Malware Analysis Report

2024-11-16 12:28

Sample ID 240306-sljl7sbb28
Target MikeStore.exe
SHA256 875c1d415ffde3210ff70471ba63a4c97da58094941a2aff72e1f8d21ee93b06
Tags
discovery exploit
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

875c1d415ffde3210ff70471ba63a4c97da58094941a2aff72e1f8d21ee93b06

Threat Level: Likely malicious

The file MikeStore.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery exploit

Possible privilege escalation attempt

Modifies file permissions

Checks computer location settings

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Modifies registry class

Modifies data under HKEY_USERS

Kills process with taskkill

Runs .reg file with regedit

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 15:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 15:12

Reported

2024-03-06 15:15

Platform

win7-20240220-en

Max time kernel

118s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MikeStore.exe"

Signatures

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MikeStore.exe

"C:\Users\Admin\AppData\Local\Temp\MikeStore.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.uk udp
US 172.67.217.102:443 keyauth.uk tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 keyauth.win udp
US 104.26.1.5:443 keyauth.win tcp

Files

memory/2860-0-0x0000000074050000-0x000000007473E000-memory.dmp

memory/2860-1-0x0000000000EA0000-0x00000000016EC000-memory.dmp

memory/2860-2-0x0000000005260000-0x00000000052A0000-memory.dmp

memory/2860-3-0x0000000005860000-0x0000000005C36000-memory.dmp

memory/2860-4-0x0000000006C40000-0x0000000006D8E000-memory.dmp

memory/2860-5-0x00000000003F0000-0x0000000000404000-memory.dmp

memory/2860-6-0x0000000005260000-0x00000000052A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab2290.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar23EE.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e960db78df2027a3b1f05e3fd66dafae
SHA1 e1f3467f32220ed8c7c0b16f0aa5986b4253dfef
SHA256 5648dadab60d015f27583da5400f12485cf24ff170064740dd7e3b3418b64036
SHA512 9542c9d59d06c5d170dc37e87315658b57ea347110eb661069e76eae673bced71e9f8dbe5b24456d9da29b8b979cbb2687992581db68a900d40d952352f3f701

memory/2860-93-0x0000000005260000-0x00000000052A0000-memory.dmp

memory/2860-94-0x0000000074050000-0x000000007473E000-memory.dmp

memory/2860-95-0x0000000005260000-0x00000000052A0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-06 15:12

Reported

2024-03-06 15:14

Platform

win10v2004-20240226-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MikeStore.exe"

Signatures

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Enumerates physical storage devices

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Control Panel\Mouse C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" C:\Windows\SysWOW64\regedit.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1528 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 436 wrote to memory of 2184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2184 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 436 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 436 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 436 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 436 wrote to memory of 4656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 436 wrote to memory of 4656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 436 wrote to memory of 4656 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 1528 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 756 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 3700 wrote to memory of 4444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 3700 wrote to memory of 4444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 3700 wrote to memory of 4444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 1528 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 2196 wrote to memory of 436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 3940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 3940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 3940 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 2196 wrote to memory of 1504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 2196 wrote to memory of 1504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 2196 wrote to memory of 1504 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\takeown.exe
PID 2196 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 2196 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 2196 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\icacls.exe
PID 1528 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1544 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\cmd.exe
PID 1528 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\regedit.exe
PID 1528 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\regedit.exe
PID 1528 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\regedit.exe
PID 1528 wrote to memory of 3868 N/A C:\Users\Admin\AppData\Local\Temp\MikeStore.exe C:\Windows\SysWOW64\regedit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MikeStore.exe

"C:\Users\Admin\AppData\Local\Temp\MikeStore.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\limpar_residuos_.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4_Limpar_Cache_de_Navegador.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ccleaner64.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ccleaner.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /A /R /D Y /F C:\Users\Admin\AppData\Local\Temp\

C:\Windows\SysWOW64\icacls.exe

icacls C:\Users\Admin\AppData\Local\Temp\ /grant administradores:F /T /C

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Deletar_Arquivos_Temporarios.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Limpador_de_Cache.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Limpeza_automatica.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Painel_Clean.bat"

C:\Windows\SysWOW64\mode.com

MODE 50,17

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\limpar_residuos_.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\4_Limpar_Cache_de_Navegador.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ccleaner64.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ccleaner.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /A /R /D Y /F C:\Users\Admin\AppData\Local\Temp\

