Overview
overview
9Static
static
3Cleaner1 R...IN.bat
windows7-x64
8Cleaner1 R...IN.bat
windows10-2004-x64
8Cleaner2.bat
windows7-x64
7Cleaner2.bat
windows10-2004-x64
1Cleaner3.bat
windows7-x64
1Cleaner3.bat
windows10-2004-x64
1Cleaner4.bat
windows7-x64
8Cleaner4.bat
windows10-2004-x64
8Cleaner5.bat
windows7-x64
7Cleaner5.bat
windows10-2004-x64
5Cleaner6.bat
windows7-x64
7Cleaner6.bat
windows10-2004-x64
7Cleaner7.bat
windows7-x64
8Cleaner7.bat
windows10-2004-x64
8MAC.cmd
windows7-x64
1MAC.cmd
windows10-2004-x64
1PH Spoofer.exe
windows7-x64
9PH Spoofer.exe
windows10-2004-x64
9Analysis
-
max time kernel
1742s -
max time network
1715s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 02:21
Static task
static1
Behavioral task
behavioral1
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
Cleaner2.bat
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
Cleaner2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Cleaner3.bat
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
Cleaner3.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Cleaner4.bat
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
Cleaner4.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
Cleaner5.bat
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
Cleaner5.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Cleaner6.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Cleaner6.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Cleaner7.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Cleaner7.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
MAC.cmd
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
MAC.cmd
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
PH Spoofer.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
PH Spoofer.exe
Resource
win10v2004-20240419-en
General
-
Target
Cleaner6.bat
-
Size
543KB
-
MD5
9d39831f2328903820a7359ac3e479a8
-
SHA1
2f2e720ed9b1462e5cdc8bc1d3a7e11fad6a887c
-
SHA256
4769a969888d95e0594ac296c3b7cf593dbb26bd7d27a47dc2c59022c0675263
-
SHA512
dad147bf672e4d0e69524e8103f715d133e21790ed7e3c065a02722e36c05e3e3dd9bac633da1b3eaa509a41caac46841261258478b9ad9c0aea7aea42d4204d
-
SSDEEP
1536:/sq0dLLLlL7LBL7vXgjIcHwL7DZQLwUDOmE8i/0fj8l9q0dLLLlL7LBL7vXgjcUQ:rLcUFivZ7jvzYx8+9oNQ0OL+
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
cmd.exedescription ioc process File opened (read-only) \??\E: cmd.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
reg.exereg.exereg.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe -
Enumerates system info in registry 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "Neutron-4852" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "Neutron-74502933632383" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct = "Neutron-10535" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "/ve" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion = "Neutron-14484" reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "/ve" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion = "Neutron-6135" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-309031246961" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "Neutron-17589" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "/ve" reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "Neutron-20907" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU = "Neutron-28620" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-1576" reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "/ve" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "Neutron-23761061028660" reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-7197" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct = "Neutron-10803" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU = "Neutron-24553" reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily = "Neutron-27919" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-32335968711206" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily reg.exe -
Kills process with taskkill 23 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 1868 taskkill.exe 3608 taskkill.exe 3296 taskkill.exe 3652 taskkill.exe 2384 taskkill.exe 5044 taskkill.exe 4432 taskkill.exe 4660 taskkill.exe 3652 taskkill.exe 1388 taskkill.exe 2820 taskkill.exe 4776 taskkill.exe 3220 taskkill.exe 3652 taskkill.exe 1936 taskkill.exe 1212 taskkill.exe 3724 taskkill.exe 4576 taskkill.exe 1920 taskkill.exe 2912 taskkill.exe 888 taskkill.exe 4464 taskkill.exe 3284 taskkill.exe -
Modifies registry class 21 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12 reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12 reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command reg.exe Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe -
Modifies registry key 1 TTPs 27 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 3460 reg.exe 3028 reg.exe 1628 reg.exe 3028 reg.exe 2744 reg.exe 380 reg.exe 4664 reg.exe 884 reg.exe 4772 reg.exe 376 reg.exe 4016 reg.exe 4228 reg.exe 4608 reg.exe 4216 reg.exe 1840 reg.exe 3348 reg.exe 4516 reg.exe 1400 reg.exe 4172 reg.exe 5068 reg.exe 3976 reg.exe 4472 reg.exe 1884 reg.exe 3608 reg.exe 1168 reg.exe 4120 reg.exe 2740 reg.exe -
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 1868 taskkill.exe Token: SeDebugPrivilege 4660 taskkill.exe Token: SeDebugPrivilege 3608 taskkill.exe Token: SeDebugPrivilege 2912 taskkill.exe Token: SeDebugPrivilege 3296 taskkill.exe Token: SeDebugPrivilege 3652 taskkill.exe Token: SeDebugPrivilege 1388 taskkill.exe Token: SeDebugPrivilege 3220 taskkill.exe Token: SeDebugPrivilege 2820 taskkill.exe Token: SeDebugPrivilege 888 taskkill.exe Token: SeDebugPrivilege 3652 taskkill.exe Token: SeDebugPrivilege 4464 taskkill.exe Token: SeDebugPrivilege 3284 taskkill.exe Token: SeDebugPrivilege 2384 taskkill.exe Token: SeDebugPrivilege 1212 taskkill.exe Token: SeDebugPrivilege 3724 taskkill.exe Token: SeDebugPrivilege 3652 taskkill.exe Token: SeDebugPrivilege 5044 taskkill.exe Token: SeDebugPrivilege 4432 taskkill.exe Token: SeDebugPrivilege 4576 taskkill.exe Token: SeDebugPrivilege 1920 taskkill.exe Token: SeDebugPrivilege 1936 taskkill.exe Token: SeDebugPrivilege 4776 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.exedescription pid process target process PID 4928 wrote to memory of 1868 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 1868 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 4660 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 4660 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3608 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3608 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 2912 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 2912 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3296 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3296 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3652 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3652 4928 cmd.exe taskkill.exe PID 4928 wrote to memory of 3156 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 3156 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 3600 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 3600 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 5100 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 5100 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 1328 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 1328 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 4752 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 4752 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 2152 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 2152 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 1936 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 1936 4928 cmd.exe cmd.exe PID 4928 wrote to memory of 1376 4928 cmd.exe reg.exe PID 4928 wrote to memory of 1376 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5080 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5080 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3752 