:\Users\admin\Downloads\instalar-freenfe.exe
Indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
FreeNFe
Description
Emissor de Nota Fiscal Eletrônica - NFe e NFCe
Version
2019
Modules
Image
c:\users\admin\downloads\instalar-freenfe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\version.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\temp\is-6d74p.tmp\instalar-freenfe.tmp

PID
2440
CMD
"C:\Users\admin\AppData\Local\Temp\is-6D74P.tmp\instalar-freenfe.tmp" /SL5="$40166,46520509,57856,C:\Users\admin\Downloads\instalar-freenfe.exe" /SPAWNWND=$30168 /NOTIFYWND=$5012E
Path
C:\Users\admin\AppData\Local\Temp\is-6D74P.tmp\instalar-freenfe.tmp
Indicators
Parent process
instalar-freenfe.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.52.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-6d74p.tmp\instalar-freenfe.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\freenfe\hmnfe.exe
c:\windows\system32\regsvr32.exe
c:\windows\system32\msiexec.exe
c:\freenfe\firebird-2.5.7.27050_0_win32.exe
c:\windows\system32\netutils.dll

PID
1240
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6065637966451811971 --mojo-platform-channel-handle=2956 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3900
CMD
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\capicom.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\capicom.dll
c:\windows\system32\mssign32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wintrust.dll

PID
3104
CMD
"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msxml5.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msxml5.dll
c:\windows\system32\advpack.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\wintrust.dll

PID
1472
CMD
"msiexec.exe" /i C:\Users\admin\AppData\Local\Temp\is-3TRC6.tmp\AnyDesk.msi /quiet
Path
C:\Windows\system32\msiexec.exe
Indicators
No indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll

PID
3188
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
c:\windows\system32\sxsstore.dll

PID
2060
CMD
C:\Windows\system32\MsiExec.exe -Embedding 749917C1B6A14252C151DC5C7DD08557
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi2f7a.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3052
CMD
C:\Windows\system32\MsiExec.exe -Embedding 385DADF8FE158C1B54445686DC322E68 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi30f3.tmp
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
3072
CMD
"C:\Program Files\AnyDeskMSI\AnyDeskMSI.exe" --service
Path
C:\Program Files\AnyDeskMSI\AnyDeskMSI.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Description
Version
Modules
Image
c:\program files\anydeskmsi\anydeskmsi.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\atl.dll
c:\windows\system32\slc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll

PID
412
CMD
"C:\Program Files\AnyDeskMSI\AnyDeskMSI.exe" --control
Path
C:\Program Files\AnyDeskMSI\AnyDeskMSI.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\program files\anydeskmsi\anydeskmsi.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sspicli.dll

PID
2548
CMD
"C:\FreeNFe\Firebird-2.5.7.27050_0_Win32.exe" /FORCE /VERYSILENT /NORESTART /LOG="C:\FreeNFe\LOGFB.TXT" /SAVEINF="C:\FreeNFe\SAVEINF.TXT" /NOCANCEL /COMPONENTS="ServerComponent\SuperServerComponent,ServerComponent,DevAdminComponent,ClientComponent"
Path
C:\FreeNFe\Firebird-2.5.7.27050_0_Win32.exe
Indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird Setup
Version
2.5.7.27050
Modules
Image
c:\freenfe\firebird-2.5.7.27050_0_win32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-f273f.tmp\firebird-2.5.7.27050_0_win32.tmp

PID
556
CMD
"C:\Users\admin\AppData\Local\Temp\is-F273F.tmp\Firebird-2.5.7.27050_0_Win32.tmp" /SL5="$20088,6180510,54272,C:\FreeNFe\Firebird-2.5.7.27050_0_Win32.exe" /FORCE /VERYSILENT /NORESTART /LOG="C:\FreeNFe\LOGFB.TXT" /SAVEINF="C:\FreeNFe\SAVEINF.TXT" /NOCANCEL /COMPONENTS="ServerComponent\SuperServerComponent,ServerComponent,DevAdminComponent,ClientComponent"
Path
C:\Users\admin\AppData\Local\Temp\is-F273F.tmp\Firebird-2.5.7.27050_0_Win32.tmp
Indicators
Parent process
Firebird-2.5.7.27050_0_Win32.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.50.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-f273f.tmp\firebird-2.5.7.27050_0_win32.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\is-f8lse.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\firebird\firebird_2_5\bin\isql.exe
c:\program files\firebird\firebird_2_5\unins000.exe
c:\windows\system32\msiexec.exe
c:\program files\firebird\firebird_2_5\bin\instreg.exe
c:\program files\firebird\firebird_2_5\bin\instclient.exe
c:\program files\firebird\firebird_2_5\bin\instsvc.exe
c:\windows\system32\netutils.dll

PID
1336
CMD
"msiexec.exe" /qn /i "C:\Users\admin\AppData\Local\Temp\is-F8LSE.tmp\vccrt8_Win32.msi" /L*v "C:\Users\admin\AppData\Local\Temp\is-F8LSE.tmp\vccrt8_Win32.log"
Path
C:\Windows\system32\msiexec.exe
Indicators
No indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
1944
CMD
C:\Windows\system32\MsiExec.exe -Embedding D9B3002DCFBF5EA40F1C3CA446C0A772
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi7448.tmp

PID
2700
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\instreg.exe" install
Path
C:\Program Files\Firebird\Firebird_2_5\bin\instreg.exe
Indicators
No indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\instreg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3408
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\instclient.exe" install gds32
Path
C:\Program Files\Firebird\Firebird_2_5\bin\instclient.exe
Indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\instclient.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\firebird\firebird_2_5\bin\fbclient.dll

