Overview
overview
9Static
static
3PH Spoofer1.1.rar
windows7-x64
3PH Spoofer1.1.rar
windows10-2004-x64
3Cleaner1 R...IN.bat
windows7-x64
8Cleaner1 R...IN.bat
windows10-2004-x64
8Cleaner2.bat
windows7-x64
7Cleaner2.bat
windows10-2004-x64
1Cleaner3.bat
windows7-x64
1Cleaner3.bat
windows10-2004-x64
1Cleaner4.bat
windows7-x64
8Cleaner4.bat
windows10-2004-x64
8Cleaner5.bat
windows7-x64
7Cleaner5.bat
windows10-2004-x64
5Cleaner6.bat
windows7-x64
7Cleaner6.bat
windows10-2004-x64
7Cleaner7.bat
windows7-x64
8Cleaner7.bat
windows10-2004-x64
8MAC.cmd
windows7-x64
1MAC.cmd
windows10-2004-x64
1PH Spoofer.exe
windows7-x64
9PH Spoofer.exe
windows10-2004-x64
9Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 18:36
Static task
static1
Behavioral task
behavioral1
Sample
PH Spoofer1.1.rar
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
PH Spoofer1.1.rar
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Cleaner1 RUN ALL AS ADMIN.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Cleaner2.bat
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Cleaner2.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
Cleaner3.bat
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
Cleaner3.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
Cleaner4.bat
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Cleaner4.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
Cleaner5.bat
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Cleaner5.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Cleaner6.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Cleaner6.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Cleaner7.bat
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
Cleaner7.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
MAC.cmd
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
MAC.cmd
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
PH Spoofer.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
PH Spoofer.exe
Resource
win10v2004-20240419-en
General
-
Target
Cleaner6.bat
-
Size
543KB
-
MD5
9d39831f2328903820a7359ac3e479a8
-
SHA1
2f2e720ed9b1462e5cdc8bc1d3a7e11fad6a887c
-
SHA256
4769a969888d95e0594ac296c3b7cf593dbb26bd7d27a47dc2c59022c0675263
-
SHA512
dad147bf672e4d0e69524e8103f715d133e21790ed7e3c065a02722e36c05e3e3dd9bac633da1b3eaa509a41caac46841261258478b9ad9c0aea7aea42d4204d
-
SSDEEP
1536:/sq0dLLLlL7LBL7vXgjIcHwL7DZQLwUDOmE8i/0fj8l9q0dLLLlL7LBL7vXgjcUQ:rLcUFivZ7jvzYx8+9oNQ0OL+
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 2328 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
cmd.exedescription ioc process File opened (read-only) \??\E: cmd.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
reg.exereg.exereg.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString reg.exe -
Enumerates system info in registry 2 TTPs 64 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "/ve" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "Neutron-30923" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "/ve" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "Neutron-20803" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVendor reg.exe Delete value \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "/ve" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-30275" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "/ve" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "Neutron-295826709923" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "Neutron-31249" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion = "Neutron-29013" reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-21841332530064" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU = "Neutron-12853" reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion = "Neutron-25565" reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer = "/ve" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-24139" reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "Neutron-18666" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName = "Neutron-318032709716655" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily = "Neutron-31057" reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName reg.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Key created \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS reg.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer = "/ve" reg.exe -
Kills process with taskkill 23 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 2520 taskkill.exe 2628 taskkill.exe 2684 taskkill.exe 1516 taskkill.exe 2520 taskkill.exe 1740 taskkill.exe 2572 taskkill.exe 2628 taskkill.exe 2564 taskkill.exe 3032 taskkill.exe 1580 taskkill.exe 604 taskkill.exe 780 taskkill.exe 2844 taskkill.exe 1580 taskkill.exe 2708 taskkill.exe 1068 taskkill.exe 2640 taskkill.exe 2576 taskkill.exe 2164 taskkill.exe 2376 taskkill.exe 2324 taskkill.exe 2684 taskkill.exe -
Modifies registry class 21 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12 reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12 reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon reg.exe Key created \REGISTRY\USER\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0 reg.exe Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache reg.exe -
Modifies registry key 1 TTPs 27 IoCs
Processes:
reg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exepid process 1064 reg.exe 2248 reg.exe 2500 reg.exe 1524 reg.exe 2432 reg.exe 1456 reg.exe 2584 reg.exe 2976 reg.exe 3028 reg.exe 964 reg.exe 2460 reg.exe 2468 reg.exe 2968 reg.exe 1552 reg.exe 992 reg.exe 548 reg.exe 1508 reg.exe 2000 reg.exe 304 reg.exe 2972 reg.exe 2964 reg.exe 1716 reg.exe 1332 reg.exe 1212 reg.exe 1688 reg.exe 2492 reg.exe 1288 reg.exe -
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 1580 taskkill.exe Token: SeDebugPrivilege 2520 taskkill.exe Token: SeDebugPrivilege 2628 taskkill.exe Token: SeDebugPrivilege 2564 taskkill.exe Token: SeDebugPrivilege 2684 taskkill.exe Token: SeDebugPrivilege 2708 taskkill.exe Token: SeDebugPrivilege 2164 taskkill.exe Token: SeDebugPrivilege 3032 taskkill.exe Token: SeDebugPrivilege 1516 taskkill.exe Token: SeDebugPrivilege 1580 taskkill.exe Token: SeDebugPrivilege 2520 taskkill.exe Token: SeDebugPrivilege 604 taskkill.exe Token: SeDebugPrivilege 780 taskkill.exe Token: SeDebugPrivilege 1068 taskkill.exe Token: SeDebugPrivilege 1740 taskkill.exe Token: SeDebugPrivilege 2376 taskkill.exe Token: SeDebugPrivilege 2324 taskkill.exe Token: SeDebugPrivilege 2572 taskkill.exe Token: SeDebugPrivilege 2640 taskkill.exe Token: SeDebugPrivilege 2628 taskkill.exe Token: SeDebugPrivilege 2576 taskkill.exe Token: SeDebugPrivilege 2684 taskkill.exe Token: SeDebugPrivilege 2844 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cmd.exedescription pid process target process PID 2328 wrote to memory of 1580 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 1580 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 1580 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2520 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2520 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2520 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2628 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2628 