C:\Windows\SysWOW64\icacls.exe

icacls C:\Users\Admin\AppData\Local\Temp\ /grant administradores:F /T /C

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Deletar_Arquivos_Temporarios.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Limpador_de_Cache.bat"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Limpeza_automatica.bat"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Diagnostico_e_Telemetria.reg_ex=65fae9f2&is=65e874f2&hm=c6a0d5b02e02d91c6c2720bfbd3c4f51703a8768fcdeaa186f7f0cfcb727aa94&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Ajustes_de_Registro.reg_ex=65fae9f2&is=65e874f2&hm=d125db065583f4cc0c3ff7fb2002cc2dd2c7f6dc3090514bbfebf979ad788b16&"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Painel_Clean.bat"

C:\Windows\SysWOW64\mode.com

MODE 50,17

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Aumentar_Capacidade_de_Resposta.reg_ex=65fae9f2&is=65e874f2&hm=df6165717b607c5f87771df8cd46e5e65023cc6c07e923c0518c24642fe5340c&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Aumente_FPS_nos_Jogos.reg_ex=65fae9f3&is=65e874f3&hm=b0fdca45e45de57b65aea2e54bafc5d3e84fcdabe099507010c72738179e8b7d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_AMS.reg_ex=65fae9f3&is=65e874f3&hm=86a184eb7c98d7a500758a678ca56ed586260836af74df148da73e0ce130ddc0&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_gerenciador_de_mapas.reg_ex=65fae9f3&is=65e874f3&hm=1337082ba339c0397b357aeead04e2a5460f11009768a42214bdca6e52d8e223&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_do_Xbox.reg_ex=65fae9f3&is=65e874f3&hm=1c009cb6ddade04641601cc9cd70cdd2a81fde80f01438efe71abff876a75ff2&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_extras_desnecessarios.reg_ex=65fae9f3&is=65e874f3&hm=5ee15e5419e06ded87f813df69ded2d8f121873c2cdc63e81493b02e421ab054&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_telemetria_e_diagnosticos.reg_ex=65fae9f3&is=65e874f3&hm=f0f7f2008e7ac49465c4cb566da64a72f058774331d0885ebbd661106cc897af&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DESABILITAR_POWER_THROTTLING.reg_ex=65fae9f3&is=65e874f3&hm=bb964de40bb006f9efb071ba8bf74cc38e2c82dbf5ae36c750040702c4b61f0c&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Power_Throttling.reg_ex=65fae9f6&is=65e874f6&hm=27bcdc096487385b183605d452cb383187c7e7e10aed94098be01f895fe2118a&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Power_Throttling2.reg_ex=65fae9f6&is=65e874f6&hm=5587e4f5f19b9ac42d6f6b21882f131042e415a710df3817c36d0cdc617eb56e&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Servicos_Extras_Desnecessarios.reg_ex=65fae9f6&is=65e874f6&hm=c4c5c893ee9ac5530f4743d5eabe483f3cc52a748b2922ea523a72c9d02416c5&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Diagnostico_e_Telemetria.reg_ex=65fae9f2&is=65e874f2&hm=c6a0d5b02e02d91c6c2720bfbd3c4f51703a8768fcdeaa186f7f0cfcb727aa94&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Ajustes_de_Registro.reg_ex=65fae9f2&is=65e874f2&hm=d125db065583f4cc0c3ff7fb2002cc2dd2c7f6dc3090514bbfebf979ad788b16&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Aumentar_Capacidade_de_Resposta.reg_ex=65fae9f2&is=65e874f2&hm=df6165717b607c5f87771df8cd46e5e65023cc6c07e923c0518c24642fe5340c&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Aumente_FPS_nos_Jogos.reg_ex=65fae9f3&is=65e874f3&hm=b0fdca45e45de57b65aea2e54bafc5d3e84fcdabe099507010c72738179e8b7d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_AMS.reg_ex=65fae9f3&is=65e874f3&hm=86a184eb7c98d7a500758a678ca56ed586260836af74df148da73e0ce130ddc0&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_gerenciador_de_mapas.reg_ex=65fae9f3&is=65e874f3&hm=1337082ba339c0397b357aeead04e2a5460f11009768a42214bdca6e52d8e223&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_do_Xbox.reg_ex=65fae9f3&is=65e874f3&hm=1c009cb6ddade04641601cc9cd70cdd2a81fde80f01438efe71abff876a75ff2&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_extras_desnecessarios.reg_ex=65fae9f3&is=65e874f3&hm=5ee15e5419e06ded87f813df69ded2d8f121873c2cdc63e81493b02e421ab054&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desabilitar_telemetria_e_diagnosticos.reg_ex=65fae9f3&is=65e874f3&hm=f0f7f2008e7ac49465c4cb566da64a72f058774331d0885ebbd661106cc897af&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DESABILITAR_POWER_THROTTLING.reg_ex=65fae9f3&is=65e874f3&hm=bb964de40bb006f9efb071ba8bf74cc38e2c82dbf5ae36c750040702c4b61f0c&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Power_Throttling.reg_ex=65fae9f6&is=65e874f6&hm=27bcdc096487385b183605d452cb383187c7e7e10aed94098be01f895fe2118a&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Power_Throttling2.reg_ex=65fae9f6&is=65e874f6&hm=5587e4f5f19b9ac42d6f6b21882f131042e415a710df3817c36d0cdc617eb56e&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Desativar_Servicos_Extras_Desnecessarios.reg_ex=65fae9f6&is=65e874f6&hm=c4c5c893ee9ac5530f4743d5eabe483f3cc52a748b2922ea523a72c9d02416c5&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\16GB_Ram.reg_ex=65faf641&is=65e88141&hm=17dce702b1bde56d8148b833ae3c02b3d067607ed54d859ef5ff0bc0945cd82e&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\BOOST_PING.reg_ex=65faf2fe&is=65e87dfe&hm=71dce47654197a835e2c42fdefa38ad624b57a6b00fa201014ab619d0c0bcc4b&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\latencia_ultra_baixa.reg_ex=65faf2fe&is=65e87dfe&hm=9bb4a29dbe1942a5805e45d25f6eb39c7fbb054c3301b09a7d0b06dcc57a4120&"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\SO_PRA_WINDOWNS_10.bat"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 83.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 keyauth.uk udp
US 188.114.97.2:443 keyauth.uk tcp
US 8.8.8.8:53 keyauth.win udp
US 172.67.72.57:443 keyauth.win tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 100.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 187.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
NL 52.111.243.31:443 tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
GB 96.17.178.187:80 tcp

