hxxps://goo[.]su/QUq8

Analysis

max time kernel
74s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/QUq8

Score

9^/10

evasion ransomware

Malware Config

Signatures

Modifies boot configuration data using bcdedit 1 TTPs 4 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
5072	bcdedit.exe
3876	bcdedit.exe
3300	bcdedit.exe
3876	bcdedit.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
14	drive.google.com
15	drive.google.com

Maps connected drives based on registry 3 TTPs 12 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\NextInstance	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\NextInstance	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	reg.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport\MinimumIdleTimeoutInMS	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ClassGUID	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Storport	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Storport	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\DefaultRequestFlags	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Address	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\AttributesTableCache	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\Attributes	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UINumber	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID	reg.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\DefaultRequestFlags	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport\InitialTimestamp	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Address	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ContainerID	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	reg.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters\DefaultRequestFlags	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport\InitialTimestamp	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport	reg.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ContainerID	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ClassGUID	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UINumber	reg.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	reg.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133535239158487497"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\GameBar	taskmgr.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\GameBar\AutoGameModeEnabled = "0"	taskmgr.exe

Runs .reg file with regedit 16 IoCs

pid	Process
4000	regedit.exe
4196	regedit.exe
1232	regedit.exe
2128	regedit.exe
3788	regedit.exe
400	regedit.exe
4252	regedit.exe
3204	regedit.exe
544	regedit.exe
2832	regedit.exe
1240	regedit.exe
3576	regedit.exe
2892	regedit.exe
3608	regedit.exe
4296	regedit.exe
1276	regedit.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
4552	powershell.exe
4552	powershell.exe
4552	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeShutdownPrivilege	1344	chrome.exe
Token: SeCreatePagefilePrivilege	1344	chrome.exe
Token: SeRestorePrivilege	4780	7zG.exe
Token: 35	4780	7zG.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
4780	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 4328	1344	chrome.exe	61
PID 1344 wrote to memory of 4328	1344	chrome.exe	61
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 4984	1344	chrome.exe	89
PID 1344 wrote to memory of 1860	1344	chrome.exe	90
PID 1344 wrote to memory of 1860	1344	chrome.exe	90
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91
PID 1344 wrote to memory of 2020	1344	chrome.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://goo.su/QUq8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d2d9758,0x7ffa8d2d9768,0x7ffa8d2d9778
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4752 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2612 --field-trial-handle=1872,i,15466224018313317361,12858516499846252377,131072 /prefetch:2
  2⤵
  PID:2192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4384

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11601:82:7zEvent22705
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable USB Idle.bat" "
1⤵
PID:1528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c WMIC PATH Win32_USBHub GET DeviceID| FINDSTR /L "VID_"
  2⤵
  PID:2780
- - C:\Windows\system32\findstr.exe
    FINDSTR /L "VID_"
    3⤵
    PID:1400
- - C:\Windows\System32\Wbem\WMIC.exe
    WMIC PATH Win32_USBHub GET DeviceID
    3⤵
    PID:3772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\FSE and Game Bar off.bat" "
1⤵
PID:2536
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "ShowStartupPanel" /t REG_DWORD /d "0" /f
  2⤵
  PID:4156
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "GamePanelStartupTipIndex" /t REG_DWORD /d "3" /f
  2⤵
  PID:3104
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AllowAutoGameMode" /t REG_DWORD /d "0" /f
  2⤵
  PID:5088
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3848
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "UseNexusForGameBarEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:2256
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:2356
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d "2" /f
  2⤵
  PID:2252
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t REG_DWORD /d "2" /f
  2⤵
  PID:1644
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d "1" /f
  2⤵
  PID:4380
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t REG_DWORD /d "1" /f
  2⤵
  PID:924
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_EFSEFeatureFlags" /t REG_DWORD /d "0" /f
  2⤵
  PID:1276
- C:\Windows\system32\reg.exe
  reg add "HKCU\System\GameConfigStore" /v "GameDVR_DSEBehavior" /t REG_DWORD /d "2" /f
  2⤵
  PID:4936
- C:\Windows\system32\reg.exe
  reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t REG_DWORD /d "0" /f
  2⤵
  PID:4296
- C:\Windows\system32\reg.exe
  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d "0" /f
  2⤵
  PID:4316
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:3940
- C:\Windows\system32\reg.exe
  reg add "HKU\.DEFAULT\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t REG_DWORD /d "0" /f
  2⤵
  PID:2356
- C:\Windows\system32\reg.exe
  reg delete "HKCU\System\GameConfigStore\Children" /f
  2⤵
  PID:3300
- C:\Windows\system32\reg.exe
  reg delete "HKCU\System\GameConfigStore\Parents" /f
  2⤵
  PID:3340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Отключить триггеры.bat" "
1⤵
PID:1176
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319" /DISABLE
  2⤵
  PID:4840
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64" /DISABLE
  2⤵
  PID:3584
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical" /DISABLE
  2⤵
  PID:2248
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical" /DISABLE
  2⤵
  PID:1432
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\ApplicationData\appuriverifierdaily" /DISABLE
  2⤵
  PID:4072
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\ApplicationData\appuriverifierinstall" /DISABLE
  2⤵
  PID:4544
- C:\Windows\system32\schtasks.exe
  schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE
  2⤵
  PID:3584
- C:\Windows\system32\schtasks.exe
  schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /DISABLE
  2⤵
  PID:3180
- C:\Windows\system32\schtasks.exe
  schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /DISABLE
  2⤵
  PID:4572
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Device Information\Device" /DISABLE
  2⤵
  PID:3056
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Diagnosis\Scheduled" /DISABLE
  2⤵
  PID:4380
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner" /DISABLE
  2⤵
  PID:2496
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\DiskFootprint\Diagnostics" /DISABLE
  2⤵
  PID:2624
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\DiskFootprint\StorageSense" /DISABLE
  2⤵
  PID:4936
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" /DISABLE
  2⤵
  PID:4252
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Feedback\Siuf\DmClient" /DISABLE
  2⤵
  PID:3932
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\International\Synchronize Language Settings" /DISABLE
  2⤵
  PID:4796
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\LanguageComponentsInstaller\Installation" /DISABLE
  2⤵
  PID:2248
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources" /DISABLE
  2⤵
  PID:1432
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Maps\MapsUpdateTask" /DISABLE
  2⤵
  PID:2624
- C:\Windows\system32\schtasks.exe
  schtasks /Change /TN "Microsoft\Windows\Maps\MapsToastTask" /DISABLE
  2⤵
  PID:524
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\PushToInstall\Registration" /DISABLE
  2⤵
  PID:4772
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Setup\SetupCleanupTask" /DISABLE
  2⤵
  PID:2232
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Speech\SpeechModelDownloadTask" /DISABLE
  2⤵
  PID:2340
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /DISABLE
  2⤵
  PID:4572
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\WindowsColorSystem\Calibration Loader" /DISABLE
  2⤵
  PID:3656
- C:\Windows\system32\schtasks.exe
  schtasks /change /TN "Microsoft\Windows\Work Folders\Work Folders Logon Synchronization" /DISABLE
  2⤵
  PID:2628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable IoLatencyCap.bat" "
1⤵
PID:1628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Services" /S /F "IoLatencyCap"| FINDSTR /V "IoLatencyCap"
  2⤵
  PID:3772
- - C:\Windows\system32\findstr.exe
    FINDSTR /V "IoLatencyCap"
    3⤵
    PID:4540
- - C:\Windows\system32\reg.exe
    REG QUERY "HKLM\SYSTEM\CurrentControlSet\Services" /S /F "IoLatencyCap"
    3⤵
    - Maps connected drives based on registry
    PID:1420