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3752 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2608 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2608 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2448 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2448 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3284 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3284 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3580 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3580 4928 cmd.exe reg.exe PID 4928 wrote to memory of 808 4928 cmd.exe reg.exe PID 4928 wrote to memory of 808 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2412 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2412 4928 cmd.exe reg.exe PID 4928 wrote to memory of 1212 4928 cmd.exe reg.exe PID 4928 wrote to memory of 1212 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5028 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5028 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3192 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3192 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5040 4928 cmd.exe reg.exe PID 4928 wrote to memory of 5040 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2796 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2796 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3232 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3232 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2604 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2604 4928 cmd.exe reg.exe PID 4928 wrote to memory of 624 4928 cmd.exe reg.exe PID 4928 wrote to memory of 624 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3516 4928 cmd.exe reg.exe PID 4928 wrote to memory of 3516 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2276 4928 cmd.exe reg.exe PID 4928 wrote to memory of 2276 4928 cmd.exe reg.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Cleaner6.bat"1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:4928 -
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1868 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4660 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3608 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2912 -
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3296 -
C:\Windows\system32\taskkill.exetaskkill /f /im EpicGamesLauncher.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3652 -
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\Logs\*.* "2⤵PID:3156
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\Service Worker\CacheStorage\*.* "2⤵PID:3600
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\GPUCache\*.* "2⤵PID:5100
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Config\WindowsClient\*.* "2⤵PID:1328
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\*.* "2⤵PID:4752
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\LMS\*.* "2⤵PID:2152
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Cloud\*.* "2⤵PID:1936
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\DefaultIcon" /ve /f2⤵PID:1376
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\shell\open\command" /ve /f2⤵PID:5080
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /v "24" /f2⤵PID:3752
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /f2⤵PID:2608
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /ve /f2⤵PID:2448
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /f2⤵
- Modifies registry class
PID:3284 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /ve /f2⤵PID:3580
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /f2⤵
- Modifies registry class
PID:808 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0" /v "12" /f2⤵PID:2412
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /v "0" /f2⤵PID:1212
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /f2⤵
- Modifies registry class
PID:5028 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0" /v "0" /f2⤵PID:3192
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /v "1" /f2⤵PID:5040
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /f2⤵
- Modifies registry class
PID:2796 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "7" /f2⤵PID:3232
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "8" /f2⤵PID:2604
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8" /v "0" /f2⤵PID:624
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /v "0" /f2⤵PID:3516
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /f2⤵
- Modifies registry class
PID:2276 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0" /v "0" /f2⤵PID:4716
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /v "0" /f2⤵PID:4836
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /f2⤵
- Modifies registry class
PID:4628 -
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:544
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:1620
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵PID:4200
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵PID:1516
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:4708 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:1560 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:3064 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:1772
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:3204
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:1744
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:4972
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:4240
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:1020
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵PID:4764
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:4172
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:3528
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵PID:3584
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵PID:3760
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵PID:3732
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵PID:4128
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵PID:3576
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵PID:1892
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵PID:4984
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵PID:2744
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵PID:2644
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵PID:3212
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵PID:1348
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵PID:4496
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵PID:3152
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵PID:4756
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵PID:5032
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵PID:2792
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵PID:708
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵PID:3244
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵PID:816
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵PID:4904
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵PID:2324
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵PID:4168
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵PID:4460
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵PID:4440
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵PID:4080
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵PID:2512
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵PID:384
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵PID:920
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵PID:1780
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵PID:4596
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵PID:4248
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-23761061028660 /f2⤵
- Enumerates system info in registry
PID:2912 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-74502933632383 /f2⤵
- Enumerates system info in registry
PID:4512 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-309031246961 /f2⤵
- Enumerates system info in registry