Files

memory/1528-0-0x0000000075280000-0x0000000075A30000-memory.dmp

memory/1528-1-0x00000000000F0000-0x000000000093C000-memory.dmp

memory/1528-2-0x0000000005870000-0x0000000005E14000-memory.dmp

memory/1528-3-0x0000000005360000-0x00000000053F2000-memory.dmp

memory/1528-4-0x00000000052B0000-0x00000000052C0000-memory.dmp

memory/1528-5-0x0000000005350000-0x000000000535A000-memory.dmp

memory/1528-6-0x0000000005E20000-0x00000000061F6000-memory.dmp

memory/1528-7-0x00000000056D0000-0x000000000581E000-memory.dmp

memory/1528-8-0x0000000005840000-0x0000000005854000-memory.dmp

memory/1528-9-0x00000000052B0000-0x00000000052C0000-memory.dmp

memory/1528-10-0x0000000007960000-0x0000000007972000-memory.dmp

memory/1528-11-0x0000000006D00000-0x0000000006D3C000-memory.dmp

memory/1528-12-0x0000000006EF0000-0x0000000006F8C000-memory.dmp

memory/1528-13-0x0000000006E80000-0x0000000006E90000-memory.dmp

memory/1528-14-0x0000000075280000-0x0000000075A30000-memory.dmp

memory/1528-15-0x00000000052B0000-0x00000000052C0000-memory.dmp

memory/1528-16-0x00000000052B0000-0x00000000052C0000-memory.dmp

memory/1528-17-0x00000000052B0000-0x00000000052C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\limpar_residuos_.bat

MD5 1d8915bae10aab86945d52d7a0b46454
SHA1 4ceeaf404fdcb418405c6d261f561059f81e129a
SHA256 9812d96b16b82d44060f4da72a1ef6d49b0d7b25361c57ff9ff251c43027832c
SHA512 a0cddb5f97674ecd3067583fa604730095701bf010f294d9007b36d708274c8714aec66e8320fdd3197a9c1c4041b27d18285f73d502d53aa953893833911e86