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable HIPM _ DIPM, HDD Parking.bat" "
1⤵
PID:1888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG QUERY "HKLM\SYSTEM\CurrentControlSet\Services" /S /F "EnableHIPM"| FINDSTR /V "EnableHIPM"
  2⤵
  PID:2616
- - C:\Windows\system32\findstr.exe
    FINDSTR /V "EnableHIPM"
    3⤵
    PID:3196
- - C:\Windows\system32\reg.exe
    REG QUERY "HKLM\SYSTEM\CurrentControlSet\Services" /S /F "EnableHIPM"
    3⤵
    - Maps connected drives based on registry
    PID:2968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\BCDEdit Tweaks.cmd" "
1⤵
PID:4344
- C:\Windows\system32\bcdedit.exe
  bcdedit -set disabledynamictick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:5072
- C:\Windows\system32\bcdedit.exe
  bcdedit -set useplatformtick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable StorPort Idle.bat" "
1⤵
PID:4316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Enum" /S /F "StorPort" | findstr /e "StorPort"
  2⤵
  PID:2960
- - C:\Windows\system32\reg.exe
    reg query "HKLM\System\CurrentControlSet\Enum" /S /F "StorPort"
    3⤵
    - Checks SCSI registry key(s)
    PID:4480
- - C:\Windows\system32\findstr.exe
    findstr /e "StorPort"
    3⤵
    PID:2252
- C:\Windows\system32\reg.exe
  Reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&10\Device Parameters\StorPort" /v "EnableIdlePowerManagement" /t REG_DWORD /d "0" /f
  2⤵
  PID:468
- C:\Windows\system32\reg.exe
  Reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&FA\Device Parameters\StorPort" /v "EnableIdlePowerManagement" /t REG_DWORD /d "0" /f
  2⤵
  PID:2780
- C:\Windows\system32\reg.exe
  Reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\{8e7bd593-6e6c-4c52-86a6-77175494dd8e}\MsVhdHba\1&3030e83&0&01\Device Parameters\StorPort" /v "EnableIdlePowerManagement" /t REG_DWORD /d "0" /f
  2⤵
  PID:4072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable Memory Compression.cmd" "
1⤵
PID:2344
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  PowerShell "Disable-MMAgent -MemoryCompression"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\W10 Отключение HPET.cmd" "
1⤵
PID:4588
- C:\Windows\system32\bcdedit.exe
  bcdedit /set disabledynamictick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3300
- C:\Windows\system32\bcdedit.exe
  bcdedit /set useplatformtick yes
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Remove Power Saving Features On USB Devices.bat" "
1⤵
PID:4340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic PATH Win32_PnPEntity GET DeviceID | findstr /l "USB\VID_"
  2⤵
  PID:468
- - C:\Windows\system32\findstr.exe
    findstr /l "USB\VID_"
    3⤵
    PID:3108
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic PATH Win32_PnPEntity GET DeviceID
    3⤵
    PID:4856
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\28754-0000:00:04.0-1\Device Parameters" /v SelectiveSuspendOn /t REG_DWORD /d 00000000 /f
  2⤵
  PID:2624
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\28754-0000:00:04.0-1\Device Parameters" /v SelectiveSuspendEnabled /t REG_BINARY /d 00 /f
  2⤵
  PID:4936
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\28754-0000:00:04.0-1\Device Parameters" /v EnhancedPowerManagementEnabled /t REG_DWORD /d 00000000 /f
  2⤵
  PID:3772
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\VID_0627&PID_0001\28754-0000:00:04.0-1\Device Parameters" /v AllowIdleIrpInD3 /t REG_DWORD /d 00000000 /f
  2⤵
  PID:1432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic PATH Win32_USBHub GET DeviceID | findstr /l "USB\ROOT_HUB"
  2⤵
  PID:4576
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic PATH Win32_USBHub GET DeviceID
    3⤵
    PID:2624
- - C:\Windows\system32\findstr.exe
    findstr /l "USB\ROOT_HUB"
    3⤵
    PID:4252
- C:\Windows\system32\reg.exe
  reg.exe add "HKLM\SYSTEM\ControlSet001\Enum\USB\ROOT_HUB20\4&3104EFD0&0\Device Parameters\WDF" /v IdleInWorkingState /t REG_DWORD /d 00000000 /f
  2⤵
  PID:2256

