Analysis
-
max time kernel
186s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
05/07/2023, 15:31
General
-
Target
BadwareUnban.exe
-
Size
7.3MB
-
MD5
13711f7923466b3c6e831d8b3b4eda5f
-
SHA1
25b8eeebdb6f94de6b5da0f3c27e614c7418fb98
-
SHA256
187fa5426343debd5a837b3d0a6c0c63212af942d7fd9b8108278f11ab723b45
-
SHA512
8e3fb7261eb54e459c97d5037ed48df50ee897733e48838df6072c2daadb7af257361d32137a905b0a18546d9923e2813a7b069d243c6d9b83f3b7fdd9b0c75f
-
SSDEEP
98304:FLlGdXlZvLx5xlFib7ttdoUNAKCCW9auiO2Xz6wJjg7pyU9RVLuLI0Jv2knTa3T6:/GdXKtniK9W9aiizW937Vw1ejdyfv
Score
10/10
Malware Config
Signatures
-
Cerber 64 IoCs
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Downloads MZ/PE file
-
Stops running service(s) 3 TTPs
-
Executes dropped EXE 25 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Windows directory 5 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 64 IoCs
-
Modifies registry class 2 IoCs
-
Modifies registry key 1 TTPs 64 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: LoadsDriver 21 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BadwareUnban.exe"C:\Users\Admin\AppData\Local\Temp\BadwareUnban.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 062⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start https://discord.gg/badware2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/badware3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9b63146f8,0x7ff9b6314708,0x7ff9b63147184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:14⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:14⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4824 /prefetch:84⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3824 /prefetch:84⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:84⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,5537653703955413522,2988047151369975331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3324 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode con: cols=69 lines=182⤵
-
C:\Windows\system32\mode.commode con: cols=69 lines=183⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start https://discord.gg/badware2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/badware3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x80,0x100,0x104,0xdc,0x108,0x7ff9b63146f8,0x7ff9b6314708,0x7ff9b63147184⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5004 /prefetch:84⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,15637278437682868947,17547816246715104493,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4000 /prefetch:84⤵
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im explorer.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im epicgameslauncher.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im epicgameslauncher.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im steamservice.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im steamservice.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im steam.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im steam.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_EAC.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_EAC.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping_BE.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_BE.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FortniteLauncher.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteLauncher.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im UnrealCEFSubProcess.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im UnrealCEFSubProcess.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im CEFProcess.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im CEFProcess.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im EasyAntiCheat.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im EasyAntiCheat.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im BEService.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEService.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im BEServices.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEServices.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im BattleEye.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im BattleEye.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im smartscreen.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im smartscreen.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im dnf.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im dnf.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im DNF.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im DNF.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im CrossProxy.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im CrossProxy.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im BackgroundDownloader.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im BackgroundDownloader.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im TXPlatform.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im TXPlatform.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OriginWebHelperService.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginWebHelperService.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Origin.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Origin.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OriginClientService.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginClientService.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OriginER.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginER.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OriginThinSetupInternal.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginThinSetupInternal.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OriginLegacyCLI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginLegacyCLI.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Agent.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Agent.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiveM.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiveM.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiveM_ROSLauncher.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiveM_ROSLauncher.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiveM_ROSService.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiveM_ROSService.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\cleaner.bat2⤵