PID:840 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-25154266319868 /f2⤵PID:888
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-302083071519714 /f2⤵PID:4792
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-6072259727491 /f2⤵PID:2328
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-19848182179484 /f2⤵PID:2092
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d Neutron-2720112117661 /f2⤵PID:3368
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d Neutron-306812360832180 /f2⤵PID:2932
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d Neutron-7462922619683 /f2⤵PID:3788
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d Neutron-46702282731575 /f2⤵PID:3156
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d Neutron-15396799929470 /f2⤵PID:3600
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d Neutron-304291861627213 /f2⤵PID:5100
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-299021062026895 /f2⤵PID:2652
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-17133594912670 /f2⤵PID:1804
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-9819853530293 /f2⤵PID:4584
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-2802535608826 /f2⤵PID:2304
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-114783083819627 /f2⤵PID:4776
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-13442779512626 /f2⤵PID:3032
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-10525334726334 /f2⤵PID:3252
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-208372029828064 /f2⤵PID:4648
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-6465221148996 /f2⤵PID:4656
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-91792110317278 /f2⤵PID:4224
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-335824643889 /f2⤵PID:2384
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-322132994226215 /f2⤵PID:528
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-126131844124274 /f2⤵PID:1704
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-144967178492 /f2⤵PID:4672
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-24207390625668 /f2⤵PID:3724
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-27842184628038 /f2⤵PID:4484
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-263503142011632 /f2⤵PID:4788
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-164892609631474 /f2⤵PID:780
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-2139902720437 /f2⤵PID:4412
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-15919489332720 /f2⤵PID:4572
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-217471094729912 /f2⤵PID:4220
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-4731272948450 /f2⤵PID:4012
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-29759883739 /f2⤵PID:432
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-2342752815231 /f2⤵PID:4084
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-242791306221506 /f2⤵PID:2436
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-204552287314481 /f2⤵PID:1084
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-39451429022646 /f2⤵PID:3136
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-1759288888383 /f2⤵PID:4072
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-80041279325663 /f2⤵PID:1568
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-3758264110888 /f2⤵PID:3020
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-17589 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4516 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct /t REG_SZ /d Neutron-10535 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:3976 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardVersion /t REG_SZ /d Neutron-14484 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:380 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BIOSVersion /t REG_SZ /d Neutron-4852 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:1400 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemFamily /t REG_SZ /d Neutron-27919 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4016 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-22909 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4228 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-16547 /f2⤵
- Modifies registry key
PID:3460 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemSKU /t REG_SZ /d Neutron-28620 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4772 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemVersion /t REG_SZ /d Neutron-14001 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:1840 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-7764 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:3028 -
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-17959" /f2⤵
- Modifies registry class
PID:1168 -
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-14185" /f2⤵
- Modifies registry class
PID:5068 -
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-23204" /f2⤵
- Modifies registry class
PID:3700 -
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-14433" /f2⤵
- Modifies registry class
PID:4896 -
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion" /v "RegisteredOrganization" /t REG_SZ /d "Neutron-909" /f2⤵PID:2284
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-1230" /f2⤵PID:1740
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-26857" /f2⤵PID:2504
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-5233" /f2⤵PID:2164
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-7167" /f2⤵PID:1944
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-29139" /f2⤵PID:2308
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-18957" /f2⤵PID:3704
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-5805" /f2⤵PID:216
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-18835" /f2⤵PID:4048
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-23683" /f2⤵PID:5064
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-32510" /f2⤵PID:1728
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f"2⤵PID:1012
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f"2⤵PID:1684
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f"2⤵PID:3596
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f"2⤵PID:1964
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001" /v HwProfileGuid /t REG_SZ /d {----80} /f2⤵PID:3452
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ----80 /f2⤵PID:1908
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {11036-15298-7106-4893} /f2⤵
- Modifies registry key
PID:1628 -
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {Admin16233} /f2⤵
- Modifies registry key
PID:4472 -
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 14875-26419-29844-2535 /f2⤵
- Modifies registry key
PID:4608 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵PID:4060
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d Desktop24376 /f2⤵
- Modifies registry key
PID:1884 -
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1388 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3220 -
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ /v ComputerName /t REG_SZ /d Neutron-30296 /f2⤵
- Modifies registry key
PID:3608 -
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v Hostname /t REG_SZ /d Neutron-9962 /f2⤵
- Modifies registry key
PID:2740 -
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v "NV Hostname" /t REG_SZ /d Neutron-16850 /f2⤵
- Modifies registry key
PID:4216 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 /v2⤵PID:1016
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2820 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:888 -
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3652 -
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:704
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:4124
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:2900
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:4432
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:2288
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:1328