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Reinforce Network Priorities.reg"
1⤵
- Runs .reg file with regedit
PID:1232

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Ping Reduction .reg"
1⤵
- Runs .reg file with regedit
PID:4296

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Optimize ALL Windows Settings.reg"
1⤵
- Runs .reg file with regedit
PID:2832

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Printing Services.reg"
1⤵
- Runs .reg file with regedit
PID:2128

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable LargeSystemCache.reg"
1⤵
- Runs .reg file with regedit
PID:3788

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Download Maps Manager.reg"
1⤵
- Runs .reg file with regedit
PID:400

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Delivery Optimization.reg"
1⤵
- Runs .reg file with regedit
PID:1240

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Telemtry _ Data Collection.reg"
1⤵
- Runs .reg file with regedit
PID:4252

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable SysMain (Prefetch).reg"
1⤵
- Runs .reg file with regedit
PID:3576

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Sync Host.reg"
1⤵
- Runs .reg file with regedit
PID:3204

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Search Indexing.reg"
1⤵
- Runs .reg file with regedit
PID:2892

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable OneDrive Sync.reg"
1⤵
- Runs .reg file with regedit
PID:544

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Network Throttling.reg"
1⤵
- Runs .reg file with regedit
PID:3608

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Network Throttling Index.reg"
1⤵
- Runs .reg file with regedit
PID:4000

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Nagle_s Algorithm.reg"
1⤵
- Runs .reg file with regedit
PID:4196

C:\Users\Admin\Downloads\оптимизация\2)Программы\PowerSettingsExplorer\PowerSettingsExplorer.exe
"C:\Users\Admin\Downloads\оптимизация\2)Программы\PowerSettingsExplorer\PowerSettingsExplorer.exe"
1⤵
PID:4380

C:\Users\Admin\Downloads\оптимизация\2)Программы\Отключение ненужного\Autoruns.exe
"C:\Users\Admin\Downloads\оптимизация\2)Программы\Отключение ненужного\Autoruns.exe"
1⤵
PID:928

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2928

C:\Users\Admin\Downloads\оптимизация\2)Программы\PowerSettingsExplorer\PowerSettingsExplorer.exe
"C:\Users\Admin\Downloads\оптимизация\2)Программы\PowerSettingsExplorer\PowerSettingsExplorer.exe"
1⤵
PID:5072

C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\Test InputLag.exe
"C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\Test InputLag.exe"
1⤵
PID:2216

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\Input Lag.reg"
1⤵
- Runs .reg file with regedit
PID:1276

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\InpetLag.ps1"
1⤵
PID:5056

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\оптимизация\4)Доп\SvcHost.bat"
1⤵
PID:2520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /format:value
  2⤵
  PID:4868
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic os get TotalVisibleMemorySize /format:value
    3⤵
    PID:1356
- C:\Windows\system32\reg.exe
  reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB" /t REG_DWORD /d "5217772" /f
  2⤵
  PID:184

C:\Users\Admin\Downloads\оптимизация\6)Ускоряем интернет\DnsJumper\DnsJumper.exe
"C:\Users\Admin\Downloads\оптимизация\6)Ускоряем интернет\DnsJumper\DnsJumper.exe"
1⤵
PID:4848

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\оптимизация\7)Настройка винды для игр\2i1XrLcGdvo.jpg" /ForceBootstrapPaint3D
1⤵
PID:5088

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
PID:3848

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2684

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Modifies data under HKEY_USERS
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
44b92eafe1c720eb37201fb5be5473b4