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2628 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2564 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2564 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2564 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2684 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2684 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2684 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2708 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2708 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2708 2328 cmd.exe taskkill.exe PID 2328 wrote to memory of 2436 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2436 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2436 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 3044 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 3044 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 3044 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2692 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2692 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2692 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2580 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2580 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2580 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2528 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2528 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2528 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2704 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2704 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2704 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2668 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2668 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2668 2328 cmd.exe cmd.exe PID 2328 wrote to memory of 2412 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2412 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2412 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2408 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2408 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2408 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2428 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2428 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2428 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2444 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2444 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2444 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2476 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2476 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2476 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2488 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2488 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2488 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2536 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2536 2328 cmd.exe reg.exe PID 2328 wrote to memory of 2536 2328 cmd.exe reg.exe PID 2328 wrote to memory of 1784 2328 cmd.exe reg.exe PID 2328 wrote to memory of 1784 2328 cmd.exe reg.exe PID 2328 wrote to memory of 1784 2328 cmd.exe reg.exe PID 2328 wrote to memory of 356 2328 cmd.exe reg.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Cleaner6.bat"1⤵
- Deletes itself
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im EpicGamesLauncher.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\Logs\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\Service Worker\CacheStorage\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\GPUCache\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Config\WindowsClient\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\LMS\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Cloud\*.* "2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\DefaultIcon" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\shell\open\command" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /v "24" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0" /v "12" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /v "1" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "7" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "8" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-295826709923 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-4677739521413 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-318032709716655 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-63154608057 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-117817326865 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-2960380822230 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-3828259966170 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d Neutron-9907686208 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d Neutron-211782407520368 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d Neutron-137031362915799 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d Neutron-3075919755344 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d Neutron-190933257811013 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d Neutron-6541191832186 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-164852175730769 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-274711554017789 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-31915187386487 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-91953240332033 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-73832221123625 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-30345646318157 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-322232170227078 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-304252453722239 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-29614404615153 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-295521188422911 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-283191149530473 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-20448335130195 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-130001925513714 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-14906128928278 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-6161243957277 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-204241942320947 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-23355394623319 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-294592432320668 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-100873137711137 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-1884030918206 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-319392352224893 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-8633116628000 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-17507313945887 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-291321898523921 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-26702333632089 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-182642011925682 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-202641619832508 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-27096237395470 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-298291767711753 