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:4752
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:2152
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵PID:1936
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ---- /f2⤵PID:3800
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildGUID /t REG_SZ /d ---- /f2⤵PID:4036
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:396
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:2636
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵PID:1836
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵PID:3936
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵PID:2104
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵PID:1384
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵PID:2412
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f2⤵PID:3872
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:3272
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:3192
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵PID:5040
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:2796
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:3232
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f2⤵PID:2604
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:624
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
PID:3516 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵PID:2276
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵PID:4716
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵PID:4836
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵PID:4628
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵PID:1376
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵PID:1620
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵PID:4200
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:1516
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:4708
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:1560
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:3064
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:1772
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:3204
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:1744
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:4972
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat\GamesInstalled: "217;"" /f2⤵PID:4240
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:1020
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:844
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:2760
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:1956
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:4980
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:4920
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f"2⤵PID:376
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f"2⤵PID:1080
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f"2⤵PID:3348
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f"2⤵PID:4664
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2C 0C CE 2A E" /f"2⤵PID:4120
-
C:\Windows\system32\reg.exereg delete "8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵PID:2744
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵PID:2320
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵PID:3212
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵PID:3236
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵PID:4680
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵PID:3152
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵PID:3448
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f"2⤵PID:5000
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f"2⤵PID:408
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f"2⤵PID:3080
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f"2⤵PID:4640
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f"2⤵PID:1664
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f"2⤵PID:756
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f"2⤵PID:4456
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games. /f"2⤵PID:2968
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f"2⤵PID:4024
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Google\\Update\\UsageStats\\Daily\\Counts\\opt_in_uid_generated=" /f2⤵PID:4440
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\EasyAntiCheat\\GamesInstalled=217;" /f2⤵PID:1868
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Path=D:\\Fortnite\\FortniteGame\\Binaries\\Win64\\FortniteClient-Win64-Shipping.exe" /f2⤵PID:1948
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Title=FortniteClient-Win64-Shipping.exe" /f2⤵PID:1072
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Author=Chroma developer" /f2⤵PID:920
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f2⤵PID:3220
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f2⤵PID:3608
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵PID:2740
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵PID:4216
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵PID:1016
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:840
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:4792
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:3364
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:5020
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:1424
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:3368
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f2⤵PID:2932
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:3788
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 70 42 0C 00 0E EB 0C 00 01 00 00 00 00 00 00 00 00 00 03 06 00 01 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 0C 00 00 00 00 00 00 01 00 00 00 01 00 00 00" /f2⤵PID:3156
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f2⤵PID:4576
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f2⤵PID:4568
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f2⤵PID:1328
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f2⤵PID:4752
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:1924
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:4968
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵PID:2508
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:2704
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:2608
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4464 -
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3284 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2384 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1212 -
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3724 -
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵PID:5040
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵PID:2796
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵PID:3232
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f2⤵PID:2604
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:624
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:3516
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵PID:2276
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:4716
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:4836
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f2⤵PID:1084
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:4864
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
PID:4532 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵PID:3132
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵PID:4632
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵PID:1832
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵PID:1532
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵PID:4564
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵PID:4492
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵PID:4372
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\" /f2⤵PID:4068
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\Software\\Epic Games\" /f2⤵PID:3712
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\com.epicgames.launcher\" /f2⤵PID:4164