PID
1436
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe" remove
Path
C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe
Indicators
No indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\instsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3260
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe" install -auto -superserver -guardian -n DefaultInstance
Path
C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe
Indicators
No indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\instsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
4020
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe" start -n DefaultInstance
Path
C:\Program Files\Firebird\Firebird_2_5\bin\instsvc.exe
Indicators
No indicators
Parent process
Firebird-2.5.7.27050_0_Win32.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\instsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3444
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance
Path
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\fbguard.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\firebird\firebird_2_5\bin\fbclient.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll

PID
2680
CMD
"C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance
Path
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Firebird Project
Description
Firebird SQL Server
Version
WI-V2.5.7.27050
Modules
Image
c:\program files\firebird\firebird_2_5\bin\fbserver.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mpr.dll
c:\program files\firebird\firebird_2_5\bin\icuuc30.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\program files\firebird\firebird_2_5\bin\icudt30.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\program files\firebird\firebird_2_5\bin\ib_util.dll
c:\program files\firebird\firebird_2_5\intl\fbintl.dll
c:\program files\firebird\firebird_2_5\plugins\fbtrace.dll

PID
1416
CMD
"C:\FreeNFe\hmnfe.exe"
Path
C:\FreeNFe\hmnfe.exe
Indicators
Parent process
instalar-freenfe.tmp
User
admin
Integrity Level
HIGH
Version:
Company
Treeunfe Informática Ltda.
Description
Emissor de Nota Fiscal Eletrônica NFe | NFCe
Version
4.0.0.1411
Modules
Image
c:\freenfe\hmnfe.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cryptui.dll
c:\freenfe\libeay32.dll
c:\freenfe\libgcc_s_dw2-1.dll
c:\freenfe\libwinpthread-1.dll
c:\freenfe\libxml2.dll
c:\freenfe\iconv.dll
c:\freenfe\zlib1.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\freenfe\ssleay32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\colorui.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\compstui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\inetres.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\softpub.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\msftedit.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\freenfe\fbclient.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll

PID
3896
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8849922752166261405 --mojo-platform-channel-handle=656 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1816
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3241234598788002468 --mojo-platform-channel-handle=2052 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3840
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13435917043837579918 --mojo-platform-channel-handle=1940 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1728
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13725932306966860282 --mojo-platform-channel-handle=616 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2868
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16614944783145397653 --mojo-platform-channel-handle=560 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1728
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5649969523108248437 --mojo-platform-channel-handle=4060 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\imm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptbase.dll

PID
2064
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5280869590310756199 --mojo-platform-channel-handle=4064 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1012
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2100796955925239937 --mojo-platform-channel-handle=616 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3016
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1219754812138524278 --mojo-platform-channel-handle=4188 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2260
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1032,3662675631474631840,4693937262859592294,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1510282060900233259 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
3272
Read events
2272
Write events
983
Delete events
17