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-13991676223901 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-20803 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct /t REG_SZ /d Neutron-26885 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardVersion /t REG_SZ /d Neutron-2642 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BIOSVersion /t REG_SZ /d Neutron-25565 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemFamily /t REG_SZ /d Neutron-31057 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-872 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-13245 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemSKU /t REG_SZ /d Neutron-27942 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemVersion /t REG_SZ /d Neutron-32543 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-30275 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-4767" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-23908" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-28152" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-14400" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion" /v "RegisteredOrganization" /t REG_SZ /d "Neutron-14669" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-23210" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-31858" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-27442" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-12701" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-14729" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-5803" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-19786" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-31049" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-6112" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-24017" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f"2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\IDConfigDB\Hardware Profiles\0001" /v HwProfileGuid /t REG_SZ /d {----80} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ----80 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\SystemInformation /v ComputerHardwareId /t REG_SZ /d {19087-7573-6645-16616} /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\HardwareConfig /v LastConfig /t REG_SZ /d {Admin17032} /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 14898-32197-4807-22075 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName /v ComputerName /t REG_SZ /d Desktop24417 /f2⤵
- Modifies registry key
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ActiveComputerName\ /v ComputerName /t REG_SZ /d Neutron-30873 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v Hostname /t REG_SZ /d Neutron-16740 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v "NV Hostname" /t REG_SZ /d Neutron-21084 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 /v2⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography" /v MachineGuid /t REG_SZ /d ---- /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildGUID /t REG_SZ /d ---- /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat\GamesInstalled: "217;"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\CapSids: 0A 00 00 00 01 02 00 00 00 00 00 0F 03 00 00 00 01 00 00 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E8 41 FE 65 15 CB 86 8E 43 2C E1 30 42 2A B3 51 4E 9C 0E 17 B4 1B 89 09 98 DA 44 8D 13 6A 0C B3 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 E4 29 72 AE 52 A9 2E 19 C4 FB 6C 51 9E 00 25 50 5B 64 A6 6F A4 D2 D0 57 D2 DB D7 37 F2 B0 85 AC 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0B 44 35 CF 44 6C 30 B5 4C 90 DA 15 DB 4C 09 94 5A 08 A5 69 F0 DC C5 65 02 4A 7B B9 A8 2C DA C2 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 3C DA 35 57 2A 15 FA C8 02 C1 BC 52 65 2B D8 EC C8 8E 72 9B 62 79 A8 20 65 1E 06 07 AF 02 70 0C 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 CE 22 45 27 27 B8 EA 12 11 8A 20 EF 09 19 FD 6B B8 B4 A0 D6 03 10 5B DD D6 CF 74 85 60 22 D2 CD 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 0A D5 CA 1A 96 05 1C F5 5E 2C 0C CE 2A E" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "8 F3 66 B9 86 13 95 5D 1A 40 0A 7F 52 A9 BA B2 23 04 83 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 38 B0 4E D5 42 5B 15 DF 75 ED 77 00 0E 5B 16 73 C1 5E D2 AF 68 BF 75 AD 38 35 1D 6A 1E 9A 12 F7 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 AF 37 E5 A2 58 AD 48 66 53 E6 1F 53 B9 42 0E EA 34 9C E5 B6 48 3A DB 78 9F 5C A7 33 FE 7E 97 1A 01 08 00 00 00 00 00 0F 03 00 00 00 CC 77 B2 6C CA 01 58 51 6A 28 60 81 E1 F6 0B 69 78 9C FE 8E 66 F8 8F CE 29 11 79 DE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete " 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games. /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Google\\Update\\UsageStats\\Daily\\Counts\\opt_in_uid_generated=" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\EasyAntiCheat\\GamesInstalled=217;" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Path=D:\\Fortnite\\FortniteGame\\Binaries\\Win64\\FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Title=FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\\SOFTWARE\\Razer Chroma SDK\\FortniteClient-Win64-Shipping.exe\\Author=Chroma developer" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_EAC.exe: B1 8A B0 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 73 D5 4B 11 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2532382528-581214834-2534474248-1001\\Device\HarddiskVolume3\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe: E7 CB 84 E9 8D 13 D5 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 70 42 0C 00 0E EB 0C 00 01 00 00 00 00 00 00 00 00 00 03 06 00 01 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 0C 00 00 00 00 00 00 01 00 00 00 01 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\FortniteClient-Win64-Shipping.exe\LastDetectionTime: F9 8F FD B6 8D 13 D5 01" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EasyAntiCheat.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "EpicGamesLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteClient-Win64-Shipping_BE.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /f /im "FortniteLauncher.exe" /t /fi "status eq running"2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\Installer\Dependencies" /v MSICache /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Microsoft\Direct3D" /v WHQLClass /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\Software\\Epic Games\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\com.epicgames.launcher\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\EpicGames\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Epic Games\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CLASSES_ROOT\\com.epicgames.launcher\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\Software\\Epic Games\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Classes\\com.epicgames.launcher\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\\Unreal Engine\\Hardware Survey\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\Software\\Epic Games\\Unreal Engine\\Identifiers\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\com.epicgames.launcher\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_LOCAL_MACHINE\\SOFTWARE\\EpicGames\" /f2⤵