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\EpicGames\" /f2⤵PID:1840
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Epic Games\" /f2⤵PID:3028
-
C:\Windows\system32\reg.exereg delete \"HKEY_CLASSES_ROOT\\com.epicgames.launcher\" /f2⤵PID:1168
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\Software\\Epic Games\" /f2⤵PID:5068
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Classes\\com.epicgames.launcher\" /f2⤵PID:3628
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\\Unreal Engine\\Hardware Survey\" /f2⤵PID:4896
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\\Unreal Engine\\Identifiers\" /f2⤵PID:2284
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\com.epicgames.launcher\" /f2⤵PID:1740
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\EpicGames\" /f2⤵PID:2504
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\SOFTWARE\\EpicGames\" /f2⤵PID:3572
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:2164
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:2308
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:3704
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:216
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵PID:4048
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:5064
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:1728
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:5004
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:1684
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:3596
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:1964
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3235051776-1179596201-1620534504-1001" /v "\Device\HarddiskVolume4\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe" /f2⤵PID:3452
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵PID:1908
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵PID:4168
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched" /v "{6D809377-6AF0-444B-8957-A3773F02200E}\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe" /f2⤵PID:4472
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched" /f2⤵PID:4608
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView" /v "{6D809377-6AF0-444B-8957-A3773F02200E}\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe" /f2⤵PID:2968
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵PID:1320
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵PID:384
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵PID:532
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win64.json" /f2⤵PID:4660
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵PID:4404
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵PID:4392
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵PID:3492
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win64.json" /f2⤵PID:1440
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵PID:3024
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /f2⤵
- Modifies registry class
PID:3296 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵PID:4916
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\com.epicgames.launcher" /f2⤵PID:3228
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayreg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:936
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3652 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5044 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4432 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq charles*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4576 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1920 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ida*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1936 -
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4776 -
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:3304
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:2448
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:4656
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵PID:4924
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:3580
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:1704
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵PID:528
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵PID:4672
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵PID:3560
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵PID:428
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵PID:3792
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵PID:4144
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵PID:3360
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵PID:1076
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵PID:2296
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵PID:4876
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵PID:2952
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵PID:900
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵PID:4628
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵PID:1376
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵PID:4072
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵PID:3172
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:2212
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:3308
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:3648
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:380
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:1400
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:4016
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:4228
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:3460
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:4772
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:3268
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:3376
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:3528
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:3584
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:3760
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f2⤵PID:3164
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:1080
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:3552
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:2504
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:3572
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵PID:2164
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:2308
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:1348
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵PID:4496
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵PID:4048
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵PID:4756
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵PID:1012
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵PID:2792
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵PID:708
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵PID:1960
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵PID:3128
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵PID:4904
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵PID:756
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵PID:848
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵PID:1888
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵PID:3372
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵PID:1056
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵PID:2132
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵PID:3532
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:2712
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:920
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:4596
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:5056
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:544
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:3492
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:1440
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:3024
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵PID:3296
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵PID:4916
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵PID:3228
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵PID:936
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵PID:704
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵PID:3652
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵PID:1068
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:4784
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵PID:3156
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\Logs\*.* "2⤵PID:3956
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\Service Worker\CacheStorage\*.* "2⤵PID:3248
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\GPUCache\*.* "2⤵PID:4752
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Config\WindowsClient\*.* "2⤵PID:4968
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\*.* "2⤵PID:1924
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\LMS\*.* "2⤵PID:2508
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Cloud\*.* "2⤵PID:4776
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\DefaultIcon" /ve /f2⤵PID:3304
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\shell\open\command" /ve /f2⤵PID:4156
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /v "24" /f2⤵PID:1312
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /f2⤵PID:3284
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /ve /f2⤵PID:2412
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /f2⤵
- Modifies registry class
PID:3272 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /ve /f2⤵PID:4484
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /f2⤵
- Modifies registry class
PID:924 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0" /v "12" /f2⤵PID:2416
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /v "0" /f2⤵PID:3912
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /f2⤵
- Modifies registry class
PID:2356 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0" /v "0" /f2⤵PID:4356
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /v "1" /f2⤵PID:4580
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /f2⤵
- Modifies registry class
PID:3844 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "7" /f2⤵PID:3516
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "8" /f2⤵PID:2276
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8" /v "0" /f2⤵PID:2436
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /v "0" /f2⤵PID:4836
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /f2⤵
- Modifies registry class
PID:1084 -
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0" /v "0" /f2⤵PID:4072
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /v "0" /f2⤵PID:3172
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /f2⤵
- Modifies registry class
PID:2212 -
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:3308
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵PID:3648
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵PID:380
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵PID:1400
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:4016 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:4228 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
PID:3460 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:4772
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:3268
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:3376
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:3528
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:3584
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:3732
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵PID:3656
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d /ve /f2⤵PID:1892
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d /ve /f2⤵PID:4844
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵PID:2504
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵PID:3572
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵PID:2572
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵PID:3704
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵PID:4680
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵PID:216
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵PID:5064
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵PID:1728
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵PID:5004
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵PID:1684
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵PID:4640
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵PID:4360
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵PID:2324
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵PID:1628
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵PID:848
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵PID:1888
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵PID:4440
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵PID:1868
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵PID:4956
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵PID:384
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵PID:532
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵PID:920
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵PID:4596
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵PID:5056
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵PID:544
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵PID:3492
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵PID:1440
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵PID:3024
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵PID:3296
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵PID:4916
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵PID:3228
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-327546907981 /f2⤵
- Enumerates system info in registry
PID:936 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-11480481723245 /f2⤵
- Enumerates system info in registry
PID:704 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-32335968711206 /f2⤵
- Enumerates system info in registry
PID:3652 -
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-195347147233 /f2⤵PID:1068
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-24605150846250 /f2⤵PID:4784
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-28830990122127 /f2⤵PID:4568
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-26505206162130 /f2⤵PID:5100
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d Neutron-29076233430973 /f2⤵PID:2480
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d Neutron-13469511225443 /f2⤵PID:1920
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d Neutron-242016925400 /f2⤵PID:4584
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d Neutron-603430731777 /f2⤵PID:3032
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d Neutron-1007112026766 /f2⤵PID:396
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d Neutron-213772825627824 /f2⤵PID:3252
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-24938242994940 /f2⤵PID:2448
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-285931160632155 /f2⤵PID:4464
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-113012090324621 /f2⤵PID:4924
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-16428906815906 /f2⤵PID:4604
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-3022030172185 /f2⤵PID:2384
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-323621304113117 /f2⤵PID:5028
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-93772196224002 /f2⤵PID:1544
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-125903170830766 /f2⤵PID:2152
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-11410615428071 /f2⤵PID:5040
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-20209179532847 /f2⤵PID:2796
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-24083275231905 /f2⤵PID:3232
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-21461422527363 /f2⤵PID:2604
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-96642876829126 /f2⤵PID:624