Modification events

PID
Process
Operation
Key
Name
Value
3120
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3120
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3120
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13207347233613750
3120
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000077000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B00130022001600A30300000000
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B00130022001600A70300000000
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\EAB040689A0D805B5D6FD654FC168CFF00B78BE3
Blob
030000000100000014000000EAB040689A0D805B5D6FD654FC168CFF00B78BE31400000001000000140000005379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB040000000100000010000000DB78CBD190952735D940BC80AC2432C00F0000000100000030000000435FE6564241D6B3828352EF9BE443D511C21F0AFB325C4038A5820F00D87774A8EF2193DDAAE065B2572FAF2BF0EE63190000000100000010000000EA6089055218053DD01E37E1D806EEDF18000000010000001000000045ED9BBC5E43D3B9ECD63C060DB78E5C20000000010000007B050000308205773082045FA003020102021013EA28705BF4ECED0C36630980614336300D06092A864886F70D01010C0500306F310B300906035504061302534531143012060355040A130B416464547275737420414231263024060355040B131D41646454727573742045787465726E616C20545450204E6574776F726B312230200603550403131941646454727573742045787465726E616C20434120526F6F74301E170D3030303533303130343833385A170D3230303533303130343833385A308188310B3009060355040613025553311330110603550408130A4E6577204A6572736579311430120603550407130B4A65727365792043697479311E301C060355040A131554686520555345525452555354204E6574776F726B312E302C06035504031325555345525472757374205253412043657274696669636174696F6E20417574686F7269747930820222300D06092A864886F70D01010105000382020F003082020A028202010080126517360EC3DB08B3D0AC570D76EDCD27D34CAD508361E2AA204D092D6409DCCE899FCC3DA9ECF6CFC1DCF1D3B1D67B3728112B47DA39C6BC3A19B45FA6BD7D9DA36342B676F2A93B2B91F8E26FD0EC162090093EE2E874C918B491D46264DB7FA306F188186A90223CBCFE13F087147BF6E41F8ED4E451C61167460851CB8614543FBC33FE7E6C9CFF169D18BD518E35A6A766C87267DB2166B1D49B7803C0503AE8CCF0DCBC9E4CFEAF0596351F575AB7FFCEF93DB72CB6F654DDC8E7123A4DAE4C8AB75C9AB4B7203DCA7F2234AE7E3B68660144E7014E46539B3360F794BE5337907343F332C353EFDBAAFE744E69C76B8C6093DEC4C70CDFE132AECC933B517895678BEE3D56FE0CD0690F1B0FF325266B336DF76E47FA7343E57E0EA566B1297C3284635589C40DC19354301913ACD37D37A7EB5D3A6C355CDB41D712DAA9490BDFD8808A0993628EB566CF2588CD84B8B13FA4390FD9029EEB124C957CF36B05A95E1683CCB867E2E8139DCC5B82D34CB3ED5BFFDEE573AC233B2D00BF3555740949D849581A7F9236E651920EF3267D1C4D17BCC9EC4326D0BF415F40A94444F499E757879E501F5754A83EFD74632FB1506509E658422E431A4CB4F0254759FA041E93D426464A5081B2DEBE78B7FC6715E1C957841E0F63D6E962BAD65F552EEA5CC62808042539B80E2BA9F24C971C073F0D52F5EDEF2F820F0203010001A381F43081F1301F0603551D23041830168014ADBD987A34B426F7FAC42654EF03BDE024CB541A301D0603551D0E041604145379BF5AAA2B4ACF5480E1D89BC09DF2B20366CB300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF30110603551D20040A300830060604551D200030440603551D1F043D303B3039A037A0358633687474703A2F2F63726C2E7573657274727573742E636F6D2F416464547275737445787465726E616C4341526F6F742E63726C303506082B0601050507010104293027302506082B060105050730018619687474703A2F2F6F6373702E7573657274727573742E636F6D300D06092A864886F70D01010C050003820101009365F63783950F5EC3821C1FD677E73C8AC0AA09F0E90B26F1E0C26A75A1C779C9B95260C829120EF0AD03D609C476DFE5A68195A746DA8257A99592C5B68F03226C3377C17B32176E07CE5A14413A05241BF614063BA825240EBBCC2A75DDB970413F7CD0633621071F46FF60A491E167BCDE1F7E1914C9636791EA67076BB48F8BC06E437DC3A1806CB21EBC53857DDC90A1A4BC2DEF4672573505BFBB46BB6E6D3799B6FF239291C66E40F88F2956EA5FD55F1453ACF04F61EAF722CCA7560BE2B8341F26D97B1905683FBA3CD43806A2D3E68F0EE3B4716D4042C584B440952BF465A04879F61D8163969D4F75E0F87CE48EA9D1F2AD8AB38CC721CDC2EF
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
23017FC81F38D501
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
7DC1A53671B0AD86281186E97BB423C53BFEF3BE849C9F117C64E6B6C465EDFD
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
4BD099A23B46E1F5599D4DAD2B3A3194266430F706431FFA786526E93377C6BC
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
1D19D6F0889A0A7B89C5F990A53D11567C3B7FAEAA31CE39E72856A118E0DDAD
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
5C8BC309C971CC8344FE979AC2B6A4E0C15FBAC832D2D0246AB59FABC57E32C9
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
08584A009CA5B005553F3F66F83642B2A18EDB87FD015CB4DA719D2EEE81F8C3
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
3F107882119309F3CD0868591E633FC385B3351196795AB0E030500395932F45
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
5D58C2FED93EFDED578B006CB02BBB8DEC329128E2D098172E1316CDD15254DC
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
77EE571443B5A98D5EFF9D8C58609FD6ACEB3157F2AE600539AC35B86A4DDA37
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
1693A9BD4D3EE7E8BE9801FD51127993675543898F2B477EBE64E0001E123FC9
3120
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
D72832C7F959959A36CB244EF72F9075BB494A1459CBE4DDC83D271A9BCDD6B8
3036
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3120-13207347232613750
259
2752
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2976
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
2976
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2976
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2976
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@sendmail.dll,-4
Mail recipient
2976
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
2440
instalar-freenfe.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
2440
instalar-freenfe.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
88090000B6E2BEB11F38D501
2440
instalar-freenfe.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
98A826CB8FE219CCF025FE71F6EA01D74D9209450ADF7FE3FDA51FD03413B84B
2440
instalar-freenfe.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
2440
instalar-freenfe.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\FreeNFe\hmnfe.exe
2440
instalar-freenfe.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
ACB60931A9D7EFFC07C88952D4309357F2CF3FED4F2F6CFC17EC9E156EE6603F
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: Setup Version
5.5.9 (a)
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: App Path
C:\FreeNFe
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
InstallLocation
C:\FreeNFe\
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: Icon Group
FreeNFe
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: User
admin
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: Selected Tasks
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: Deselected Tasks
desktopicon
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Inno Setup: Language
ptbr
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
DisplayName
FreeNFe
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
DisplayIcon
C:\FreeNFe\hmnfe.exe
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
UninstallString
"C:\Windows\system32\unins000.exe"
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
QuietUninstallString
"C:\Windows\system32\unins000.exe" /SILENT
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
DisplayVersion
2019
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Publisher
FreeNFe
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
URLInfoAbout
http://www.freenfe.com.br/
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
HelpTelephone
(11) 4950-7020
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
HelpLink
http://forum.freenfe.com.br/
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
URLUpdateInfo
http://www.freenfe.com.br/
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
Contact
http://www.freenfe.com.br/
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
NoModify
1
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