-
C:\Windows\system32\reg.exereg delete \"HKEY_CURRENT_USER\\SOFTWARE\\EpicGames\" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3235051776-1179596201-1620534504-1001" /v "\Device\HarddiskVolume4\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched" /v "{6D809377-6AF0-444B-8957-A3773F02200E}\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView" /v "{6D809377-6AF0-444B-8957-A3773F02200E}\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win64.json" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKLM\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.FriendlyAppName" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win64.json" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Program Files\Epic Games\Fortnite\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe.ApplicationCompany" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayer-Win32.json" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-3235051776-1179596201-1620534504-1001\Software\Khronos\Vulkan\ImplicitLayers" /v "C:\Users\Centu\OneDrive\Desktop\Fortnite\Epic Games\Launcher\Portal\Extras\Overlay\EOSOverlayVkLayreg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq charles*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ida*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ObjectName: "LocalSystem"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CLASSES_ROOT\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EpicGames" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Type: 0x00000010" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Start: 0x00000003" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ErrorControl: 0x00000001" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\ImagePath: ""C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe""" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\DisplayName: "EasyAntiCheat"" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\WOW64: 0x0000014C" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Description: "Provides integrated security and services for online multiplayer games."" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security\Security: 01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 05 00 00 00 00 00 14 00 30 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 06 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00" /f2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\Logs\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\Service Worker\CacheStorage\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\EpicGamesLauncher\Saved\webcache\GPUCache\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Config\WindowsClient\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\LMS\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "%systemdrive%\Users\%username%\AppData\Local\FortniteGame\Saved\Cloud\*.* "2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\DefaultIcon" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKCR\discord-432980957394370572\shell\open\command" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /v "24" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\DefaultIcon" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\discord-432980957394370572\shell\open\command" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0" /v "12" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\12" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /v "1" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\1\0\1\0\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "7" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3" /v "8" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\8\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /v "0" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKU\S-1-5-21-1890030585-3173979648-977140667-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\0\0\0" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\Configuration\Variables\BusDeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\DeviceDesc" /v PropertyGuid /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\Configuration\Variables\Driver" /v PropertyGuid /t REG_SZ /d {----} /fW2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation" /v ComputerHardwareId /t REG_SZ /d {----} /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d /ve /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d /ve /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-905248264690 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-24942532930246 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-21841332530064 /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-24995223729407 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-22471144841776 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemManufacturer /t REG_SZ /d Neutron-28232484424362 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation /v SystemProductName /t REG_SZ /d Neutron-116191780524955 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemManufacturer /t REG_SZ /d Neutron-229402506714748 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v SystemProductName /t REG_SZ /d Neutron-226892495419625 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current /v BaseBoardManufacturer /t REG_SZ /d Neutron-5018620025918 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemManufacturer /t REG_SZ /d Neutron-307172943617971 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v SystemProductName /t REG_SZ /d Neutron-97641818131227 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f} /v BaseBoardManufacturer /t REG_SZ /d Neutron-228452668313664 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-77453036526812 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-174642916126461 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\Current\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-37391446330886 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {037bf8fa-5b18-50b2-ba13-2580426ff357} /t REG_SZ /d Neutron-2679523973704 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {5c8c5d29-b5ed-5229-a26c-e661b1e1129b} /t REG_SZ /d Neutron-238742342321033 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {f2461683-1fa0-5629-b022-d0ffaee63ed0} /t REG_SZ /d Neutron-1804269876014 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-171852840128937 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-25887145794005 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-116982535629354 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-231031225723243 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-91631741710309 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-185892780527893 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-29846682211464 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-30689993427471 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-25633143613221 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-15081557322557 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-191972779524933 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-23973251992653 