SHA1
72168de0ee759e4b87ff11dd7f06a6eca53bb108

SHA256
c0e1d2a13b041aaad18687b88d4c4b2d63bf5698ec176ab50371dd6cbe190750

SHA512
3d83ce8b90d3351c03ae47291155ca200d1d707ea022a1d782d0f3d6d7eecce1d54493655db57fc50af8ef070963b06530b8873b995669d41ade18d452425d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3b7f2dce958c413d2973adde4d084427

SHA1
87f55b5af1b6c8c09d4381acaaf336a7fa5b2fe4

SHA256
5ce83cfb57db95f8828abb73744a06bc989ebe861c9ad4b638013bcd3b752019

SHA512
b5c5606191281541dbe652163a85ae887f9ba4c5d9cfca0a32b6cc442199dc86ce7ceded580df33ae2401b28c59a419ccaf1f5958b948d46af90c4ab46872f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
82f091e6b44d33c0d65c6e8546f39277

SHA1
8cffd7f5685b7fe173e49fc0ac33e1fc30df4af7

SHA256
7bcd96e79b00fbcc1d0fa80a23d6bb4b9b222b0e4a7593b359f45f948d6fcb8e

SHA512
ed154812cdd09de9c48e7a95be5783b7b8d72a0d3904b9d8c6596ba28635bbf4d08239bb5ffc6a4a7c79a58e61bcf208fbe6f2f93086c48f99f2aabaf2063032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1f4bfd04548288c878d0d68e5aadc4ee

SHA1
4d34c808fde4a0bbe8b08ff647ea478e30322a1f

SHA256
8fb1f766fe3c834a209c0748f9c6380615cd971c3935a6996cd8a586ed4677f5

SHA512
7280007b07e4ca5a1ab782e5714426a252086aca59472eed4c6283644246aaf198c0cc241f60181edf8e94080fd40bb95b81ace9c7f796c1630c709ef53d692d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a3a3328d3d0ec0add8377fbc824ecdb6

SHA1
27f941f4f079d0a40d1ae888c00d3008366abdfd

SHA256
875436641cbc335e79837f576b375bf4362b418799aedb79a81fdc0189027907

SHA512
9874141aed2a0564d56118fb016b38cbb4ebcd3dfc1d472c964e9e91316a758d2cb5d5fe43e076e4424917107e39e8dff77a421dae92b6c83403a904035d0e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
312096263f7a6d6a103f4dd75ae47061

SHA1
a96e4e5b5948e59ae9cb90107bf36ed60fa537ab

SHA256
4cc29a5f3dc47ff8ae3c3acb8c74317ca73dca0a03eab4062b2aef1a71a81b5b

SHA512
8bc9ec1b85e07506b1c0c97e72899a7036a0490721ac4011d9947cfa31525dee3afaa060e5692c88f39a1057a3171b30994b43b4799c6895861806e128066a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4220334e4c9520a11991a932b1420337

SHA1
2da2d9c1b81bdc6a555dc2a8a213c8214ceb341b

SHA256
ae649df8f96802b0d6f6541e4234f26e986e408759c80d9c0326c24a00586e52

SHA512
9e03f612e60a3772ff714dd6fb3f0898fe9fb014dd1bae5aac9e123938a5655d29a50a7b4e17c40d424942be230b70c934b635dfaf7325ee42e57ffb13d3f9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3988c1484c4680adb3ad41d1ee45422d

SHA1
bc927518b9a8e055b3a1b2934f628f30b2634b91

SHA256
e766717f3b1a867797c28189b54a2b694c3d52d5fc6e27989024fe8f9dc8a8ff

SHA512
b73912a7faf06498acc7e574dfa52143f4b55fdd8f95ed9fa830ac9393f807cad264dfbb96b7a9324ea181664a8999a5777c50e739d96d85af49f6ef5a6a4a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba424e0a2b0e3fc8de9fd55c86d8cc7d

SHA1
fccf606ae571ea1c9c0ba788d7b9e082847aa682

SHA256
fa0d4b7a3af8e1b24677585de5e9713509eb7801e0659f2daf6dbcf2130d6ccf

SHA512
e7a022467ab914fa553fea04f569d5ae1bdc450b8c2f9ba391025ff356da6d6803b08c3e36fedc9871a19b0d09bf6645ba4d591140427fdd170f8754a2e6b76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43a5fc71e68609dc4fa37a1f32cdf048

SHA1
5b8cd887959afa499fca46cc5992232e041b7432

SHA256
7c061741341564729898a9d805996bb849bde774de69c55ba6a492caf8b2df94

SHA512
55ce0fcac2d824d22cf9ed81180e7b71ab6049aac9e1ccd98b59b4198d49c5c900364a2cce86dc7563fb9f05a6c20aa00172c4921e62036b1f245f7c7b43981d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b1bbe8c2af567945beced9fb847869d7

SHA1
fefb05ab0353773591809da493d4b90d3aef70ff

SHA256
08190adc813b18f6c6dfa781cb1a469b083f163d8e3ac03e3a9ad911fb35daf9

SHA512
94fb848b94b64f86df0062ba8c38855bece8c23c2726a263801126aef156ecb25a04136a6aceef5c8ade36364f3b9e1bf5169f1c69ff98f485d335b46c9b112e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
5ddcce547ecf6d15f980e8ebe3b7393d