NoRepair
1
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
InstallDate
20190711
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
MajorVersion
2019
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
MinorVersion
0
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
VersionMajor
2019
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
VersionMinor
0
2440
instalar-freenfe.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeNFe_is1
EstimatedSize
114194
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Settings.1
Settings Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Settings.1\CLSID
{A996E48C-D3DC-4244-89F7-AFA33EC60679}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Settings
Settings Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Settings\CLSID
{A996E48C-D3DC-4244-89F7-AFA33EC60679}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Settings\CurVer
CAPICOM.Settings.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}
Settings Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\ProgID
CAPICOM.Settings.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\VersionIndependentProgID
CAPICOM.Settings
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A996E48C-D3DC-4244-89F7-AFA33EC60679}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.1
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.1\CLSID
{E38FD381-6404-4041-B5E9-B2739258941F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.2
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.2\CLSID
{E38FD381-6404-4041-B5E9-B2739258941F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.3
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate.3\CLSID
{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate\CLSID
{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificate\CurVer
CAPICOM.Certificate.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\ProgID
CAPICOM.Certificate.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\VersionIndependentProgID
CAPICOM.Certificate
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
Certificate Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\ProgID
CAPICOM.Certificate.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\VersionIndependentProgID
CAPICOM.Certificate
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.1
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.1\CLSID
{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.2
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.2\CLSID
{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.3
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.3\CLSID
{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.4
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates.4\CLSID
{3605B612-C3CF-4ab4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates\CLSID
{3605B612-C3CF-4ab4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Certificates\CurVer
CAPICOM.Certificates.4
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\ProgID
CAPICOM.Certificates.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\VersionIndependentProgID
CAPICOM.Certificates
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\ProgID
CAPICOM.Certificates.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\VersionIndependentProgID
CAPICOM.Certificates
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}
Certificates Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\ProgID
CAPICOM.Certificates.4
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\VersionIndependentProgID
CAPICOM.Certificates
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3605B612-C3CF-4ab4-A426-2D853391DB2E}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.1
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.1\CLSID
{78E61E52-0E57-4456-A2F2-517492BCBF8F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.2
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.2\CLSID
{78E61E52-0E57-4456-A2F2-517492BCBF8F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.3
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store.3\CLSID
{91D221C4-0CD4-461C-A728-01D509321556}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store\CLSID
{91D221C4-0CD4-461C-A728-01D509321556}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Store\CurVer
CAPICOM.Store.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\ProgID
CAPICOM.Store.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\VersionIndependentProgID
CAPICOM.Store
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}
Store Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\ProgID
CAPICOM.Store.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\VersionIndependentProgID
CAPICOM.Store
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91D221C4-0CD4-461C-A728-01D509321556}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.1
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.1\CLSID
{65104D73-BA60-4160-A95A-4B4782E7AA62}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.2
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.2\CLSID
{65104D73-BA60-4160-A95A-4B4782E7AA62}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.3
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain.3\CLSID
{550C8FFB-4DC0-4756-828C-862E6D0AE74F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain\CLSID
{550C8FFB-4DC0-4756-828C-862E6D0AE74F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Chain\CurVer
CAPICOM.Chain.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\ProgID
CAPICOM.Chain.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\VersionIndependentProgID
CAPICOM.Chain
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}
Chain Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\ProgID
CAPICOM.Chain.3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\VersionIndependentProgID
CAPICOM.Chain
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550C8FFB-4DC0-4756-828C-862E6D0AE74F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Attribute.1
Attribute Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Attribute.1\CLSID
{54BA1E8F-818D-407F-949D-BAE1692C5C18}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Attribute
Attribute Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Attribute\CLSID
{54BA1E8F-818D-407F-949D-BAE1692C5C18}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Attribute\CurVer
CAPICOM.Attribute.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}
Attribute Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\ProgID
CAPICOM.Attribute.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\VersionIndependentProgID
CAPICOM.Attribute
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54BA1E8F-818D-407F-949D-BAE1692C5C18}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer.1
Signer Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer.1\CLSID
{60A9863A-11FD-4080-850E-A8E184FC3A3C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer.2
Signer Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer.2\CLSID
{60A9863A-11FD-4080-850E-A8E184FC3A3C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer
Signer Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer\CLSID
{60A9863A-11FD-4080-850E-A8E184FC3A3C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Signer\CurVer
CAPICOM.Signer.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}
Signer Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\ProgID
CAPICOM.Signer.2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\VersionIndependentProgID
CAPICOM.Signer
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A9863A-11FD-4080-850E-A8E184FC3A3C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedData.1
SignedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedData.1\CLSID
{94AFFFCC-6C05-4814-B123-A941105AA77F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedData
SignedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedData\CLSID