- Enumerates connected drives
-
C:\Windows\system32\taskkill.exetaskkill /f /im epicgameslauncher.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_EAC.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping_BE.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteLauncher.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im UnrealCEFSubProcess.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im CEFProcess.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im EasyAntiCheat.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEService.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BEServices.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BattleEye.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im smartscreen.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im smartscreen.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im EasyAntiCheat.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im dnf.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im DNF.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im CrossProxy.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im tensafe_1.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im TenSafe_1.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im tensafe_2.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im tencentdl.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im TenioDL.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im uishell.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im BackgroundDownloader.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im conime.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im QQDL.EXE3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im qqlogin.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im dnfchina.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im dnfchinatest.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im dnf.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im txplatform.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im TXPlatform.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginWebHelperService.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im Origin.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginClientService.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginER.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginThinSetupInternal.exe3⤵
- Cerber
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im OriginLegacyCLI.exe3⤵
- Cerber
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im Agent.exe3⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /f /im Client.exe3⤵
- Cerber
-
-
C:\Windows\system32\sc.exeSc stop EasyAntiCheat3⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {29429-31470-5816-742} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {12201-1446-7760-13857} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 29749-26775-519-2722 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 2042-18597-8701-13213 /f3⤵
- Modifies registry key
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 4779 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 5815 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d Desktop10101 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d Desktop9687 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {Admin12389} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {3019-9176-19107-95} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {15363-8445-24336-32710} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 26369 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 1703 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 21345 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 10020-1849-31055-16061 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 25423-32564-5668-15144 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 20881-29995-12369-15794 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 1797 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {3284-29566-16110-26436} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Tracing\Microsoft\Profile\Profile /v Guid /t REG_SZ /d 29564-3993-18342-Admin20033 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d Desktop29270 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d Desktop20950 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {Admin13773} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {4466-31507-20212-19893} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {7217-25266-707-27523} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 11105 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 16026 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 2275 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 26847-27732-6118-21198 /f3⤵
- Modifies registry key
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 2800-748-26880-32536 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 3207-15105-6513-13814 /f3⤵
- Modifies registry key
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 6298 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {26883-27639-12030-18677} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion\Tracing\Microsoft\Profile\Profile /v Guid /t REG_SZ /d 15841-4824-17453-Admin32044 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 4649 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 24183 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\PING.EXEping /n 4 localhost3⤵
- Runs ping.exe