SHA1
04c9887947ef9836ae32df1d55e7f503e9273435

SHA256
8654f2654c2f2ce5a03e18a2e4bb82fed5845f3b9c06695e475fe33760f5f30f

SHA512
37757c0f2dc061c9df3329ad429e0c9ac28946ec253bf8b04505c3f9ca79753b73695c84495d4afb8a9f0cbef913d0f2dec24b7b29d1dc8a700c772636a17c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e43b662b74eff98a3080a4ba0da18cf4

SHA1
a6aa5854b2a2751015bf41a587ee02697cbf7383

SHA256
553e55335f6e596838dcec3b21e91f3f54579b2a1f2ea2c0f05b428a687654f2

SHA512
1085a7ae18015191d1fc39161e16a8b3c81ba56d6f7800745fefc8b1104b83197239d09e9039c5a113abe05c247216e2cc2dbaf18953c47a4dd92be3f1696216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
c04f5895b215f48b066fef7f76c96535

SHA1
917544c9ebfbfee5959922b6f3a2799b1a086f0f

SHA256
a1e2bb07b50f4c576f0694471f65c2e0eb9d3280bcfc9dc47bd91e11a96f4c31

SHA512
5911ff3c8266cf229d967a41883e2da192d2f0aa9c872e6c49db1672be55547609bb9741463eec18cc926e6a74de2bd9e17abc1bf5d06fbfb1693d9f42ca492a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57db8b.TMP

Filesize
97KB

MD5
1512ae16845d715479e0ac07376b7117

SHA1
9ba3f9e1b9618265a2db5b6812c2e70a718b1318

SHA256
0f537f16a615f742322fad6c15efee3428275b525609d8313a971e86afc83843

SHA512
78c3e4ab355d7a7cfb280dda223a87141f7cecdcf87ff8b9d2da70ed792d8a9914695156db369cbbfedeb830f6ea628b7911313d8b5ae414f00da2f926f93f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a9cf3405e512981721dae484c5bc2df3

SHA1
65b7edd9478f9617628363e0d08b27cba9255c9a

SHA256
d56e8d4ce3e1a11bbac2c30d016b0dad8318bffaec04b974d283e457a7fc12c0

SHA512
d6e426ce043149d2e2c74f622a48fb0369069a0eed7b34686db7c970952da7bcf3f469536e8b3c54a59da7c90aceb67b252fe32a58062c213d3b97dc7f7424ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PowerSettingsExplorer.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qcpbrj44.yfw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\оптимизация.7z.crdownload

Filesize
6.8MB

MD5
dbe17e993d52f442017d936f30252b4d

SHA1
fe6beb99fada2597b8a8a285f47d4d4536827e32

SHA256
732b1ef886ec257b3a76ab6bf721d2132e7f7bba1fc0e94186b47c251a3531a0

SHA512
82a7881e3b0aa112514857529c17f88e7df29d68c06128c6df8c6e04d2de91dd98cc8a6d9dfb7a939ccb550faf71defe444b18746cc214402397fdcf95ab20ea

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\BCDEdit Tweaks.cmd

Filesize
90B

MD5
8fb4daf9de9d35aa1824b6b946f42006

SHA1
197cc1f77ac633a36b058efaab3c5b055e834e78

SHA256
65d59f04ed85426c3f8c10d87526ade925064ca23e3bbed3480b8c9d4d0da2fc

SHA512
36f0ff554aeb56774afa3c301ab642e496ddd1b6db3f575e7a29657ee01d05701224162ebffd90a1dabd3b817cb5e83847be18bd74dec51459e3bb4fb0581ec2

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable HIPM _ DIPM, HDD Parking.bat

Filesize
599B

MD5
3d42a1761e2d0acca609626228706d2d

SHA1
03c4ec827c37a3930d8541eed0fc6fd6763d59e7

SHA256
ddd7bab4cfe8ddde80628e8513ad9caab5d0a08bb858a0730bc9f8fea7bc3358

SHA512
eec61727062e20b091560eb1ca1d8fd245f60d837b114054e01d2048859a060de49d8db13334899d1a25cc8314ee9bf3dfe690e6ad3fba7f396b8f7cb8b184ce

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable IoLatencyCap.bat

Filesize
497B

MD5
276f547ecaf945b1e74d05bb42351614

SHA1
31bc9618c67f38e6ac42330ff6b7f8d37848b919

SHA256
2bdd7f228d308ba930e06b436d0523d3a4cec248c7ae692045e92153a99ff683

SHA512
ab4ad5102e6ef02f8673441ee98add0e5a2c5702ab8ea30df9a181c6b0f200a359ea45f1f297066e9c40a155b92c2c3ed06780e0ee4ae16805f104ce813b1958

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable Memory Compression.cmd

Filesize
65B

MD5
a64d3a4c1d61344273de4e3f2dd3b652

SHA1
245859a286db226f15a0c8c51c9b71f31ea1b79a

SHA256
6f4b8912c0f77f2e589e8fed98246680bdd01a442f91729ce15ee812b8f4d50e

SHA512
e564799596d11b71590569f8c7b31fe7446cabc2dc6bc423308edf7ad2fcb74cbc621891cc594a6b2ebc8320600d0ca2530e92042477246914c55f369d2856cb