{94AFFFCC-6C05-4814-B123-A941105AA77F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedData\CurVer
CAPICOM.SignedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}
SignedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\ProgID
CAPICOM.SignedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\VersionIndependentProgID
CAPICOM.SignedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94AFFFCC-6C05-4814-B123-A941105AA77F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EnvelopedData.1
EnvelopedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EnvelopedData.1\CLSID
{F3A12E08-EDE9-4160-8B51-334D982A9AD0}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EnvelopedData
EnvelopedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EnvelopedData\CLSID
{F3A12E08-EDE9-4160-8B51-334D982A9AD0}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EnvelopedData\CurVer
CAPICOM.EnvelopedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}
EnvelopedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\ProgID
CAPICOM.EnvelopedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\VersionIndependentProgID
CAPICOM.EnvelopedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3A12E08-EDE9-4160-8B51-334D982A9AD0}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData.1
EncryptedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData.1\CLSID
{A440BD76-CFE1-4D46-AB1F-15F238437A3D}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData
EncryptedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData\CLSID
{A440BD76-CFE1-4D46-AB1F-15F238437A3D}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.EncryptedData\CurVer
CAPICOM.EncryptedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}
EncryptedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\ProgID
CAPICOM.EncryptedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\VersionIndependentProgID
CAPICOM.EncryptedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A440BD76-CFE1-4D46-AB1F-15F238437A3D}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.OID.1
OID Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.OID.1\CLSID
{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.OID
OID Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.OID\CLSID
{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.OID\CurVer
CAPICOM.OID.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}
OID Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\ProgID
CAPICOM.OID.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\VersionIndependentProgID
CAPICOM.OID
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7BF3AC5C-CC84-429A-ACA5-74D916AD6B8C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.PrivateKey.1
PrivateKey Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.PrivateKey.1\CLSID
{03ACC284-B757-4B8F-9951-86E600D2CD06}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.PrivateKey
PrivateKey Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.PrivateKey\CLSID
{03ACC284-B757-4B8F-9951-86E600D2CD06}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.PrivateKey\CurVer
CAPICOM.PrivateKey.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}
PrivateKey Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\ProgID
CAPICOM.PrivateKey.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\VersionIndependentProgID
CAPICOM.PrivateKey
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ACC284-B757-4B8F-9951-86E600D2CD06}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1
ExtendedProperty Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.ExtendedProperty.1\CLSID
{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.ExtendedProperty
ExtendedProperty Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CLSID
{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.ExtendedProperty\CurVer
CAPICOM.ExtendedProperty.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}
ExtendedProperty Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\ProgID
CAPICOM.ExtendedProperty.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\VersionIndependentProgID
CAPICOM.ExtendedProperty
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7EA907-5810-4FCA-B817-CD0BBA8496FC}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedCode.1
SignedCode Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedCode.1\CLSID
{8C3E4934-9FA4-4693-9253-A29A05F99186}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedCode
SignedCode Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedCode\CLSID
{8C3E4934-9FA4-4693-9253-A29A05F99186}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.SignedCode\CurVer
CAPICOM.SignedCode.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}
SignedCode Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\ProgID
CAPICOM.SignedCode.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\VersionIndependentProgID
CAPICOM.SignedCode
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C3E4934-9FA4-4693-9253-A29A05F99186}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.HashedData.1
HashedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.HashedData.1\CLSID
{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.HashedData
HashedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.HashedData\CLSID
{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.HashedData\CurVer
CAPICOM.HashedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}
HashedData Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\ProgID
CAPICOM.HashedData.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\VersionIndependentProgID
CAPICOM.HashedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE32ABF6-475D-41F6-BF82-D27F03E3D38B}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Utilities.1
Utilities Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Utilities.1\CLSID
{22A85CE1-F011-4231-B9E4-7E7A0438F71B}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Utilities
Utilities Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Utilities\CLSID
{22A85CE1-F011-4231-B9E4-7E7A0438F71B}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CAPICOM.Utilities\CurVer
CAPICOM.Utilities.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}
Utilities Class
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\ProgID
CAPICOM.Utilities.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\VersionIndependentProgID
CAPICOM.Utilities
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\InprocServer32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\InprocServer32
ThreadingModel
Both
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22A85CE1-F011-4231-B9E4-7E7A0438F71B}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.1
CAPICOM v2.1 Type Library
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.1\FLAGS
0
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.1\0\win32
C:\Windows\system32\capicom.dll
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BD26B198-EE42-4725-9B23-AFA912434229}\2.1\HELPDIR
C:\Windows\system32
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A24104F5-46D0-4C0F-926D-665565908E91}
ISettings
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A24104F5-46D0-4C0F-926D-665565908E91}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A24104F5-46D0-4C0F-926D-665565908E91}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A24104F5-46D0-4C0F-926D-665565908E91}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A24104F5-46D0-4C0F-926D-665565908E91}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{976B7E6D-1002-4051-BFD4-824A74BD74E2}
IEKU
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{976B7E6D-1002-4051-BFD4-824A74BD74E2}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{976B7E6D-1002-4051-BFD4-824A74BD74E2}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{976B7E6D-1002-4051-BFD4-824A74BD74E2}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{976B7E6D-1002-4051-BFD4-824A74BD74E2}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47C87CEC-8C4B-4E3C-8D22-34280274EFD1}