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 27760-14885 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac1497} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 13870-7636 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {8178-18164-27449-1787-23732} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {22656-18019-4181-4447-25744} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 20285-27879 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 30243-29294 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 7049-22198 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 17800-11580-26693-24875-14122 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 30475-9722-28902-24231-26827 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 21336-12083-26067-19788 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {4852-1944-21797-6975} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 30465 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildGUID /t REG_SZ /d ---- /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ---- /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v InstallDate /t REG_SZ /d 26911 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v ProductId /t REG_SZ /d 22948 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d ---- /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 30475-11331-29472-24812-11923 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v GUID /t REG_SZ /d 2459-1364-32449-24159-26308 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildGUID /t REG_SZ /d 9708-28320 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 22839 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 6285-13736-943-17800 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d FS26724 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOrganization /t REG_SZ /d 16904-15397 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d FS4002 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v RegisteredOwner /t REG_SZ /d 2781-18057 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 8220 /f3⤵
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName /v ComputerName /t REG_SZ /d 28557-9967 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 8473 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v GUID /t REG_SZ /d {8404-22743-791-13676-21344} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d 23900-17724 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {16923-9687-3535-29586-9142} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {32692-s13418-21097-16763-24778} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {eac9787} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {fefefee28920-28670-1002-18720} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v InstallDate /t REG_SZ /d 6845 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\Software\Microsoft\Windows NT\CurrentVersion /v ProductId /t REG_SZ /d 5531 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\System\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d 7056 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\System\CurrentControlSet\Control\WMI\Security /v 671a8285-4edb-4cae-99fe-69a15c48c0bc /t REG_SZ /d 5364 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" "WindowsUpdate /v SusClientId /t REG_SZ /d {31279-15546-11029-22523-23446} /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f3⤵
- Checks processor information in registry
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol\ms-gamebarservices" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\Package\181\93" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App\93" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93\ac" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93\ad" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\182" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\182" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a80" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a81" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a82" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a83" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a84" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180\1a80" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181\1a81" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182\1a82" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180\1a83" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181\1a84" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\0" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000205B6" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000403D6" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000405DE" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060286" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000009042E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A03B4" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A0430" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0532" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B05D6" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0430" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0586" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E03D2" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000E0406" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000100430" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001103EE" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000011041E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000012047E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001303EE" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001304F2" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000014041E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001703E6" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000170440" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001704FC" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Children\03ce6902-ff58-41de-ab92-36fcaf27a580" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Parents\fd13f746e7d2d69760b017363f621255c9b49ac8" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\Local Settings\MrtCache\C:CProgram FilesCWindowsAppsCMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbweCmicrosoft.system.package.metadataCS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\DefaultIcon" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell\open" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001_Classes\discord-432980957394370572\shell\open\command" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-18\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXm8fs0gj5h36ynw4kq0x3gqnz6ecr1kvy\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe: (NULL!)" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-gamebarservices\AppXm8fs0gj5h36ynw4kq0x3gqnz6ecr1kvy\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe: (NULL!)" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App\windows.protocol\ms-gamebarservices\ACID: "App.AppXe655y38cadddpg1xd2b5k915wndhg5gm.mca"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\PackageSid: "S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\AppPackageType: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\EnterpriseID: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2C 0C CE 2A E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\ApplicationFlags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\kz2LMQg4+pNfXggv65DcWFQ9SiekWR4B4WMWT+pcqbU: 0x00000002" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\4JSyFFDDKUMXDyK2USgAjbiksFnqOb3f8RPZBPSpEfU: 0x00000002" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins\62bDlCzxB/xxIWLkQdDRYcAqhmZhNOMUtjhRkAgTvkQ: 0x00000002" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Package: 0x00000181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Index: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Flags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\PackageRelativeApplicationId: "App"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Executable: "GameBar.exe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\Entrypoint: "GameBar.App"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\StartPage: (NULL!)" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\93\_IndexKeys: 50 61 63 6B 61 67 65 5C 31 38 31 5C 39 33 00 50 61 63 6B 61 67 65 41 6E 64 50 61 63 6B 61 67 65 52 65 6C 61 74 69 76 65 41 70 70 6C 69 63 61 74 69 6F 6E 49 64 5C 31 38 31 5E 41 70 70 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\Application: 0x00000093" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\User: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac\_IndexKeys: 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 5C 33 5E 39 33 00 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 55 73 65 72 4D 6F 64 65 6C 49 64 5C 33 5E 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 21 41 70 70 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\Application: 0x00000093" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\User: 0x00000004" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\ApplicationUserModelId: "Microsoft.XboxGameOverlay_8wekyb3d8bbwe!App"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad\_IndexKeys: 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 5C 34 5E 39 33 00 55 73 65 72 41 6E 64 41 70 70 6C 69 63 61 74 69 6F 6E 55 73 65 72 4D 6F 64 65 6C 49 64 5C 34 5E 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 21 41 70 70 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageFamily: 0x0000004E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageType: 0x00000008" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\Flags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\PackageOrigin: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\Volume: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 30 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 6E 65 75 74 72 61 6C 5F 7E 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageFamily: 0x0000004E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageType: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\Flags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\PackageOrigin: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\Volume: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 31 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 78 36 34 5F 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageFullName: "Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageFamily: 0x0000004E" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageType: 0x00000004" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\Flags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\PackageOrigin: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\InstalledLocation: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\Volume: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\Package: 0x00000180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182\_IndexKeys: 50 61 63 6B 61 67 65 46 61 6D 69 6C 79 5C 34 65 5C 31 38 32 00 50 61 63 6B 61 67 65 46 75 6C 6C 4E 61 6D 65 5C 4D 69 63 72 6F 73 6F 66 74 2E 58 62 6F 78 47 61 6D 65 4F 76 65 72 6C 61 79 5F 31 2E 34 31 2E 32 34 30 30 31 2E 30 5F 6E 65 75 74 72 61 6C 5F 73 70 6C 69 74 2E 73 63 61 6C 65 2D 31 30 30 5F 38 77 65 6B 79 62 33 64 38 62 62 77 65 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\User: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 30 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 30 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\Package: 0x00000181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\User: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 31 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 31 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\Package: 0x00000182" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\User: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82\_IndexKeys: 55 73 65 72 5C 33 5C 31 61 38 32 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 33 5E 31 38 32 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\Package: 0x00000180" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\User: 0x00000004" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83\_IndexKeys: 55 73 65 72 5C 34 5C 31 61 38 33 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 34 5E 31 38 30 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\Package: 0x00000181" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\User: 0x00000004" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84\_IndexKeys: 55 73 65 72 5C 34 5C 31 61 38 34 00 55 73 65 72 41 6E 64 50 61 63 6B 61 67 65 5C 34 5E 31 38 31 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\AppxManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\LastReturnValue: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\NumberOfAttempts: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\Path: "C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe\AppxManifest.xml"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3D39855: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 04 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3CF4055: 01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 1C 00 01 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 04 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts\cup_ecdsa_http_failure: 01 00 00 00 00 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\AppPackageType: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\PackageSid: "S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\EnterpriseID: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "C 0C CE 2A E8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\ApplicationFlags: 0x00000000" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat\GamesInstalled: "217;"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862software: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_sid: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_classes: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 43 6C 61 73 73 65 73 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Siloe6b4a779-bfe1-62d8-47ac-fa19e9becbbecom: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 5F 43 4F 4D 31 35 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862com: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862software: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_sid: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862user_classes: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 55 73 65 72 43 6C 61 73 73 65 73 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Siloe6b4a779-bfe1-62d8-47ac-fa19e9becbbecom: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 5F 43 4F 4D 31 35 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Control\hivelist\\REGISTRY\WC\Silo19faac47-bee9-becb-79a7-b4e6e1bfd862com: 5C 44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 6F 6C 75 6D 65 33 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 50 61 63 6B 61 67 65 73 5C 4D 69 63 72 6F 73 6F 66 74 2E 53 6B 79 70 65 41 70 70 5F 6B 7A 66 38 71 78 66 33 38 7A 67 35 63 5C 53 2D 31 2D 35 2D 32 31 2D 32 35 33 32 33 38 32 35 32 38 2D 35 38 31 32 31 34 38 33 34 2D 32 35 33 34 34 37 34 32 34 38 2D 31 30 30 31 5C 53 79 73 74 65 6D 41 70 70 44 61 74 61 5C 48 65 6C 69 75 6D 5C 43 61 63 68 65 5C 35 63 38 63 62 62 36 61 61 37 65 61 31 34 32 34 2E 64 61 74 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e4eddc4_0\: "{2}.\\?\hdaudio#func_013⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SS %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SS 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SK %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SK 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BS %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BS 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /PSN %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /PSN 2975524967-2276115010-278519033⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BLC %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BLC 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BT %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BT 2975524967-2276115010-278519033⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CS %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /CS 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CA %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /CA 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CSK %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /CSK 2975524967-2276115010-278519033⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /PPN %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /PPN 2975524967-2276115010-278519033⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BV %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BV 2975524967-2276115010-278519033⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /IV %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /IV 2975524967-2276115010-278519033⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /ID %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /ID 297582947-78576305-539748303⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SP %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SP 297582947-78576305-539748303⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SV %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SV 297582947-78576305-539748303⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SU %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SU 297582947-78576305-539748303⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /SF %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /SF 297582947-78576305-539748303⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BP %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BP 297582947-78576305-539748303⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /BV %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /BV 297582947-78576305-539748303⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CV %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /CV 297582947-78576305-539748303⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\IME\AMIDEWINx64.EXE /CO %random%%random%-%random%%random%-%random%%random%2⤵
-
C:\Windows\IME\AMIDEWINx64.EXEC:\Windows\IME\AMIDEWINx64.EXE /CO 297582947-78576305-539748303⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe C: 9531-88632⤵
-
C:\Windows\INF\volid.exeC:\Windows\INF\volid.exe C: 9531-88633⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe D: 9788-22452⤵
-
C:\Windows\INF\volid.exeC:\Windows\INF\volid.exe D: 9788-22453⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe E: 8853-98572⤵
-
C:\Windows\INF\volid.exeC:\Windows\INF\volid.exe E: 8853-98573⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\INF\volid.exe F: 1505-32952⤵
-
C:\Windows\INF\volid.exeC:\Windows\INF\volid.exe F: 1505-32953⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f6f47b83c67fe32ee32811d6611d269c