C:\Users\Admin\AppData\Local\Temp\4_Limpar_Cache_de_Navegador.bat

MD5 280a2bb1d32aa4cb7de26c4433f88c10
SHA1 48b285ccb69358c25b7ce68c3436e31c506389d4
SHA256 a62aa8843d3abb7308ac89cf1d109bf47073949a8e6fa77f12fe4c98e4d08d6a
SHA512 f64ffb1d88d33066e39ebfcc19fc10ee40c28380389674b7af57e8d13a434cb8acc2bdbdbe63e3aca2435df636e65850d34a247b1f96043b11916c69c6e0c7cf

C:\Users\Admin\AppData\Local\Temp\Deletar_Arquivos_Temporarios.bat

MD5 113d18ab90d083d64af29e80c86a6c49
SHA1 daf71c0f1a767b4f3011fe6d68b369d284dc0357
SHA256 aff91a4ea10ed45c89fd9f3a458750b6e8ef20fc1f183badc9f8146db96aa097
SHA512 4dc0b89012da0167f9a5872a1e28beb56ff7807814f0d1bedb0747ff29006a7d971b6fbad9e9df4751f15b5eb21b0b4704e201989cab36f1dc27c8626ef51d44

C:\Users\Admin\AppData\Local\Temp\Limpador_de_Cache.bat

MD5 2c2fa1a1b68ab3009c4005796c5fe33b
SHA1 c99e99b62fe3e5319805a3652ba9c0b9d2281788
SHA256 23fcccb30f22d62fc0298cd5b30438bdbb1306ee805d7eda9c9f89cf0f8d1390
SHA512 083f7171e7e9f0e7f7b74aac33d3daf4848780b50dd1e0db00442a023007e372bada84d14bd1a9f290dcfbc7869ac30cf6d94cf747f37edc89019c11689193fc

C:\Users\Admin\AppData\Local\Temp\Limpeza_automatica.bat

MD5 b741f2a2026378cfc69acc3393eba109
SHA1 1066d6b0b1648d291a635f0dd0ca3b3d3e68b8a8
SHA256 e0d757843483dadf7e2f51a526f8dbdfa2091e3a32133833535c0622ea082f84
SHA512 def0b6a0e2fc776051e54fe95818b7a7a68905c3c38824d691ff092bb62c5502084d2f435cf4935e5c49fc131165efac03c116ab1f6ef8aaeb5e0a003067c63f

C:\Users\Admin\AppData\Local\Temp\Painel_Clean.bat

MD5 9a5833524990f15c3816903b4445a5b6
SHA1 e4cd8951424ae046306b2345fe62aded76015ca5
SHA256 5ba6427dead66427f6e543888305b57c294d8388f5b9d59ce5e6183d5bf74324
SHA512 d972c588bb997139f1de67c23853c706f20585c7bce92b033ff6672c38a8c840f7435ae0a75708abf1de716a30fa0bce837c2ffff98beea10f404247eb9ee016

memory/1528-42-0x00000000052B0000-0x00000000052C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Desativar_Diagnostico_e_Telemetria.reg_ex=65fae9f2&is=65e874f2&hm=c6a0d5b02e02d91c6c2720bfbd3c4f51703a8768fcdeaa186f7f0cfcb727aa94&

MD5 bad9a84e048fe168f1ec9e1ca8e1549f
SHA1 364667b8567eb30c84f4e94ab44e163106b0fb5c
SHA256 f557a74e857c3b02577f7fbb105c37eebc9a798172be3216d99d9240c816063b
SHA512 60970dbf641f6bc4a6a7bc86ad4685e4d405ae0c833d12635995dd513c4e6fe1215365f6155ce8459e376e92188e01e2d325e5a5d9199fb2fe43cc9a3fd741d3

C:\Users\Admin\AppData\Local\Temp\Ajustes_de_Registro.reg_ex=65fae9f2&is=65e874f2&hm=d125db065583f4cc0c3ff7fb2002cc2dd2c7f6dc3090514bbfebf979ad788b16&