IEKUs
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47C87CEC-8C4B-4E3C-8D22-34280274EFD1}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47C87CEC-8C4B-4E3C-8D22-34280274EFD1}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47C87CEC-8C4B-4E3C-8D22-34280274EFD1}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47C87CEC-8C4B-4E3C-8D22-34280274EFD1}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41DD35A8-9FF9-45A6-9A7C-F65B2F085D1F}
IKeyUsage
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41DD35A8-9FF9-45A6-9A7C-F65B2F085D1F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41DD35A8-9FF9-45A6-9A7C-F65B2F085D1F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41DD35A8-9FF9-45A6-9A7C-F65B2F085D1F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41DD35A8-9FF9-45A6-9A7C-F65B2F085D1F}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7289D408-987D-45D1-8DEE-CF9E91C2E90E}
IExtendedKeyUsage
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7289D408-987D-45D1-8DEE-CF9E91C2E90E}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7289D408-987D-45D1-8DEE-CF9E91C2E90E}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7289D408-987D-45D1-8DEE-CF9E91C2E90E}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7289D408-987D-45D1-8DEE-CF9E91C2E90E}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E298C47-ABA6-459E-851B-993D6C626EAD}
IBasicConstraints
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E298C47-ABA6-459E-851B-993D6C626EAD}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E298C47-ABA6-459E-851B-993D6C626EAD}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E298C47-ABA6-459E-851B-993D6C626EAD}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E298C47-ABA6-459E-851B-993D6C626EAD}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4EAB890-0786-406B-9B31-2746F31F8D87}
ICertificateStatus3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4EAB890-0786-406B-9B31-2746F31F8D87}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4EAB890-0786-406B-9B31-2746F31F8D87}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4EAB890-0786-406B-9B31-2746F31F8D87}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4EAB890-0786-406B-9B31-2746F31F8D87}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF95660E-F743-4EAC-9DE5-960787A4606C}
ICertificateStatus2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF95660E-F743-4EAC-9DE5-960787A4606C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF95660E-F743-4EAC-9DE5-960787A4606C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF95660E-F743-4EAC-9DE5-960787A4606C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF95660E-F743-4EAC-9DE5-960787A4606C}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB769053-6D38-49D4-86EF-5FA85ED3AF27}
ICertificateStatus
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB769053-6D38-49D4-86EF-5FA85ED3AF27}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB769053-6D38-49D4-86EF-5FA85ED3AF27}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB769053-6D38-49D4-86EF-5FA85ED3AF27}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB769053-6D38-49D4-86EF-5FA85ED3AF27}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA55E8FC-8E27-451B-AEA8-1470D80FAD42}
IOIDs
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA55E8FC-8E27-451B-AEA8-1470D80FAD42}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA55E8FC-8E27-451B-AEA8-1470D80FAD42}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA55E8FC-8E27-451B-AEA8-1470D80FAD42}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA55E8FC-8E27-451B-AEA8-1470D80FAD42}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{208E5E9B-58B1-4086-970F-161B582A846F}
IOID
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{208E5E9B-58B1-4086-970F-161B582A846F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{208E5E9B-58B1-4086-970F-161B582A846F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{208E5E9B-58B1-4086-970F-161B582A846F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{208E5E9B-58B1-4086-970F-161B582A846F}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68646716-BDA0-4046-AB82-4444BC93B84A}
ICertificates
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68646716-BDA0-4046-AB82-4444BC93B84A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68646716-BDA0-4046-AB82-4444BC93B84A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68646716-BDA0-4046-AB82-4444BC93B84A}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68646716-BDA0-4046-AB82-4444BC93B84A}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FE450DC-AD32-48D4-A366-01EE7E0B1374}
ICertificate2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FE450DC-AD32-48D4-A366-01EE7E0B1374}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FE450DC-AD32-48D4-A366-01EE7E0B1374}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FE450DC-AD32-48D4-A366-01EE7E0B1374}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FE450DC-AD32-48D4-A366-01EE7E0B1374}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BBA0B86-766C-4755-A443-243FF2BD8D29}
ICertificate
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BBA0B86-766C-4755-A443-243FF2BD8D29}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BBA0B86-766C-4755-A443-243FF2BD8D29}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BBA0B86-766C-4755-A443-243FF2BD8D29}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BBA0B86-766C-4755-A443-243FF2BD8D29}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F10FFCE-C922-476F-AA76-DF99D5BDFA2C}
ITemplate
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F10FFCE-C922-476F-AA76-DF99D5BDFA2C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F10FFCE-C922-476F-AA76-DF99D5BDFA2C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F10FFCE-C922-476F-AA76-DF99D5BDFA2C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F10FFCE-C922-476F-AA76-DF99D5BDFA2C}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72BF9ADA-6817-4C31-B43E-25F7C7B091F4}
IPublicKey
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72BF9ADA-6817-4C31-B43E-25F7C7B091F4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72BF9ADA-6817-4C31-B43E-25F7C7B091F4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72BF9ADA-6817-4C31-B43E-25F7C7B091F4}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72BF9ADA-6817-4C31-B43E-25F7C7B091F4}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3D460F2-E7F3-4AF3-8EC6-8EB68C61C567}
IEncodedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3D460F2-E7F3-4AF3-8EC6-8EB68C61C567}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3D460F2-E7F3-4AF3-8EC6-8EB68C61C567}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3D460F2-E7F3-4AF3-8EC6-8EB68C61C567}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3D460F2-E7F3-4AF3-8EC6-8EB68C61C567}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{659DEDC3-6C85-42DB-8527-EFCB21742862}
IPrivateKey
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{659DEDC3-6C85-42DB-8527-EFCB21742862}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{659DEDC3-6C85-42DB-8527-EFCB21742862}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{659DEDC3-6C85-42DB-8527-EFCB21742862}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{659DEDC3-6C85-42DB-8527-EFCB21742862}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC530D61-E692-4225-9E7A-07B90B45856A}
IExtensions
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC530D61-E692-4225-9E7A-07B90B45856A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC530D61-E692-4225-9E7A-07B90B45856A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC530D61-E692-4225-9E7A-07B90B45856A}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC530D61-E692-4225-9E7A-07B90B45856A}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B096E87-6218-4A3B-A880-F6CB951E7805}