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {41417485-85de-59b6-a9fa-e7f706b1d992} /t REG_SZ /d Neutron-181441200312006 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {ca09ac19-a9a0-5236-a0f6-ce81dcc46d9a} /t REG_SZ /d Neutron-52931845532008 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {81287c07-f962-5bac-a75b-e98c2c8f5f93} /t REG_SZ /d Neutron-144262480223805 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a0a97217-b3b7-58c7-a1fd-1a9295288031} /t REG_SZ /d Neutron-143452649619256 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {28c62655-d5a5-58ee-9dae-4c1d2c09f9ef} /t REG_SZ /d Neutron-281412857929360 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {67b72407-d583-525b-9f54-cc0f8ee0552e} /t REG_SZ /d Neutron-163631849717821 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {a4d0f078-0772-5228-a37a-db55fdb8ee04} /t REG_SZ /d Neutron-59262448016672 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {21a4c841-f6fc-5651-8cde-435c9effc378} /t REG_SZ /d Neutron-218372929417152 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {cd0c55c7-a3ae-55b4-add7-578cdc06511f} /t REG_SZ /d Neutron-31383134054122 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {feb9c5fe-1cdf-59a8-8008-550892c61c37} /t REG_SZ /d Neutron-86143249128879 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {6ef3fe51-9106-55cf-a553-f5d21bb78cc3} /t REG_SZ /d Neutron-32694246359774 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\{a0408a6a-546c-11ea-af4e-4df901723b0f}\ComputerIds /v {7b3e1573-c771-5dbd-b795-f8344771349d} /t REG_SZ /d Neutron-12351179018911 /f2⤵
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardManufacturer /t REG_SZ /d Neutron-31249 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardProduct /t REG_SZ /d Neutron-21608 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BaseBoardVersion /t REG_SZ /d Neutron-17486 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v BIOSVersion /t REG_SZ /d Neutron-30923 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemFamily /t REG_SZ /d Neutron-3065 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemManufacturer /t REG_SZ /d Neutron-18666 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-21849 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemSKU /t REG_SZ /d Neutron-12853 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemVersion /t REG_SZ /d Neutron-29013 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD HKLM\HARDWARE\DESCRIPTION\System\BIOS /v SystemProductName /t REG_SZ /d Neutron-24139 /f2⤵
- Enumerates system info in registry
- Modifies registry key
-
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-22046" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCR\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-14708" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power-cleaned.exe.ApplicationCompany" /t REG_SZ /d "Neutron-23086" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache" /v "C:\Users\THEGUY3ds\Downloads\Caught.Power.exe.ApplicationCompany" /t REG_SZ /d "Neutron-22075" /f2⤵
- Modifies registry class
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion" /v "RegisteredOrganization" /t REG_SZ /d "Neutron-19480" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-24165" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-30207" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-1308" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-20917" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-19213" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "HostName" /t REG_SZ /d "Neutron-6856" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "NV HostName" /t REG_SZ /d "Neutron-11457" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{146337E2-B748-4468-AC39-FCBBA2D507EC}" /v "Hostname" /t REG_SZ /d "Neutron-5642" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{34E2F73D-D367-4931-8A5F-FB72BBE02BCB}" /v "Hostname" /t REG_SZ /d "Neutron-21632" /f2⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{8B66020F-34DF-4179-BC45-E6419E7905AD}" /v "Hostname" /t REG_SZ /d "Neutron-25182" /f2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /s /q "C:\Program Files\Epic Games\Fortnite\FortniteGame\PersistentDownloadDir\LMS\Manifest.sav" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\BattlEye" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\BattlEye" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CEF" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CEF" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Comms" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Comms" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\ConnectedDevicesPlatform" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CrashDumps" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CrashDumps" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\CrashReportClient" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\CrashReportClient" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\D3DSCache" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\D3DSCache" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\DBG" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\DBG" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\EpicGamesLauncher" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\EpicGamesLauncher" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\FortniteGame" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\FortniteGame" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Microsoft\Feeds" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Microsoft\Feeds" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\VirtualStore" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\VirtualStore" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\UnrealEngineLauncher" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\UnrealEngineLauncher" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\UnrealEngine" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\UnrealEngine" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Speech Graphics" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Speech Graphics" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Publishers" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Publishers" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\Programs\Common" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\Programs\Common" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Local\PlaceholderTileLogoFolder" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Local\PlaceholderTileLogoFolder" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /q "C:\Users\%username%\AppData\Roaming\EasyAntiCheat" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /q "C:\Users\%username%\AppData\Roaming\EasyAntiCheat" do rmdir "%p" "2⤵