MD5 bcff2d78f496c517c275738f4e3d24a3
SHA1 8d0985f2d79c093cf0b2d640972af39bcb4a1a98
SHA256 7ef7b6062f3adf01d35d48e6cb9b91ab9fdbbf204bb28f9f95879bfc4d8aebd5
SHA512 ced78e5924d177a73ee36b16231781023a095d15a10a02573816bbea7f6023ce48eeb17d1f6487457c25c2a5e0858b6eff11c914de8c2e76a69521ae437b164e

C:\Users\Admin\AppData\Local\Temp\Aumentar_Capacidade_de_Resposta.reg_ex=65fae9f2&is=65e874f2&hm=df6165717b607c5f87771df8cd46e5e65023cc6c07e923c0518c24642fe5340c&

MD5 c1e6f84cf8ce8ab5aa8e1efd100f3cfe
SHA1 93daeab2ccad66c67242619215e9447d5021bf1b
SHA256 297bfbed6e72f2bff70cf74124720dbccc5e672a60207167d55005438e809002
SHA512 bc22e44ec348f5d12b59ab67fc16a017e1c6900dc4f6960af71e8a85689cdbc87101a0c9002459bd8ea79ed6c4904c851c7ec15b7e2586b25419cff873d2ba94

C:\Users\Admin\AppData\Local\Temp\Aumente_FPS_nos_Jogos.reg_ex=65fae9f3&is=65e874f3&hm=b0fdca45e45de57b65aea2e54bafc5d3e84fcdabe099507010c72738179e8b7d&

MD5 556f113e7ab0cd6ff9786419d52db540
SHA1 49f738ed0bde4ba7ee127e28a2268665eecdefbe
SHA256 d7bde3f4047a9d3f056561abfc2c9564a14684fa31c61284da7b0d0ed5f65931
SHA512 43f5808918287bf3cb709333b0c024b0cc34b1c90518bfbc70e10f6e177dcb4e75c40bd65abcc24e68aff0ecc2fee3b1db1c8bd0b1ab723e1114230a2344b652

C:\Users\Admin\AppData\Local\Temp\Desabilitar_AMS.reg_ex=65fae9f3&is=65e874f3&hm=86a184eb7c98d7a500758a678ca56ed586260836af74df148da73e0ce130ddc0&

MD5 66ffb562a36cadd895cf4469cab69658
SHA1 f74ef7ef38647bca947619127053fb199ad258a9
SHA256 08cc5dbfb93de534e59974b2d35a9bd3e700d579eb884b33c241659af0773d25
SHA512 baaac32642c3dc29177306ce0edc8b14a626f7eb9696d3b193a5ec3f0127277844cc90df0927248699a643d1c66fa46ee1a7c56d9d811c3affa8cd9fc06afc4b

C:\Users\Admin\AppData\Local\Temp\Desabilitar_gerenciador_de_mapas.reg_ex=65fae9f3&is=65e874f3&hm=1337082ba339c0397b357aeead04e2a5460f11009768a42214bdca6e52d8e223&

MD5 3e0e9fcd20fc2bd38f5b0eb3efc282d4
SHA1 76179bcc36016bf8dd0566320005df91a082dfcf
SHA256 57f1c79ef4929d5246b196f6f7db9fc95cdbb5379627170fde6e390eb26909b3
SHA512 0d29c6ad8b8be419d5db1e4cf52eca00aaa7f9a73f5cff8817efcfc1aee2738cee37693f668eea1e6e44c5d2117ef1e2b105e2f0a74e667a4e7f085d68a666d3

C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_do_Xbox.reg_ex=65fae9f3&is=65e874f3&hm=1c009cb6ddade04641601cc9cd70cdd2a81fde80f01438efe71abff876a75ff2&

MD5 1c9f493edc27438382f56e0d3db74571
SHA1 15c3592cd3f8dff834fa0f00e5d772aec9a84365
SHA256 92533ff3527f364359a39be02999e2c9bd3638bfda0058bdaf2e0524dbdee59b
SHA512 b03b88960a0d2fc40193b9dd3cbd778a7287d8ffd7582f33af11114e34f94f077096f56c7087dde9e2f392ee344bda44a9b532d74e58085601d39b74967214a1

C:\Users\Admin\AppData\Local\Temp\Desabilitar_servicos_extras_desnecessarios.reg_ex=65fae9f3&is=65e874f3&hm=5ee15e5419e06ded87f813df69ded2d8f121873c2cdc63e81493b02e421ab054&