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-43331328219064 /f2⤵PID:3788
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-17986676929870 /f2⤵PID:4876
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-64721087128456 /f2⤵PID:4716
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-63492134924820 /f2⤵PID:3324
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-52322686221583 /f2⤵PID:3820
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-303481789519470 /f2⤵PID:1376
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-22948683731801 /f2⤵PID:1568
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-7582472322318 /f2⤵PID:1516
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-220701562130612 /f2⤵PID:4516
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-27365618427183 /f2⤵PID:1832
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-226141947913667 /f2⤵PID:1532
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-28230240575561 /f2⤵PID:1772
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-6173652011134 /f2⤵PID:3204
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-2562370402586 /f2⤵PID:1744
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-57562578727646 /f2⤵PID:4972
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-23460107727568 /f2⤵PID:4240
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-168691817222054 /f2⤵PID:4764
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-12103 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4172 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct /t REG_SZ /d Neutron-10803 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:3028 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardVersion /t REG_SZ /d Neutron-6135 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:1168 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BIOSVersion /t REG_SZ /d Neutron-7877 /f2⤵
- Modifies registry key
PID:5068 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemFamily /t REG_SZ /d Neutron-5882 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:376 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-20907 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:3348 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-7197 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4664 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemSKU /t REG_SZ /d Neutron-24553 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:4120 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemVersion /t REG_SZ /d Neutron-13071 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:2744 -
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-1576 /f2⤵
- Enumerates system info in registry
- Modifies registry key
PID:884 -
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-28332" /f2⤵
- Modifies registry class
PID:2164 -
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-31076" /f2⤵
- Modifies registry class
PID:4892 -
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-3936" /f2⤵
- Modifies registry class
PID:2876 -
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-25138" /f2⤵
- Modifies registry class
PID:3152 -
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion" /v "RegisteredOrganization" /t REG_SZ /d "Neutron-17888" /f2⤵PID:5032
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-30488" /f2⤵PID:4760
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-15512" /f2⤵PID:4848
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-22223" /f2⤵PID:3080
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-9586" /f2⤵PID:3596
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-2406" /f2⤵PID:1664
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-14048" /f2⤵PID:4904
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-1947" /f2⤵PID:4936
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-6750" /f2⤵PID:4472
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-25066" /f2⤵PID:4608
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-8124" /f2⤵PID:1884
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\LMS\Manifest.sav" "2⤵PID:2512
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\BattlEye" "2⤵PID:2336
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\BattlEye" do rmdir "%p" "2⤵PID:3532
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CEF" "2⤵PID:4660
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CEF" do rmdir "%p" "2⤵PID:3220
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Comms" "2⤵PID:3608
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Comms" do rmdir "%p" "2⤵PID:3556
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform" "2⤵PID:5056
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform" do rmdir "%p" "2⤵PID:4512
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CrashDumps" "2⤵PID:1108
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CrashDumps" do rmdir "%p" "2⤵PID:4388
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CrashReportClient" "2⤵PID:1792
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CrashReportClient" do rmdir "%p" "2⤵PID:888
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\D3DSCache" "2⤵PID:5020
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\D3DSCache" do rmdir "%p" "2⤵PID:3688
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\DBG" "2⤵PID:3240
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\DBG" do rmdir "%p" "2⤵PID:2900
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\EpicGamesLauncher" "2⤵PID:704
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\EpicGamesLauncher" do rmdir "%p" "2⤵PID:3652
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\FortniteGame" "2⤵PID:1068
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\FortniteGame" do rmdir "%p" "2⤵PID:4784
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Microsoft\Feeds" "2⤵PID:2652
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Microsoft\Feeds" do rmdir "%p" "2⤵PID:3956
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\VirtualStore" "2⤵PID:3248
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\VirtualStore" do rmdir "%p" "2⤵PID:4752
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\UnrealEngineLauncher" "2⤵PID:4584
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\UnrealEngineLauncher" do rmdir "%p" "2⤵PID:3032
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\UnrealEngine" "2⤵PID:396
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\UnrealEngine" do rmdir "%p" "2⤵PID:3252
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Speech Graphics" "2⤵PID:4648
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Speech Graphics" do rmdir "%p" "2⤵PID:808
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Publishers" "2⤵PID:1288
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Publishers" do rmdir "%p" "2⤵PID:1384
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Programs\Common" "2⤵PID:1704
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Programs\Common" do rmdir "%p" "2⤵PID:528
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\PlaceholderTileLogoFolder" "2⤵PID:5028
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\PlaceholderTileLogoFolder" do rmdir "%p" "2⤵PID:1544
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Roaming\EasyAntiCheat" "2⤵PID:2152
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Roaming\EasyAntiCheat" do rmdir "%p" "2⤵PID:5040
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%username%\AppData\Local\FortniteGame" "2⤵PID:3912
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Windows\Temp\*.* "2⤵PID:4572
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Windows\prefetch\*.* "2⤵PID:4220
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\MSOCache\{71230000-00E2-0000-1000-00000000}\Setup.dat "2⤵PID:4012
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Recovery\ntuser.sys "2⤵PID:1456
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Temp\338e89b.tmp "2⤵PID:4084
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\roaming\EasyAntiCheat "2⤵PID:1784