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable StorPort Idle.bat

Filesize
190B

MD5
3748031aa41d22cb2a13acf467322463

SHA1
1b449c976bd74e12ec2f225146338415f325a13c

SHA256
15b36ea42bbd1692172c7c4e87b9f45e5de5431523da27fa2c43cfa853a735d5

SHA512
4925a9583ce95526806dc9a085842317884e2f1598826d35acbe573664bbd3431bbb3f0894ebb72a159ca2fe3b1eb4f1f7224447ca4121588067138decff6de2

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Disable USB Idle.bat

Filesize
843B

MD5
8c943666e3610881a893599b91c2c437

SHA1
d101c21a9bc60bb60ddc8864ae6344b10e1323cb

SHA256
a0b8e7dad496ce34017845a161fad3e0e82d18f6478132335bdd8138941fc1d7

SHA512
8cb5e55357bc1789578818c8fe192a6461934790761fe74cb92dc5fcba4829b4419d70fe97e65109e883eecca1ddff6b4dc33cf1f46f1e6f95e33804ce2e46cb

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\FSE and Game Bar off.bat

Filesize
1KB

MD5
4ba02c9f38bcf7472e7d20d01edb9035

SHA1
9500b831a16501ec0f3e8d5024e55d6a413b6574

SHA256
cfa8fc9f9495eff7055bf09b553a8ec2af446a2d32f018d48aec70839fed7d9c

SHA512
a5a13d1195a19411c918d3fc907ee38ddd7b1a4a4ecc4fbee094befa87929b22c7ccb9fbf920230d4c4ae2b362f41236d32b7e2ce7599b70750a71a77cee3291

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Remove Power Saving Features On USB Devices.bat

Filesize
1KB

MD5
adc3a53e44dad373d8ae93fac28b99c3

SHA1
51c1a3a4cc7929ab97cdfb2b2163ae23855748f0

SHA256
120380d12209ab864d70f7db009d5e73dc4d7572f3a117b3186ffa8e1a3dadf1

SHA512
8528be3e7dc11f7544bf1d7ca3cb5db1b79d747f380b75e9374d7a94047aacf78b636fb5e268a85fe9b0515ada41eb1cc2824ab394696e4a30aa7e7e839c9165

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\W10 Отключение HPET.cmd

Filesize
166B

MD5
422d6d73df6d0053b764b4a9994e3da9

SHA1
9e8e5f1e0a131c168130735a03d12825cd5e23fc

SHA256
af0c9a0c3e91e1abd8f2d9ac84566b2676fea9460ac3482785de3c046a616d51

SHA512
ba387c44c27c6925d6ed6b02a517f1da545301918b8c67504154ebd96ab1460bf39555c8545fb6b670ab7cd3cd5bc2c81815f6062c9cde2c3035a984cae541b1

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Download Maps Manager.reg

Filesize
129B

MD5
449dc42b945049150104b9b0a99c818c

SHA1
34ed7875f8e0238a97936d1ef999d5f68d5e2433

SHA256
ad2026b5aec7f303fe06dae3d1665745f52f4f4a7a9bc15d2a330da018664279

SHA512
6335f6e1e1597934a9a30afba19973135a486793d70bc6dd66691b3416ef5e17212fd9b6f04e524ae11c80c62aab0ec313d85848f260faf4f296a524b705b1bc

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Search Indexing.reg

Filesize
126B

MD5
2d94a75c3b961c6213e47b0fbf1cb9a0

SHA1
1f3bd9348c2f574f0395810232f8f38c4be42033

SHA256
eddc6b35b5668bf7832efccaf5fadde5553d2a3401272d7b6581ab1740200936

SHA512
e084c3308adbd1c52ef623723620cccffb4e0be61155d4acc49a813a88422d339b99417d3494caab8e445b902f5768e12e4470101c5fcb18139652fce7ce7c4e

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Sync Host.reg

Filesize
228B

MD5
7bd2c5790ffbdb3f484a988f0ba48186

SHA1
585aa26c40aded6a1ddab04b25595b1e93be115f

SHA256
4e91adf9f2c19be7e156d91c3c66cfef06ba609705a9c5531ccd1021bd84fb3c

SHA512
94014447d103d95f4d11e99e52fdd154cddcf598d3d945894f127ce4b503b92d2db0aa985d893d782b0d12e736d11ce6714615ee15aa87c8bd367db580914ba8

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Disable Telemtry _ Data Collection.reg

Filesize
525B

MD5
31602cac64db2e48525be1134d9db431

SHA1
0e6a69ed7e2d20bb9c6b5500857f2b5d3fe16b7d

SHA256
21133fd37949154f4c7abb0d97392cd1e2c1ab7edb7d8037c96ffb0495539503

SHA512
8e6603c0ebf155ceb4367ce55cb99857b348221aaa79ff35a46684c426f341c4902de90f934007dc2463aedb714142d0b671298e774b819a6863993d08f15692

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Optimize ALL Windows Settings.reg

Filesize
8KB

MD5
3266135f9b8b33428c6b5e7ffb5ee26e

SHA1
317d8b997501cdf7512e6aa5433962d597c14ec4

SHA256
f909cd4d72b005d12deda40c76154ef2a6b86645eb1f53f6fa729591f4cb7312

SHA512
94ee9adcd08a7efdc93cb73e8c75fe253dcb299374c7c91fb1fcf9a5b2779d933baaae78ac07381aaa28552bde086c0f3eac111dda244995d64918283705ac83