MD5 a24b71a05f46cba8404c173401eb871b
SHA1 9013ce0be4774e40bef0fefadd4aca58e4bba647
SHA256 7dc7038c754f1fd2799ba6d4e09ce71d3e42970364ba10ead303c6e538b2e96a
SHA512 186165e1a924a8fb9e967cc383a6d57fee7c02caa917010154262295a29c6802ee3a94506b58541d1203f054bca05d2118d5d5c42fae8a4c26aa7d3aee05037b

C:\Users\Admin\AppData\Local\Temp\Desabilitar_telemetria_e_diagnosticos.reg_ex=65fae9f3&is=65e874f3&hm=f0f7f2008e7ac49465c4cb566da64a72f058774331d0885ebbd661106cc897af&

MD5 91ef7ad21383c9d98de76ac2b5a1139f
SHA1 f300b7c21a73236388322e9ce4a2c44ea057bc82
SHA256 cc9a7213b918ee12fe92aa0afd4bef4645de80dfec97cff4446a8fe8ec30678c
SHA512 c18444f6491c12e2046ded3f5f2130d7938f7a145cda3e6a3c3861efb993c5839a7ac4555d8fefa07893a648cf1f7978c2684133d45cc35772b23628acf9cbfa

C:\Users\Admin\AppData\Local\Temp\DESABILITAR_POWER_THROTTLING.reg_ex=65fae9f3&is=65e874f3&hm=bb964de40bb006f9efb071ba8bf74cc38e2c82dbf5ae36c750040702c4b61f0c&

MD5 7648619f39a1f30b7ac71f236ba01798
SHA1 343e39b8d3b54ffb2d6e765f3d6248f9c2a6cfc3
SHA256 ea80154db4d06c26acd384576f83d1eb05ea0bf6e38199fbb764e4e1e78f8593
SHA512 01492ba609ff03524e32fc99d364a83866334006a9e442dcc88ff9623abdc203926ebd4e092c551ae53836d79bfdd7c79bb7712cd90f7237c774ace0cd97990d

C:\Users\Admin\AppData\Local\Temp\Desativar_Power_Throttling.reg_ex=65fae9f6&is=65e874f6&hm=27bcdc096487385b183605d452cb383187c7e7e10aed94098be01f895fe2118a&

MD5 475622ab39f8f5889da7b6d83ce3bf39
SHA1 13a863ec7237e7a7a919a8d87ed25ec575e7cc9c
SHA256 39336e4da196672cffc27d01b7a5b9f7358a919605dba440b011d67ed4c79b0a
SHA512 6a7abaca11499714bb056a6785b1b7de284f305dab0b6c02fc8c6314f761b400b1bae7d3addfb12baf8ee6c1ca2c1131d130c5c3c2807037fac5556a80d2ba9c

C:\Users\Admin\AppData\Local\Temp\Desativar_Servicos_Extras_Desnecessarios.reg_ex=65fae9f6&is=65e874f6&hm=c4c5c893ee9ac5530f4743d5eabe483f3cc52a748b2922ea523a72c9d02416c5&

MD5 2c51577162e31aa48322b7a48b5682c5
SHA1 d141f1570cf42455af71414cbfd466289c677057
SHA256 b3e89f97f5b5b3d64f528ef788484a623563fef8db2052f6bd3daf363e7649b6
SHA512 ad8bcb44acd11941c7bffd550d3a3bc03f0da58d626791c6af9865973491459fb56b835ad1ca939d3588a9257b4907fe88ba1db3e25f26363fc13ea51c0c6427

C:\Users\Admin\AppData\Local\Temp\Fix_delay.reg_ex=65faf16e&is=65e87c6e&hm=c10b718ca13d4ec380e26ce2cd880f07a48b2c76059d45f674866f73a446aa1d&

MD5 8669d125c81ed14d2ff722e5c86df072
SHA1 ee9ec858483d04a7cdbbb4f69803ed299e0a39fb
SHA256 df188d1be79d14accfb19af7477dccb4043b780a9ac3049213262696c815be56
SHA512 e366d71ccc7894df1975a5803213473793b82345b363b8a43dd2d44bee1e04c16ce701ba35907ab7a15a79fe7a1cc6af3e00c4ac44984e331bad862addc8897a