IExtendedProperties
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B096E87-6218-4A3B-A880-F6CB951E7805}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B096E87-6218-4A3B-A880-F6CB951E7805}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B096E87-6218-4A3B-A880-F6CB951E7805}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B096E87-6218-4A3B-A880-F6CB951E7805}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECB8A5C8-562C-4989-B49D-FA37D40F8FC4}
IExtendedProperty
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECB8A5C8-562C-4989-B49D-FA37D40F8FC4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECB8A5C8-562C-4989-B49D-FA37D40F8FC4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECB8A5C8-562C-4989-B49D-FA37D40F8FC4}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECB8A5C8-562C-4989-B49D-FA37D40F8FC4}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B57C04B-1786-4B30-A7B6-36235CD58A14}
ICertificates2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B57C04B-1786-4B30-A7B6-36235CD58A14}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B57C04B-1786-4B30-A7B6-36235CD58A14}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B57C04B-1786-4B30-A7B6-36235CD58A14}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B57C04B-1786-4B30-A7B6-36235CD58A14}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA65D842-2110-4073-AEE3-D0AA5F56C421}
IChain2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA65D842-2110-4073-AEE3-D0AA5F56C421}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA65D842-2110-4073-AEE3-D0AA5F56C421}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA65D842-2110-4073-AEE3-D0AA5F56C421}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA65D842-2110-4073-AEE3-D0AA5F56C421}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6F881-5D3A-4F2F-AEF0-E4A2F9AA689D}
IChain
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6F881-5D3A-4F2F-AEF0-E4A2F9AA689D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6F881-5D3A-4F2F-AEF0-E4A2F9AA689D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6F881-5D3A-4F2F-AEF0-E4A2F9AA689D}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6F881-5D3A-4F2F-AEF0-E4A2F9AA689D}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F701F8EC-31C7-48FB-B621-5DE417C3A607}
IStore3
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F701F8EC-31C7-48FB-B621-5DE417C3A607}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F701F8EC-31C7-48FB-B621-5DE417C3A607}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F701F8EC-31C7-48FB-B621-5DE417C3A607}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F701F8EC-31C7-48FB-B621-5DE417C3A607}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DA6ABC4-BDCD-4317-B650-262075B93A9C}
IStore2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DA6ABC4-BDCD-4317-B650-262075B93A9C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DA6ABC4-BDCD-4317-B650-262075B93A9C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DA6ABC4-BDCD-4317-B650-262075B93A9C}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DA6ABC4-BDCD-4317-B650-262075B93A9C}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E860EF75-1B63-4254-AF47-960DAA3DD337}
IStore
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E860EF75-1B63-4254-AF47-960DAA3DD337}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E860EF75-1B63-4254-AF47-960DAA3DD337}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E860EF75-1B63-4254-AF47-960DAA3DD337}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E860EF75-1B63-4254-AF47-960DAA3DD337}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B17A8D78-B5A6-45F7-BA21-01AB94B08415}
IAttribute
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B17A8D78-B5A6-45F7-BA21-01AB94B08415}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B17A8D78-B5A6-45F7-BA21-01AB94B08415}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B17A8D78-B5A6-45F7-BA21-01AB94B08415}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B17A8D78-B5A6-45F7-BA21-01AB94B08415}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ADC653E-D5B9-422A-991A-A2B0119CEDAC}
IAttributes
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ADC653E-D5B9-422A-991A-A2B0119CEDAC}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ADC653E-D5B9-422A-991A-A2B0119CEDAC}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ADC653E-D5B9-422A-991A-A2B0119CEDAC}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ADC653E-D5B9-422A-991A-A2B0119CEDAC}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{625B1F55-C720-41D6-9ECF-BA59F9B85F17}
ISigner2
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{625B1F55-C720-41D6-9ECF-BA59F9B85F17}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{625B1F55-C720-41D6-9ECF-BA59F9B85F17}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{625B1F55-C720-41D6-9ECF-BA59F9B85F17}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{625B1F55-C720-41D6-9ECF-BA59F9B85F17}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51017B88-1913-49AD-82BE-6BB7C417DCF2}
ISigner
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51017B88-1913-49AD-82BE-6BB7C417DCF2}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51017B88-1913-49AD-82BE-6BB7C417DCF2}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51017B88-1913-49AD-82BE-6BB7C417DCF2}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51017B88-1913-49AD-82BE-6BB7C417DCF2}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A0780F8-9E6B-4BB0-BF54-87CD9627A8B4}
ISigners
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A0780F8-9E6B-4BB0-BF54-87CD9627A8B4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A0780F8-9E6B-4BB0-BF54-87CD9627A8B4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A0780F8-9E6B-4BB0-BF54-87CD9627A8B4}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A0780F8-9E6B-4BB0-BF54-87CD9627A8B4}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9C454B-FC65-4C10-B130-CD9B45BA948B}
ISignedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9C454B-FC65-4C10-B130-CD9B45BA948B}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9C454B-FC65-4C10-B130-CD9B45BA948B}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9C454B-FC65-4C10-B130-CD9B45BA948B}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9C454B-FC65-4C10-B130-CD9B45BA948B}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF3D04A9-B0DA-4153-B45E-6CCFA5AC715B}
IAlgorithm
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF3D04A9-B0DA-4153-B45E-6CCFA5AC715B}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF3D04A9-B0DA-4153-B45E-6CCFA5AC715B}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF3D04A9-B0DA-4153-B45E-6CCFA5AC715B}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF3D04A9-B0DA-4153-B45E-6CCFA5AC715B}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A694C896-FC38-4C34-AE61-3B1A95984C14}
IRecipients
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A694C896-FC38-4C34-AE61-3B1A95984C14}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A694C896-FC38-4C34-AE61-3B1A95984C14}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A694C896-FC38-4C34-AE61-3B1A95984C14}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A694C896-FC38-4C34-AE61-3B1A95984C14}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6CB6A20-CC18-4424-AE57-6F2AA3DC2059}
IEnvelopedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6CB6A20-CC18-4424-AE57-6F2AA3DC2059}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6CB6A20-CC18-4424-AE57-6F2AA3DC2059}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6CB6A20-CC18-4424-AE57-6F2AA3DC2059}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6CB6A20-CC18-4424-AE57-6F2AA3DC2059}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4778A66-972F-42E4-87C5-5CC16F7931CA}
IEncryptedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4778A66-972F-42E4-87C5-5CC16F7931CA}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4778A66-972F-42E4-87C5-5CC16F7931CA}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4778A66-972F-42E4-87C5-5CC16F7931CA}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4778A66-972F-42E4-87C5-5CC16F7931CA}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2C051D-33A1-4157-86B4-9280E29782F2}
INoticeNumbers
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2C051D-33A1-4157-86B4-9280E29782F2}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2C051D-33A1-4157-86B4-9280E29782F2}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2C051D-33A1-4157-86B4-9280E29782F2}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE2C051D-33A1-4157-86B4-9280E29782F2}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3604C9DD-A22E-4A15-A469-8181C0C113DE}
IQualifier
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3604C9DD-A22E-4A15-A469-8181C0C113DE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3604C9DD-A22E-4A15-A469-8181C0C113DE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3604C9DD-A22E-4A15-A469-8181C0C113DE}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3604C9DD-A22E-4A15-A469-8181C0C113DE}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B5A8AB6-597D-4398-AC63-1036EF546348}
IQualifiers
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B5A8AB6-597D-4398-AC63-1036EF546348}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B5A8AB6-597D-4398-AC63-1036EF546348}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B5A8AB6-597D-4398-AC63-1036EF546348}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B5A8AB6-597D-4398-AC63-1036EF546348}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8973710C-8411-4951-9E65-D45FD524FFDF}
IPolicyInformation
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8973710C-8411-4951-9E65-D45FD524FFDF}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8973710C-8411-4951-9E65-D45FD524FFDF}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8973710C-8411-4951-9E65-D45FD524FFDF}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8973710C-8411-4951-9E65-D45FD524FFDF}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC7A72A7-C83A-4049-85F4-4292DE9DBFD3}
ICertificatePolicies
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC7A72A7-C83A-4049-85F4-4292DE9DBFD3}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC7A72A7-C83A-4049-85F4-4292DE9DBFD3}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC7A72A7-C83A-4049-85F4-4292DE9DBFD3}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC7A72A7-C83A-4049-85F4-4292DE9DBFD3}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED4E4ED4-FDD8-476E-AED9-5239E7948257}
IExtension
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED4E4ED4-FDD8-476E-AED9-5239E7948257}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED4E4ED4-FDD8-476E-AED9-5239E7948257}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED4E4ED4-FDD8-476E-AED9-5239E7948257}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED4E4ED4-FDD8-476E-AED9-5239E7948257}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84FBCB95-5600-404C-9187-AC25B4CD6E94}
ISignedCode
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84FBCB95-5600-404C-9187-AC25B4CD6E94}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84FBCB95-5600-404C-9187-AC25B4CD6E94}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84FBCB95-5600-404C-9187-AC25B4CD6E94}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84FBCB95-5600-404C-9187-AC25B4CD6E94}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F7F23E8-06F4-42E8-B965-5CBD044BF27F}
IHashedData
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F7F23E8-06F4-42E8-B965-5CBD044BF27F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F7F23E8-06F4-42E8-B965-5CBD044BF27F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F7F23E8-06F4-42E8-B965-5CBD044BF27F}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F7F23E8-06F4-42E8-B965-5CBD044BF27F}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB166CF6-2AE6-44DA-BD96-0C1635D183FE}
IUtilities
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB166CF6-2AE6-44DA-BD96-0C1635D183FE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB166CF6-2AE6-44DA-BD96-0C1635D183FE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB166CF6-2AE6-44DA-BD96-0C1635D183FE}\TypeLib
{BD26B198-EE42-4725-9B23-AFA912434229}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB166CF6-2AE6-44DA-BD96-0C1635D183FE}\TypeLib
Version
2.1
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E38FD381-6404-4041-B5E9-B2739258941F}
Compatibility Flags
1024
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E38FD381-6404-4041-B5E9-B2739258941F}
AlternateCLSID
{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
Compatibility Flags
1024
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}
AlternateCLSID
{3605B612-C3CF-4ab4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
Compatibility Flags
1024
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}
AlternateCLSID
{3605B612-C3CF-4ab4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65104D73-BA60-4160-A95A-4B4782E7AA62}
Compatibility Flags
1024
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65104D73-BA60-4160-A95A-4B4782E7AA62}
AlternateCLSID
{550C8FFB-4DC0-4756-828C-862E6D0AE74F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78E61E52-0E57-4456-A2F2-517492BCBF8F}
Compatibility Flags
1024
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78E61E52-0E57-4456-A2F2-517492BCBF8F}
AlternateCLSID
{91D221C4-0CD4-461C-A728-01D509321556}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FD381-6404-4041-B5E9-B2739258941F}\TreatAs
{9171C115-7DD9-46BA-B1E5-0ED50AFFC1B8}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\TreatAs
{3605B612-C3CF-4AB4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\TreatAs
{3605B612-C3CF-4AB4-A426-2D853391DB2E}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65104D73-BA60-4160-A95A-4B4782E7AA62}\TreatAs
{550C8FFB-4DC0-4756-828C-862E6D0AE74F}
3900
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E61E52-0E57-4456-A2F2-517492BCBF8F}\TreatAs
{91D221C4-0CD4-461C-A728-01D509321556}
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}
XML DOM Document 5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}\InProcServer32
%SystemRoot%\system32\msxml5.dll
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}\InProcServer32
ThreadingModel
Both
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}\ProgID
Msxml2.DOMDocument.5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}\Version
5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E5-F192-11D4-A65F-0040963251E5}\TypeLib
{F5078F18-C551-11D3-89B9-0000F81FE221}
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.5.0
XML DOM Document 5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.DOMDocument.5.0\CLSID
{88D969E5-F192-11D4-A65F-0040963251E5}
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}
Free Threaded XML DOM Document 5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}\InProcServer32
%SystemRoot%\system32\msxml5.dll
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}\InProcServer32
ThreadingModel
Both
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}\ProgID
Msxml2.FreeThreadedDOMDocument.5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}\Version
5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E6-F192-11D4-A65F-0040963251E5}\TypeLib
{F5078F18-C551-11D3-89B9-0000F81FE221}
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.5.0
Free Threaded XML DOM Document 5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.5.0\CLSID
{88D969E6-F192-11D4-A65F-0040963251E5}
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E9-F192-11D4-A65F-0040963251E5}
XML Data Source Object 5.0
3104
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88D969E9-F192-11D4-A65F-0040963251E5}\InProcServer32
%SystemRoot%\system32\msxml5.