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Ping Reduction .reg

Filesize
277B

MD5
57c99c02641f3e1abe8010f6c762aac5

SHA1
45d608d2984a70d496973f89f6c0d13b0ecac681

SHA256
1a32e2afc77b817ca97f230987c192ddbea588d47e400c65e5fa4e96999c0c7e

SHA512
ca61ad48ebb12f0933819f2d0df22fc9e64e070d102cfdbf9e7f59fe80754ff56de0a3122952bc37c7d8a08c4a232e48aa879cc87e3d7931b88c708ef8e99eb7

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\reg\Reinforce Network Priorities.reg

Filesize
476B

MD5
313f8090bb0565cdf2e6014025752aee

SHA1
c92de8170e4107d4d1f986c0a06c6dafa8b848ca

SHA256
3cdbf75f6495fc16b6270e4e48ac887ad658196c4921d97dea60c56a586c95be

SHA512
8b97d1638b68351d761a82f70c6b4a33305299b75d784e7faaef6288cc14074255c5b090955263960ddeaf87f96cb1e2c7decb0c094104e9a09fd589e1966c14

Download Submit
C:\Users\Admin\Downloads\оптимизация\1)Твики и батники\Отключить триггеры.bat

Filesize
2KB

MD5
1108a945699a0d4dea254d17c03ae4d8

SHA1
53c485918a8a44916dc3bf5e35af4e1d1d36a4c7

SHA256
6a7e8310851530191bdecfbc30f8f60a79a8127beed96a9e51aad99861e4c123

SHA512
924422e091974a232f987029d08b45a26f0e07c2e05c37d203cd2478d62fddbdaf7f18a3a0ad8abe09e3ddc8bb3bbef20e9a88f3e741c00b278d3f4c95c782cd

Download Submit
C:\Users\Admin\Downloads\оптимизация\2)Программы\PowerSettingsExplorer\PowerSettingsExplorer.exe

Filesize
62KB

MD5
c4d9a626b5ccdd58c0d6e2e7b878e4e3

SHA1
92659bab6cb0d442b2dd5017bb016c9065b1248e

SHA256
225c816d2866ad332ebb772146803d06ec59afbcc902e8439ad38b65b10dbfa5

SHA512
5eb0aa0d8cc2958c692a498263c74345075aa23cd83b0032bb411fe97f458a9cbfc532dee96f2d4a86b8cacc3f44704a2cd46954ae2c209419d728bb1fc91e8d

Download Submit
C:\Users\Admin\Downloads\оптимизация\2)Программы\Отключение ненужного\Autoruns.exe

Filesize
849KB

MD5
467f8eae55485b4c763ee1c7b197b257

SHA1
1ddae5b6b41641708344dc4829cc31244411ab37

SHA256
76aa211322398ac0cf8f6f69ee0a5251f53ddc5a785d923abbe5bb742eeb3854

SHA512
ad271cc2be5e3a32223ce9138b6943a0ee910aabdc2c84330e6ea2c56eb95cd6cef0592d4e52cc405ee6fe2d08bb5e7ed940bd52e3f5fbe24041b4c38497a33e

Download Submit
C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\InpetLag.ps1

Filesize
105B

MD5
6ce25ddcf0964ea14d82b8bbad4657b9

SHA1
871988a4a505b2d583ac1bde2bc8bdd7dbc2427b

SHA256
090c1b1afa5c377abe75b31eb233f2244e90e595a1ad336c0318ef28b3eb228b

SHA512
7d6bdbc57141f7ca740a75ced27e5547e65e20db81d202ced084d0233783577da77a93b52b7cc25ccb8bb5ac01b248cb049ebd8069a0eee95e99e1db9be9aaee

Download Submit
C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\Input Lag.reg

Filesize
150B

MD5
005c86c309e35daea3f2696598c7b74d

SHA1
fb682ccf43208ca03db4693e192f91f14b2c6776

SHA256
f9bed6b159e27e31698bb63309be7728f558441d3822390bb6ad03e3780b26b5

SHA512
d2cc7194f0f93c9a4abd952238e21a73751209bd774139b3638cefc7fda9435c9fa301f200eae3941d59853ed82d93220bc7e8a5bede8f96df31ec366d89b605

Download Submit
C:\Users\Admin\Downloads\оптимизация\3)Инпутлаг\Test InputLag.exe

Filesize
299KB

MD5
b3849adedca497a29e4b1a13f6851d45

SHA1
38438d73c378fd410d8d51ee954231f73ce9aa1d

SHA256
00a7c7b88877bf59dbaa70de734fcd3f287f1eb92caff4571a4c8e67a5dc0aca

SHA512
9fd6df7f1173bf8258f54d9153505dc648dd7a8b99e4c995ebb37965795d8467dd560beff035c2d33d0a047a43c280b4fa22e7fee019767e9190453c7769a425