C:\Users\Admin\AppData\Local\Temp\Correcao_de_tela_inteira.reg_ex=65faf16e&is=65e87c6e&hm=a431613bca659e231fa03024153900f6e006250d74190eb98143673dcbf656b1&

MD5 1efa1f60f8b3847337395c99b52aa7cc
SHA1 71800f784787d4a51538e267cfe80c7eeac73f20
SHA256 7628f075e97778b7db2934c93867e7215a15e72245fe5cf60516d65555e54d39
SHA512 ff00dc633c51dd903db4795c18791ca64240a77181a9014a8a4137a7c725d07f775b56bd6302408b38e9ebb077aa1fc095629649c782e0799a48375fe742e01c

C:\Users\Admin\AppData\Local\Temp\DELAY_TELA.reg_ex=65faf16e&is=65e87c6e&hm=3453271cda331dcb2cc177c5647e97cd8299a96e2c1b0dca1c285722ad361d53&

MD5 b3f892eed310b4474886c017a7bc625f
SHA1 01604bee1bb85201f9970678a8c5f4564c4e941d
SHA256 fc6716f45a621d203764c4386402d6edb0ff749929de58750500368535d66c5e
SHA512 71ceabcb9645f5b7ed49c5a09a2536f71287b4e1b4dfa50f2521cfdf0258068be6c9953607203c9c784a065ac6fac7e48481a7ba85d8e5b0e023e4137d2d270f

C:\Users\Admin\AppData\Local\Temp\16GB_Ram.reg_ex=65faf641&is=65e88141&hm=17dce702b1bde56d8148b833ae3c02b3d067607ed54d859ef5ff0bc0945cd82e&

MD5 ffdf200411c966acec75b96b695d7b56
SHA1 3d09a59e0210478a862ead643d2de354dc76ae66
SHA256 a27cf71bd1a628a48ea81aaca3f3665acdbbc77cce85c9a97ce4634ddb26f963
SHA512 107a593abf311bafad7a9ec41ebd0bdead3c7b6a7da647d14df7e924ebb9c6bd111bcce6e732e43716bf9783314cd208d2b837297fa4f606087e4a5e61ac16a6

C:\Users\Admin\AppData\Local\Temp\BOOST_PING.reg_ex=65faf2fe&is=65e87dfe&hm=71dce47654197a835e2c42fdefa38ad624b57a6b00fa201014ab619d0c0bcc4b&

MD5 f477d82dd392483e1a21ada25a74b686
SHA1 e235f896752d2402c0e289244082976f2f56d120
SHA256 7c007a70bf7548469aebe6d7381c8eda966d9958aacb8c54a62cee879890aadd
SHA512 134ddfeef872eec62837884d0de8a35ce87b962f39ddd4dc7e107852cec946966889d7826c6de28f59d0f8a3302d90fbfb9690772cfbeeae79b7119ef0837099

C:\Users\Admin\AppData\Local\Temp\latencia_ultra_baixa.reg_ex=65faf2fe&is=65e87dfe&hm=9bb4a29dbe1942a5805e45d25f6eb39c7fbb054c3301b09a7d0b06dcc57a4120&

MD5 c7f291dd50f8e18c98be91c7bba9d95b
SHA1 3913b3e0adcdd0f7e89c2ed09c6e3b1f09dbd66d
SHA256 ba35f79ce9a189ce9ea27e172a66abdc3c1b9624ca1b1a5954a17570838f4688
SHA512 531d300da9464865bb0e5ee5b38854088a76f047267aeb3467f9198c9f15e1337ff18b46bb813edc2590ff45f31829aa3e9a31fc7dd94c2e75e2f1681cda1d02

C:\Users\Admin\AppData\Local\Temp\SO_PRA_WINDOWNS_10.bat

MD5 b181bd58d14e911789130277feea4ee2
SHA1 75a42db5cffaeea2e987d72f8e645b69f3f01a26
SHA256 13417a9f8069db2ef364fceb14ae8f7fe8677b33233d5a875ae279d50376fd89
SHA512 b1672b662e57abbe93386945903b22e9ccba0ccfbf1c05b53b0ae8bc1e80d692066f0ab179fc033edf091020eb5a63a90bdb744c5e67b75456961f3af9766b10

memory/1528-170-0x0000000075280000-0x0000000075A30000-memory.dmp