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\FortniteGame\ "2⤵PID:3972
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\EpicGamesLauncher\ "2⤵PID:4864
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngine\ "2⤵PID:4532
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngineLauncher\ "2⤵PID:1568
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Microsoft\Feeds\ "2⤵PID:1516
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Microsoft\Feeds "2⤵PID:4516
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\FortniteGame "2⤵PID:1832
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\EpicGamesLauncher "2⤵PID:1532
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngine "2⤵PID:1772
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngineLauncher "2⤵PID:4492
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\*.*" "2⤵PID:4732
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame" "2⤵PID:4228
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\Public\Libraries\*.*" "2⤵PID:3460
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\Microsoft\Feeds\*.*" "2⤵PID:4772
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\Microsoft\Feeds" "2⤵PID:3268
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\Saved\LMS\Manifest.sav\*.*" "2⤵PID:1956
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\Saved\LMS\Manifest.sav" "2⤵PID:3700
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\Temp\*.*" "2⤵PID:2592
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\Temp" "2⤵PID:5068
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe!App: 6F 70 0D 53 8D 13 D5 01" /f"2⤵PID:3656
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 00 EA 08 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 0A 73 20 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00" /f"2⤵PID:1892
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 70 42 0C 00 0E EB 0C 00 01 00 00 00 00 00 00 00 00 00 03 06 00 01 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 0C 00 00 00 00 00 00 01 00 00 00 01 00 00 00" /f"2⤵PID:1944
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2\LanguageList: 5F 65 6E 2D 55 53 5F 73 74 61 6E 64 61 72 64 5F 31 32 35 5F 55 53 5F 4C 54 52 5F 6C 69 67 68 74 5F 44 65 73 6B 74 6F 70" /f"2⤵PID:2644
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2\{Microsoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxGamingOverlay/resources/GameBar}: "Game bar"" /f"REG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\C:\Program Files\Common Files\System\wab32res.dll,-4602: "Contact file"" /f"2⤵PID:2320
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\1033\\VSLauncherUI.dll,-1002: "Open in2⤵PID:3212
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\windows.storage.dll,-21826: "Captures"" /f"2⤵PID:3236
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f"2⤵PID:4548
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f"REG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Children\03ce6902-ff58-41de-ab92-36fcaf27a580\Type: 0x00000001" /f"2⤵PID:2476
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App" /f2⤵PID:3448
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App\93" /f2⤵PID:1012
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac" /f2⤵PID:408
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad" /f2⤵PID:708
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93" /f2⤵PID:816
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93\ac" /f2⤵PID:3128
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93" /f2⤵PID:756
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93\ad" /f2⤵PID:2324
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180" /f2⤵PID:848
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181" /f2⤵PID:4060
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182" /f2⤵PID:4440
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\180" /f2⤵PID:1320
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\181" /f2⤵PID:1948
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\182" /f2⤵PID:1072
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f2⤵PID:532
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\182" /f2⤵PID:4404
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵PID:4392
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\180" /f2⤵PID:3556
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f2⤵PID:1016
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\181" /f2⤵PID:840
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80" /f2⤵PID:3740
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81" /f2⤵PID:4388
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82" /f2⤵PID:1792
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83" /f2⤵PID:4916
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84" /f2⤵PID:3868
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a80" /f2⤵PID:4148
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a81" /f2⤵PID:3708
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a82" /f2⤵PID:2900
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a83" /f2⤵PID:704
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a84" /f2⤵PID:4880
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180" /f2⤵PID:5016
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180\1a80" /f2⤵PID:676
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181" /f2⤵PID:3292
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181\1a81" /f2⤵PID:2444
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182" /f2⤵PID:4784
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182\1a82" /f2⤵PID:2652
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180" /f2⤵PID:3956
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180\1a83" /f2⤵PID:2640
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181" /f2⤵PID:1920
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181\1a84" /f2⤵PID:4036
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵PID:5080
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f2⤵PID:4668
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f2⤵PID:3304
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵PID:2448
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f2⤵PID:4464
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f2⤵PID:1312
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f2⤵PID:3284
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵PID:4796
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵PID:4436
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵PID:4484
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵PID:4056
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵PID:1544
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007 /v NetworkAddress /d 002622D90EFC /f2⤵PID:2152
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵PID:4144
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵PID:3232
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵PID:4968
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵PID:2296
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵PID:224
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSReleaseDate /f2⤵
- Enumerates system info in registry
PID:4716 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSVendor /f2⤵
- Enumerates system info in registry
PID:4420 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemManufacturer /f2⤵
- Enumerates system info in registry
PID:1784 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemProductName /f2⤵
- Enumerates system info in registry
PID:3972 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
PID:4864 -
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵PID:3132
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f2⤵PID:4632
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵PID:3976
-
C:\Windows\system32\reg.exereg delete"HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵PID:3064
-
C:\Windows\system32\reg.exereg delete"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\Security\" /f2⤵PID:3068