SHA1b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA5126ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d
-
Filesize
152B
MD5f6f47b83c67fe32ee32811d6611d269c
SHA1b32353d1d0ed26e0dd5b5f1f402ffd41a105d025
SHA256ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc
SHA5126ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d
-
Filesize
152B
MD519e9d5e081ac153d005fc369ae140b86
SHA166419cac485a4ce460975ded9e38631e044f0c50
SHA256aefe0158521d8d3c169f2163b57a74adbb83fd585d50c6391d0c841e515d9ba0
SHA5128307bae254d3d590cb94eb92116eb48b6157aaf12cf326d37ddf037b74d1b833f1d4664c626c8e41a92250f696134372a3893aa49302e25d98a81e719492640f
-
Filesize
152B
MD5e2d5aafb5a359352941b350f98dddbbd
SHA14d4856beaf050a9d89fdef4f002488accbd8b11b
SHA25678217bc9ad05b2de6eff2cdc1fae48bb8d9d7f7ebd4fb76306a36442390c3e9f
SHA51288d941781c6e65c8468e77120bba1398d4ce733fc64961be5420e7795aa6d9f36b1442ecbe71089e6b75a1f48d49a242ed2acb0b66c264487e9115b98e59bf2e
-
Filesize
44KB
MD55ef7c56fca0cb785c778fa43de31ae3e
SHA1bc72431f61f65b4812b43c089357303065366fc4
SHA25647465f313fc41478665e8564095dd6a8acdd4400f34fb66f143148f8dc743657
SHA512ac0692ab7572ef10af72d2282dcda181b1c7ff55b76b9f420c65dcaf14b108e3d2a7a8afd4253895190416dd550de7403d77f52d9d833fd770323f1033699885
-
Filesize
264KB
MD5cf3e42ec2ce0535f23c86c11c6070174
SHA1ac6972c276ea8c5bd8348daf93e7c2154340b0bf
SHA256c7b0ef86e1e7b5509b81b2c958deef58f0a53eba72b21b642bde465d627f061d
SHA5128255b115cef18ca4ae4a2f28f265829880e55c248cb260f83a44dda4815518f5a25bdf6ac582b2f9740eea59545d018b2f02004a7bc84ee4aa2b0e8d33da075f
-
Filesize
1.0MB
MD574fdeedb9579160f8cf498c3fccb5d07
SHA1e522a5e15dbede104ddeaba056dda03973b29266
SHA2565e7241d2989107ab541d0ce8a68da436b960e048a6a59310496cf11ccf6d23a6
SHA512ba3c029ba68cd19bb2ca2352f1029bed44468094521456b78e728d5202773f9277bf8184e214624feb081f97de1bf760270e8673fa9d6996d8ac4ea0a9945537
-
Filesize
4.0MB
MD5ffbed8ca4cd8dbeade0fdb3e0f654159
SHA1305885152410d7165aa999442e0ed58bdb389e75
SHA2560efff06464f6d99c3b1cdbc453c08fd1f610bbb319ca8e2387c96d648041377f
SHA512a5b359b436bc11eaf74c6ed73564e1bec642a175d01b6a20b252566be714b0f494549ed5698d44ccd371ebd7c46c53711741d35e6617e8fc09c2944abedd414e
-
Filesize
16KB
MD58fe1184bf87ecd83f97b0b2381954710
SHA164047e91c54aab12e56361804dbe697f4220da89
SHA256c075c68d19013138a111fd3c6f524de8d34a7eacd4b96c97634c229a4e6e38a4
SHA51259e729894847e8aac3a1a19b82a8a996a7b073f60b95bc8b88c7fbc5fb7077415f4482e9ee36c637fb2bc9e393a41c38f67bfd7e319cd9be367d1ee0712c8c31
-
Filesize
144KB
MD5f1dadebb6ad9fff9286cb6743001cce6
SHA193db44a55710067a009664f508a84266c275a902
SHA2569c4bd274722f274582112335ea45015ecf4a43140dab26aff21823a4ae204e29
SHA51248446457492d344acba9ca777512441ae858cb7e7aca2d2a057e8c8245379b1da3669384ea56c9f6abf4000360f31ea9cf8c21482802a064d055faa5581b37da
-
Filesize
219KB
MD53bd3dad6ba795de0a191e20e823c8523
SHA12cd0ab4b0c3cbe51e4ab93e890603472ae3e4cf1
SHA256b4140525d2124fef54a03b78738550362a8fe274d79aa1bd558fe2c469d3de9b
SHA5126c691dc6f1a7fd11007dc72860bba50db324c7795a7259ea6fa2c0bd814619ecd9b9a2cc19be0ac5fe30a06cff23fe6d2997e9d050268d187d0894c42f1c6429
-
Filesize
487KB
MD5d33a7cf0f383c617deb17fb3221f5caa
SHA18d379847306851ad371bb017ec6f463faa633ca2
SHA256b44bbf8145019585fbe8725f80380d2c9e8bacc55bc626741a3eec0778bf91c4
SHA512852369c8cfc23fbc63a41525f42a5a3f9d1cc5c163ad7bd361c7ef99c43f2fd6c2f5b15e34a2c0489414497a7e45768aa0a6e19140053481cd49a53904bd9d22
-
Filesize
2.6MB
MD5b2b596f593ab15ac8cb634fba33a1111
SHA1083140e21143d9b88fdebb175d3bdd611412a373
SHA2563659019935a506330e6ad0e2bbfbc4062364e56cd5a343349299c8e626563f50
SHA51269a9c80cccbb6663132cb2fbf634921bec597c6ebc88d77d73f61b0130b9169e7ac15dc65f5b70ee1c98d08caf20842be989a752fe71ed5efddabd82d7d78d87
-
Filesize
208B
MD502aae551c2aaa4e03f6da503d181581c
SHA1041c0665f9f684741e05d6826902a84653e9f14e
SHA256f8c1b9e193fbbeb6f5ac6893c5e29333ef2c8f3299e166cd5e8ee37da7404e60
SHA512c7f9b5fcfe793afdfb270f5f5962b7e18a31af2834b80a11202d72c7ec17649f4f25b7bf797d4430e0bcd4bbc4b0767452725db43bd7afb9f01af61df16bdcb5
-
Filesize
208B
MD594a40d8a6cf790cc66321487db95c6dd
SHA1930074bfc1441d787caf46f02f9369eb6e157221
SHA256ef04b33add75e00d9470f499d26d1ed3315591b55466882b3bd2dc537bc82625
SHA512e436a0418ccaf4aac7839fb43c58c87811f647e2713fa84cd68a6c5086f37dde557d521e4ee052986cf1744f9232ee716344f58d1bc7ce8e40f473cda565f3e6
-
Filesize
208B
MD514fc700ea78b18dab7191c0c980db983
SHA1a208dda3c8eba4ff3f503830baa9988b36578f35
SHA256a0ea18354c0ed90ea7cb7dbf480a3d36e3884040cc9935cc7abfb2563ddc8d83
SHA5123cecf8ad98514265fcef72ae8150adca1094dd314fa7d4b242b3c82b243a2b8a345eb14be938200374975f60d693e40736a328f77d76fc1f2cf96c765731ce70
-
Filesize
208B
MD5d09c0649c019525b8cca707306176464
SHA1127de401c5795cbc6b3afdcc77d424dcdb1a15b8
SHA256c98d08be04310b926ab71468ffa437ff07bd9e2b49b56e8a1c2a68ae678b8025
SHA51210d1086cdf805d762e14d7407357a57f114680f1581426cc9babba77944d9c24419e84552b3a4056624b547d6a3e3d331bdc0b9f8d6b7f116efdfffd6e7a76a3
-
Filesize
208B
MD53e63aa5dd18dc2fd1fc348645a594678
SHA1837b74d829f02f56a44ac4ed1e3410713de19579
SHA256595658243c5748ed0ddfc0105d7af9cef2f55648b2df213250e2c4017cb8b474
SHA51257a5357600cbe921f9db9a58c1746f7fde342d130436722379ad46a3670db29a5f70ead2d300e2eab10c3a896374c6441b6bb4a7a1508510ef1ccd2ee0a6f502
-
Filesize
208B
MD52e89689b3a9d6a9f3c73adae3a76da93
SHA117bbce45d3a6bd27a139fd2482403c54850ddfaf
SHA256c2ec7e1c8113af89c0027e7271084bf8578c2200d4b5e0888141fea2cc22f533
SHA5121060eb82f7b37ca8b383c6049869494a7975bc06abe3daf013e5ab09639ffe164d6715223b203d45244a11620731587a224e8cb9ec29a79be0b0da1ccf3ae62a
-
Filesize
208B
MD59c16b615c4a05a6f12b1c35c1c571549
SHA1c7a212a4aa9518c47f4ec82d4287a10328da3e42
SHA2565ded63f9fdade4b2c4090d66eeccb3f0938e0d2975ee2e3130f3d0e41c1fb25d
SHA5129658048c9582920af9ad40f317b9fed576f886d669bd8414a192af944a9b1ee5a9a1519cec6c1517ca467b07d358a89e8f79a193d07223e15551e02a7bf13cde
-
Filesize
208B
MD5f716ee34b5ad4c3addc6cf94ba3feaee
SHA151f407e13fdd953a6662b9e47633c917564deff8
SHA2567287bd2db9d06de8b4ce2ec164a22dc215deaef6481d9e007aec1c6b6fcc625a
SHA512dd9850feedc5a3d047b41daaee1ff761dbf9a5f27cb5ec757d24a7f287c1218e7c4f46247d51fbfbe4576f1a77aebe069b82f84564c687c413ddb45fc74e6983
-
Filesize
208B
MD52581676153932ee8bb4419e2258b1623
SHA1a8b3cd729e9407d5bf7b55f9c7bf5db6715145e1
SHA2560b7bed462e163c207aa8f4c9190152c08c595f43efbf802869cbf35e6237c556