Download Submit
C:\Users\Admin\Downloads\оптимизация\4)Доп\SvcHost.bat

Filesize
244B

MD5
df6196cdafd037a0c6a0cf92d928350b

SHA1
12ef3e58ee9bd8065b142b2a322412abdc9d71a3

SHA256
7ff39526d70ffc604171493970b242f1b65d959d6a6abb2e6a03f098bbab544c

SHA512
03b864a82db88061b871c929a6b7f9bb55e577a1858c7f5bb07adb308a33f202094e972628ef6e7b5d2d045646c9fafc8ce382f30f0898e9625ec8fe9b7568c9

Download Submit
C:\Users\Admin\Downloads\оптимизация\6)Ускоряем интернет\DnsJumper\DnsJumper.exe

Filesize
884KB

MD5
aea6dfbb052b8613b2df44fd2d008d09

SHA1
17434441b4d61320edf8ae506923403c36088d51

SHA256
7e221e7967570b0deca8e1c4f23ed9e39423dcc0733337bcb6e2c08b3b7b9ba1

SHA512
d4ad11a094ea9aa8e47bde543f917ffccb157a8633ab7cb7e0790f3c571cc067c3d62965bf499e630ebd8d0cd8af5e0f31ab9e40ae54ad306fa16aa94f9296d7

Download Submit
C:\Users\Admin\Downloads\оптимизация\6)Ускоряем интернет\DnsJumper\DnsJumper.ini

Filesize
219KB

MD5
50cc0269c0fcf7e487a54c6554ffd325

SHA1
eadc94e98c36fe8352400ff9084835365f0f1799

SHA256
b7b5b74a55784d3d552bc968cecc562463467697b256a0aa36f55e1bcc96e344

SHA512
585594e3aa4890e6329db3de65f60b352091d5c35c38391e2b0e782e0584f4a55e2dd73b529628c6f99251b9261d7b81ce18c0af39339cd5cdcbdbeab65e6000

Download Submit
C:\Users\Admin\Downloads\оптимизация\7)Настройка винды для игр\2i1XrLcGdvo.jpg

Filesize
185KB

MD5
cdff5f1ffe89e579f1e6f80d3a26944c

SHA1
d090fae459d3886053950b0a7777dd46f531c1f4

SHA256
8d737cd05278b2f86fec18f0ed961fa6dcace43ffe63d8a6f361be51c0b3557e

SHA512
1e48e28c58acfbefe08e8ea50b98035bdc274e68e2a5839378d0d0362aa92ba907d0ea28de1afcc3b8926006fb5fb32a933535c646cbf65ab246da765c851f35

Download Submit
memory/2216-343-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2356-526-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-524-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-525-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-521-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-522-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-515-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-523-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-514-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2356-516-0x00000240B6080000-0x00000240B6081000-memory.dmp

Filesize
4KB

Download
memory/2928-302-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-316-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-315-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-314-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-313-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-312-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-308-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-311-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-304-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/2928-303-0x000001B54D210000-0x000001B54D211000-memory.dmp

Filesize
4KB

Download
memory/3848-375-0x000001A6BA630000-0x000001A6BA631000-memory.dmp

Filesize
4KB

Download
memory/3848-360-0x000001A6B1930000-0x000001A6B1940000-memory.dmp

Filesize
64KB

Download
memory/3848-383-0x000001A6BA6C0000-0x000001A6BA6C1000-memory.dmp

Filesize
4KB

Download
memory/3848-389-0x000001A6BA6C0000-0x000001A6BA6C1000-memory.dmp

Filesize
4KB

Download
memory/3848-381-0x000001A6BA6C0000-0x000001A6BA6C1000-memory.dmp

Filesize
4KB

Download
memory/3848-373-0x000001A6BA630000-0x000001A6BA631000-memory.dmp

Filesize
4KB

Download
memory/3848-382-0x000001A6BA6C0000-0x000001A6BA6C1000-memory.dmp

Filesize
4KB

Download
memory/3848-371-0x000001A6BA5B0000-0x000001A6BA5B1000-memory.dmp

Filesize
4KB

Download
memory/3848-364-0x000001A6B1970000-0x000001A6B1980000-memory.dmp

Filesize
64KB

Download
memory/4380-295-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/4380-291-0x000001F974550000-0x000001F974560000-memory.dmp

Filesize
64KB

Download
memory/4380-290-0x000001F974170000-0x000001F974186000-memory.dmp

Filesize
88KB

Download
memory/4380-289-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/4552-250-0x0000020CDD660000-0x0000020CDD670000-memory.dmp

Filesize
64KB

Download
memory/4552-239-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/4552-245-0x0000020CC4FA0000-0x0000020CC4FC2000-memory.dmp

Filesize
136KB

Download
memory/4552-265-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/4552-253-0x0000020CDD660000-0x0000020CDD670000-memory.dmp

Filesize
64KB

Download
memory/4552-252-0x0000020CDD660000-0x0000020CDD670000-memory.dmp

Filesize
64KB

Download
memory/4552-251-0x0000020CDD660000-0x0000020CDD670000-memory.dmp

Filesize
64KB

Download
memory/5072-412-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/5072-339-0x00007FFA79380000-0x00007FFA79E41000-memory.dmp

Filesize
10.8MB

Download
memory/5072-340-0x000001B3FF2F0000-0x000001B3FF300000-memory.dmp

Filesize
64KB

Download