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%username%\AppData\Local\FortniteGame" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Windows\Temp\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Windows\prefetch\*.* "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\MSOCache\{71230000-00E2-0000-1000-00000000}\Setup.dat "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q C:\Recovery\ntuser.sys "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Temp\338e89b.tmp "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\roaming\EasyAntiCheat "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\FortniteGame\ "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\EpicGamesLauncher\ "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngine\ "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngineLauncher\ "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Microsoft\Feeds\ "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\Microsoft\Feeds "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\FortniteGame "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\EpicGamesLauncher "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngine "2⤵
-
C:\Windows\system32\cmd.execmd /C "RD /s /f /a:h /a:a /q %USERPROFILE%\appdata\local\UnrealEngineLauncher "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\*.*" "2⤵
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\Public\Libraries\*.*" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\Microsoft\Feeds\*.*" "2⤵
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\Microsoft\Feeds" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\Saved\LMS\Manifest.sav\*.*" "2⤵
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\FortniteGame\Saved\LMS\Manifest.sav" "2⤵
-
C:\Windows\system32\cmd.execmd /C "del /f /a:h /a:a /s /q "C:\Users\%USERPROFILE%\AppData\Local\Temp\*.*" "2⤵
-
C:\Windows\system32\cmd.execmd /C "rmdir /s /q "C:\Users\%USERPROFILE%\AppData\Local\Temp" "2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe!App: 6F 70 0D 53 8D 13 D5 01" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.44.40.1000_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 00 EA 08 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 0A 73 20 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\EasyAntiCheat\EasyAntiCheat_Setup.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 70 42 0C 00 0E EB 0C 00 01 00 00 00 00 00 00 00 00 00 03 06 00 01 00 00 67 07 7C BA C5 4C D4 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 0C 00 00 00 00 00 00 01 00 00 00 01 00 00 00" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2\LanguageList: 5F 65 6E 2D 55 53 5F 73 74 61 6E 64 61 72 64 5F 31 32 35 5F 55 53 5F 4C 54 52 5F 6C 69 67 68 74 5F 44 65 73 6B 74 6F 70" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe%5Cmicrosoft.system.package.metadata%5CS-1-5-21-2532382528-581214834-2534474248-1001-MergedResources-2.pri\1d50f44cf1a0499\87f345c2\{Microsoft.XboxGamingOverlay_2.26.28001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxGamingOverlay/resources/GameBar}: "Game bar"" /f"REG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\C:\Program Files\Common Files\System\wab32res.dll,-4602: "Contact file"" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\1033\\VSLauncherUI.dll,-1002: "Open in2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\Local Settings\MuiCache\ab\52C64B7E\windows.storage.dll,-21826: "Captures"" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\DefaultIcon\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f"2⤵
-
C:\Windows\system32\reg.exeREG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\Software\Classes\discord-432980957394370572\shell\open\command\: "C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe"" /f"REG DELETE "HKU\S-1-5-21-2532382528-581214834-2534474248-1001\System\GameConfigStore\Children\03ce6902-ff58-41de-ab92-36fcaf27a580\Type: 0x00000001" /f"2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\181^App\93" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ac" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\ad" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\3^93\ac" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplication\4^93\ad" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\180" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\181" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\182" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\180" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\181" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFamily\4e\182" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_split.scale-100_8wekyb3d8bbwe\182" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\180" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe\181" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a80" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a81" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a82" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a83" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Data\1a84" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a80" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a81" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\3\1a82" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a83" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\User\4\1a84" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^180\1a80" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^181\1a81" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\3^182\1a82" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^180\1a83" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageUser\Index\UserAndPackage\4^181\1a84" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2532382528-581214834-2534474248-1001\Microsoft.XboxGameOverlay_1.41.24001.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.27323.0_x86__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.XboxGameOverlay_1.41.24001.0_x64__8wekyb3d8bbwe" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\WOW6432Node\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\ControlSet001\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\EasyAntiCheat\Security" /f2⤵
-
C:\Windows\system32\reg.exereg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0007 /v NetworkAddress /d 002622D90EFC /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Classes\com.epicgames.launcher" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Hardware Survey" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\Epic Games\Unreal Engine\Identifiers" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_CURRENT_USER\Software\WOW6432Node\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSReleaseDate /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v BIOSVendor /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemManufacturer /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\BIOS" /v SystemProductName /f2⤵
- Enumerates system info in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\Hardware\Description\System\CentralProcessor\0" /v ProcessorNameString /f2⤵
- Checks processor information in registry
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control" /v SystemStartOptions /f2⤵
-
C:\Windows\system32\reg.exereg delete "HKEY_USERS\S-1-5-21-2097722829-2509645790-3642206209-1001\Software\Epic Games" /f2⤵
-
C:\Windows\system32\reg.exereg delete"HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig" /f2⤵
-
C:\Windows\system32\reg.exereg delete"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\Security\" /f2⤵