SHA512d447fc161449fee0f8a939e86bce1770b0362523c3c6d3e55020fb5d6a86e653c6a4b315e0cf026c31c782d0751ac7ef6f388956533a4c12d05ad265e536e850
-
Filesize
208B
MD5e05d7ac0325cac6e974fad86363b591e
SHA199f8ef4c8bc1a0909fed63bcf5a84753ea7450ed
SHA256c1c9d720af354b66b19237542f3d34de3bc7cbfe51e5df598dc172e793bf81d1
SHA5125b6a75c5688012789a2f6f397cf6a81695dd1405ef61ea00cba0eb417cdd3e69ef20f22f42e30ab6ec8d28666a824d6ea30fa8d677a0c5516941764599ecb4e7
-
Filesize
208B
MD5bd2255eb7935c93e157565c0a388328a
SHA1cbb3c4ecb98b845d5c183f6321ec8461ea4060de
SHA256d4616798c83c2062753c869f362810614398f30c24598d31a200f65ef29c1987
SHA512e2d0aa8d5dd6350c42dbe778d5f28ae521280c4d1a23a8fb1b5c275b4c0d4dddf1ea9016ae40f130bd4b2b5af98e5d10e017657cd3f7b53b5f50cb5b4eeee5b7
-
Filesize
408B
MD5a44040bf835bdb7fa51053cbe102e5af
SHA1bfe92c7de2b94b73ce46b45643f5e9abb6df70c5
SHA25615f4522283d076449d844354c35b6d55eea4c5b5570aa128e10ec9c970113cf5
SHA512ae0f56fde56f3cb56d4e70aab664d1b2e856b9a60e37550835dad01a5c7ba70dd466e6533e8897a15ec5a29281822db523245384cecacd9ea5e0854f86916bea
-
Filesize
408B
MD5a44040bf835bdb7fa51053cbe102e5af
SHA1bfe92c7de2b94b73ce46b45643f5e9abb6df70c5
SHA25615f4522283d076449d844354c35b6d55eea4c5b5570aa128e10ec9c970113cf5
SHA512ae0f56fde56f3cb56d4e70aab664d1b2e856b9a60e37550835dad01a5c7ba70dd466e6533e8897a15ec5a29281822db523245384cecacd9ea5e0854f86916bea
-
Filesize
480B
MD5e7002003238c2a1a739e46acd066a444
SHA1075d1db050842729947ff5e2ae9a911db92f9c49
SHA256a7815fecf2513b6442326e79c254d71cb82dfc50152b75ce91dcf008d8655c78
SHA5123016474b97c043683fe7e408cc79f8e2d8bc2c064c0808fe42216ccef08141be8d8d77b9398e9dac8b0fd6b2c5de02312142f54a6595798d89386acbdb0c2c6a
-
Filesize
20KB
MD500784bec72075c5368437b92315092ac
SHA1c6ce059d980c21ca4357b93d0f516c7397d2c317
SHA25643d93ec8d6da2563cc69db0a8aee3f92ac12c93ed6f64d3bd92bbbf98644345e
SHA51231cc9ca89ca2bde8dececf49fc6a00211414517238c9820ddbfa27187d6b29433b23b9b6f86411d531fedf780c4b01d10a4094be0c4fd11a8d71870b3c3a7973
-
Filesize
319B
MD5094580eb82d7ee023a080b5568a0cd9c
SHA1e1cd0019165f112e0459f83da91c6791c4618373
SHA256ca7cbd52d0da897481bb93b5068f77e90b2869626d391aeafc7dc2669622e18c
SHA512348c2e326f888cb27bf397fc1488e9263853426fa993e0107c4f0ebf0acc648f6cfb61cf32ecb6c892958c66c420ef21a4539bc7beb3e23f029c997cf6d87959
-
Filesize
20KB
MD5ec899104bbe544d401d801ca0141b7d6
SHA1c4b252ec8ca5fbf826a3f789de7b45a7e55bbc50
SHA256238d9fadeb1093685610f49db022c74f0efeb301e1c1e81ad81957b9c4229fc2
SHA51259b225e0287e7c0feda057b703d081c193a2df73fef1e97d483716e762a0cbf9cffd1b06431eb54b684f2d06b62fd49fe0352f67e1d95305563a4b88210ca6c8
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
124KB
MD57ad18b7b443b9a7aafc1e26f069999ba
SHA1c39a54a6a57e64a914c7dedd7ac507adb250a881
SHA256b9eb4c2904ebeab7d10e02a1760c3fc4d361c6b79f913c32583b0cc8bfd3ae44
SHA51269a597c9e1d73890c23947546d8d01d67dfe016b53e25f91eedc646f336c1907e5d1e6c6d56fa841b0ee0a02c5381822e90324d4f1cf91ac740b060ce0ee2648
-
Filesize
548B
MD5babcc0feaca9d05cb69b2f1b2c93907c
SHA1327b196833695f8855c296f73178026f85c10cba
SHA256efbd57a7931fe6a52eb81328086ebf9f819565c7537a73c77187325add2cf007
SHA5126783196a7a41617882856508a4270ff12fb121a282ff29a68e49dda2df3a5e86d48b27115a3f0e0d5bfa339f8a59d5f438ba5951e9b0982c0cad8af4fd59f348
-
Filesize
20KB
MD57ac681af990e512a4194500c55289997
SHA1226f5624811c9273d293fa3103acb1dd544a0b6d
SHA2565ff8156a13891a54b36c5322ddca9b8ebedf1c0d1d01830c8f042944ed1ee302
SHA5121750fb84c023adf44427d77b2e52051bd406de4a45afe15ba109bc916ccbb542ac0e25b847f7d1590738dd754c623e76541ad84264ab582584f3744cc76664b6
-
Filesize
4KB
MD510142afeaa7d54d8c4d4e088cf52d91b
SHA1eb7fbdc93082770e576cb38fa063f80bac82d2bf
SHA256e955975b740944c8feffe8d6732b3284017af6371c3a3b116314e66110743776
SHA5125997f0f721e6a05602d0f8221ecf914fdaef46753b80de6ddb292081f5681c03b212cfcba2c7659da730b20e058d8295db057098590b59908c905d07c7527b21
-
Filesize
331B
MD5a34d612408fa69bddda53b2111c195a0
SHA1457e4fd69c87d551130039cbae57ae5adb2839e5
SHA256f634184c9dfd415788768490d99089e4348e67cf1dc2a6ad2c5281287e5d3ab2
SHA512c525116600c8d735928bd670addeb96a05cda5038ad67b48fe0e5ed4d29764478b0921cc1695746772ef72af15a030b61674bdd733dbb25c59e6cb6eb4e7218e
-
Filesize
323B
MD5a5a1149047729a493b1a2a65063c39ba
SHA18f1f45cb0c0772dcd05795734cbf408636fb9fb9
SHA256e0ef1f906ea2606c802310437fe799d93e073770ab6549060ee4b9c9c49f2006
SHA5128ce257a087115e2d542657a2b4679d0c100ebdec76e3392cff1bbba133e129f2fcdbd73f9baab92e762bef47a2572d3dc8553fa3858d787d2a0b2bf8f05dc54e
-
Filesize
247B
MD5d22bb4642d50c07312fa432b7c201a32
SHA1e05cb163d029937ed10a57c08419bcfb68f610e8
SHA25631ae2a5a336878bf695bf3a2867fc28138aab34106998d16b838fe57adec275e
SHA512c2be5dc8e683bfc9e29cc80b3ce5cc42f6613f48bb61cc8a6e42500f3c135e0723d501479b81dad9b3465f2fe33788a2ff169b32b845de822ca3ceb178aca89f
-
Filesize
6KB
MD564825836943678324a1af5a5a60db134
SHA1d3f7a07492ab2dd6571f3be4456bde0a373a6142
SHA256f9df41d3eb254f1e341d031c6b8b83cf173dce2be0ed46579883f337655163d4
SHA5128b293962d48b962553ab68fd57edfec51749288e26a92e4096cd485e999868eb0c9958f0fc0755d0bf6fceeda82bf9d72a4f834ce775f1f6694dca1f4785196b
-
Filesize
6KB
MD564825836943678324a1af5a5a60db134
SHA1d3f7a07492ab2dd6571f3be4456bde0a373a6142
SHA256f9df41d3eb254f1e341d031c6b8b83cf173dce2be0ed46579883f337655163d4
SHA5128b293962d48b962553ab68fd57edfec51749288e26a92e4096cd485e999868eb0c9958f0fc0755d0bf6fceeda82bf9d72a4f834ce775f1f6694dca1f4785196b
-
Filesize
5KB
MD5be5e714108418c6eb4768f71aadccae4
SHA1993db0d69210cf60e7223ec50dd61666adfc1bcc
SHA2566d1b3f0178c755a4147c971b9ff8e01a3e843a3c3728d4f2559daa54a686a59b
SHA512b30f565fc56f89c9ad93f1401ff9ce6d7f48cd3fa33748f83393a1776ba82c6ebe82e9f6e0b127dabf7605ff3d5ac9ba760876d95dd0ebf38b56c5562b002868
-
Filesize
6KB
MD51d186eff702296a0fd3ef1541b1d6afe
SHA1a0b4b45d1e89c5cd80d4c404ae6d4ec64447d176
SHA25651229752dbf5e610805da6aa5dd9e36c357f6e7d39066dae3dddf70e625ee300
SHA5123f90fab095f835dc339d44eb73bbf509bf7cf76171bdf631b576fe6e4da0115aa4ebf4f2956a27d75c2155e73bac02934d328955494616577c85af6d85d8b10b
-
Filesize
6KB
MD5e3960066c2d127ac79976d8800694964
SHA1e669cbdc9299dd6c4a674d0e3cbe2c5fd1fa9620
SHA256bfc2ff0102c4bf62301655410cacc236bdf6a5e16ac63c4c3de93d9139410af5
SHA512f9cd2ba28d60438bdd7f4f0b709006e526b2333e13f57c16a4c5b6064ca967b849a020cf2dacce92aaf22fa81041616d456143501a7d52b416162cc563c135a7
-
Filesize
36KB
MD5092841d5e1fec0eee7bc614a632f1d1d
SHA1636bfe774e92ccdf0d0a45302c8662584def4c5f
SHA2568d1fc449ee10fcc8a7f643ce0db52d1b738c9485f2584ddcefb2228698ecb63a
SHA512adea3349f046328b42d713f345007ada31d4d153478d3d6f6a437ede9e52d7c21953e26320d045e3b43c4be4520af816ebdd995b792e1c8a2798445f7e3e4c11
-
Filesize
24KB
MD54b781306eef375e7a60cf1e186ae3d54
SHA1e9d718868bb4f5bdeb1658da532477159c9e11d0
SHA2562171b47efeb585994751e106a8014a21fe355109b7de1d032cd7190242e59a4c
SHA512aa738ade4ba51982fec15d6da8368be77491c0d220b0b0340af52626f6b18478842705472d4fb18d61de9a39e21d5a7e70b53ccc63617ff3147ee9d5a05423dc
-
Filesize
24KB
MD54b781306eef375e7a60cf1e186ae3d54
SHA1e9d718868bb4f5bdeb1658da532477159c9e11d0
SHA2562171b47efeb585994751e106a8014a21fe355109b7de1d032cd7190242e59a4c
SHA512aa738ade4ba51982fec15d6da8368be77491c0d220b0b0340af52626f6b18478842705472d4fb18d61de9a39e21d5a7e70b53ccc63617ff3147ee9d5a05423dc
-
Filesize
463B
MD50000ff8ddf8d583d335ca4910f6a22c5
SHA1a45e840079c27a9e807ebb38f14166d76de0125e
SHA25610d0a48f05fa53a891b449b030bb51050dd3a34e40654cba80f5d5024395d41d
SHA512e2426183be207a4dfeeb37c308eb88a2e47741db0105221bbf59a8a175cb2e63dbbc23810216bb5b56f129f4fb1888d653195de6a51055aaee174a1903872003
-
Filesize
319B
MD57556d9a4607d45aafb7904f7d346bed2
SHA11551caf9b3368259839d760a8dc6a94e85c35a95
SHA256a7fbe10cf53d6ccc4e5b245bceb3f598d7c7fb9b55957fb546a7171451931dc0
SHA5122ac3cf9b07daa43f3102db37bddc013ac28e7d8502717add459a4810a76256d8a194451e3e6b6be11b37442391baf1bc66286b5374bd35d5a4e297aafcff40a3
-
Filesize
3KB
MD589a2449fd437988c9dde833c0e66a5c4
SHA1fa240f4a090298368900fc488c3cd22a64416bc6
SHA256233c6c686875e54e7d0b63dd6a1fc5a17a4747ac71e09ce7c3c8fafd6c6e47af
SHA51227b1d9b903cd2446290ec86328e250d18e331dfa79e277b7f9be77120c2ecb17afc384d8123b849db40c3590c076913603af88495c5a988ecb65dcc154e17bb2
-
Filesize
2KB
MD58d53d34f99abeaaeacc9de24c06067c5
SHA131392a36dc912f1c08da13c8992805c3377c7e69
SHA25656ab3d10d9e5ffd3c226eff792067778863919e75fde7cb74f1c135bf1532a46
SHA51202918bfa6474a9eaaf020e2fb64bc338ad203aeff36abb8c4acf04dea06717b157b38643f1ffeea1f57b11299c4407ea77c10a1eabe2bd66d8d3226b83ac55ca
-
Filesize
112B
MD522650cb7719d7a89450145dd290a2cbe
SHA11574c60d9c860fdb4c4b93c939ba6accc95aa180
SHA2568a4d444f6eef77cbf1de1aecc0b5c1771ff5591e45f3ef1b45c98c60b566a438
SHA512f96257e407df35da69c9a2e190561fab43a0ebdc169c2f07dffdf0eef7b4cff9b22e9c8615a087877eed11d948537e41535d53067ef6cd89300c9bd9f30cb88b
-
Filesize
347B
MD53403adeef7a39e521ba3941ae5ba2527
SHA16c3dbf37fe15f9c0446a8da665e5428149ae3444
SHA25681c7dc39f9d3e79f3144d484efaf0816b6da58e95add550f24c436eab5d946cd
SHA512f3c9c1859354c44588f76e83117f5904bacf7e4f81ef1150a2969a5eaf37df8ac1f9fe35c8eb0c5554d468cf25df57a5974c5d9dd823f8503ef306eba34cf53f
-
Filesize
326B
MD5a25761e9774911f64773d5d45ed8deb8
SHA1260b63477eba8d19ffac915deadc02a35a6fb07e
SHA256bb4776a80f439998a5ae23c083a0d9ab44eba4c42f29a6a4e1b2a7e91a6e4664
SHA512c80a81dab226f80342b254b731dc228b7dff3c1892743f9c4086a92c7f8d526a786ad6c8542e4ba655ddde05367b24c6aa79e1f9e4ae96636f98bb661afe1d0d
-
Filesize
203B
MD5d54ea7cc061f1e018a392dbc87cfefb6
SHA198de7a6024a06a2d26a4c406a57c114900b691b8
SHA25618d436a9bc7d820f14866d38fa4b016e7214eb117da63dd086b8c0282ee86530
SHA51200cf5590e426d8bac0bc40b9e99c452a7b080c2b980980498b2585e39425a854d125fc551d8988edf9888e92c0050de2de27f5b2288ae54cc44cdc6317ec2afe
-
Filesize
128KB
MD57ca51466f219c2bdb48a5522108e09d5
SHA1f56b6175583929f7e6fa6167a02cdd2b10249454
SHA2565b1c9830a838dbcff6f3aeaa175af88e5108bab1b907a4632faaa19be1e2ac11
SHA512923e2fc9e2de492d9b2c96fd666aac4ea8a19b6099a55864b8da88d727a2e3f63721a333120abf2280c823243ad2215f27212946e3731ba924e339616e182778
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
44KB
MD50f491f390cd6c7c675c259d0790ef0d7
SHA13702ae1923f8f878add834bf39fbd3d3f9e66506
SHA2566e28042bcb1109615b55b1b37be7cf249cf50f5e6e3d8e3f0f5c8eaf684484fb
SHA5128d3dceccd4309f04f499db76005aa31210def2c159c1876c6d31dcb9c5388a3cfc06595c084389346b17618c88c1f293aa82a298a0ae3455f2e598dbad906c61
-
Filesize
322B
MD562461668a136632b73c8e50ac14479fc
SHA1dd5896e2b0ace0b880d5730906c2115672bb44dd
SHA2564a7b1bdd5a9efe01060ed0c509c57dab65ed31d162f1e05f20736733aaf2de03
SHA51294ae401fe382f2c80bb19be5fa22a0d3c072b3535da4ef59fb0dcbb9de2fe2d7f8487a6797516438232bdc1c2523cbbefd93afdf34b77fb4b26fc66cc3f47f4c
-
Filesize
594B
MD53dd5c5b20df322f9c3f0cfedb0844724
SHA1c244722e17518ad333029d5db50cd09ff5aed2ec
SHA256fe6437896dbe5f2c725d21d3fde9ba786b4b6da2c2ab084063fe33f817538021
SHA512a737d935e45e7cba78159d618ef3144b5cbf35017d7da0bbd22db581900300c93ab64f649ff9e3922170f0d1466f8ebdfe792c0d33d1df45a8ccd89d2fe33f6f
-
Filesize
340B
MD51f519b10650b99835148f0667df13351
SHA1051194b771feb20164c71c3b4c6721ef7ebb090d
SHA256ee8cd086fe286d31e1dca6e49f79606f45edaad5199c5bfd63b6043fa94cbd35
SHA512472382eeec907214d61917c20faff0b0bd20b9cf193664acf84cf12ad38fa1021af6488d826832c9088893ffaad5f5f287cc026f2f6e42cce306c25070d77099
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
12KB
MD5515d42444313c3a7a5f27d57bdbf6bcf
SHA19e26dcb5979051e831bc925daf4b5eefbaf5e399
SHA2561054de7944ed39d03b114932830c10e83c3c9316e27efe8351a18d3cde13216b
SHA5120c722f4ed0bec45bbd59ec364f3bfa94020d127178da573c2f8a8a12300ab5d9ccdfbf29abc82204123a7ea9121a1e740432ba52379bf6ca240b1c57701a97b2
-
Filesize
13KB
MD56772b4132138ee13dfe65c1befda1396
SHA1a2cd03e3056df7ea60fe2468bd4658ab00ac4ebf
SHA2568b0898a93cb0c58492ae51d91d4dee3e4a970e651c35e98052744d15ec96ee69
SHA512d4c52c1b17c8751dbf0bb8094a229cd8d13310424f33f5a8d6c8c73ab4e50e01029d9b9ab94d4afd2f686e9818cb6b10e686ba7397556f32e05973458264d58a
-
Filesize
12KB
MD5515d42444313c3a7a5f27d57bdbf6bcf
SHA19e26dcb5979051e831bc925daf4b5eefbaf5e399
SHA2561054de7944ed39d03b114932830c10e83c3c9316e27efe8351a18d3cde13216b
SHA5120c722f4ed0bec45bbd59ec364f3bfa94020d127178da573c2f8a8a12300ab5d9ccdfbf29abc82204123a7ea9121a1e740432ba52379bf6ca240b1c57701a97b2
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
228KB
MD54d867033b27c8a603de4885b449c4923
SHA1f1ace1a241bab6efb3c7059a68b6e9bbe258da83
SHA25622a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3
SHA512b5d6d4a58d8780a43e69964f80525905224fa020c0032e637cd25557097e331f63d156cceaaacfe1a692ca8cea8d8bd1b219468b6b8e4827c90febe1535a5702
-
Filesize
8KB
-
Filesize
16.3MB