Analysis Overview
SHA256
9d0b6ae05c845ce78318d91b514b46947b2e6f37ffb368a1cefee77ad63faee5
Threat Level: Known bad
The file BoosterX.exe was found to be: Known bad.
Malicious Activity Summary
Disables service(s)
UAC bypass
Modifies Windows Defender notification settings
Suspicious use of NtCreateUserProcessOtherParentProcess
Modifies boot configuration data using bcdedit
Possible privilege escalation attempt
Modifies file permissions
UPX packed file
Checks whether UAC is enabled
Modifies Installed Components in the registry
Legitimate hosting services abused for malware hosting/C2
Installs/modifies Browser Helper Object
Looks up external IP address via web service
Sets file execution options in registry
Drops desktop.ini file(s)
Downloads MZ/PE file
Checks computer location settings
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Modifies system executable filetype association
Registers COM server for autorun
Launches sc.exe
Detects Pyinstaller
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Modifies registry class
Checks processor information in registry
Kills process with taskkill
Modifies Internet Explorer settings
Uses Volume Shadow Copy service COM API
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies system certificate store
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Disables Windows logging functionality
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-28 13:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 13:53
Reported
2024-05-28 13:59
Platform
win7-20240508-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\BoosterX.exe
"C:\Users\Admin\AppData\Local\Temp\BoosterX.exe"
Network
Files
memory/2416-0-0x000007FEF5823000-0x000007FEF5824000-memory.dmp
memory/2416-1-0x0000000000A20000-0x0000000002B58000-memory.dmp
memory/2416-2-0x000007FEF5820000-0x000007FEF620C000-memory.dmp
memory/2416-3-0x000000001D4D0000-0x000000001ECA6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2CCD.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2CEF.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
memory/2416-209-0x000007FEF5820000-0x000007FEF620C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 13:53
Reported
2024-05-28 13:59
Platform
win10v2004-20240426-en
Max time kernel
230s
Max time network
299s
Command Line
Signatures
Disables service(s)
Modifies Windows Defender notification settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications = "1" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications = "1" | C:\Windows\system32\reg.exe | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
| PID 4172 created 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | C:\Windows\servicing\TrustedInstaller.exe |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | N/A | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
Downloads MZ/PE file
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | N/A | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe\Debugger = "systray.exe" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe' | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe'\Debugger = "C:\\Windows\\System32\\taskkill.exe" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe' | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe' | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe'\Debugger = "C:\\Windows\\System32\\taskkill.exe" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe\Debugger = "systray.exe" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe' | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe'\Debugger = "C:\\Windows\\System32\\taskkill.exe" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe'\Debugger = "C:\\Windows\\System32\\taskkill.exe" | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\CC323162-A1B0-4F29-8BEB-5151B5EC4B30\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | N/A | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\0C0D6DA4-21A4-43D1-A066-6AC3F6DDC922\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\950BFBD3-FF4C-4BB4-B485-FAD3F4422F42\dismhost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | N/A | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\5966FEB1-E748-4A4E-87AC-658F8D57DEBC\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\BF301E38-B128-4A60-B7EC-648A7295DC2C\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\FDF2FE35-7130-460C-B677-EE3F3B5F33CF\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\D59EC9CB-6A37-44BF-A453-A4FB0FCBBE9D\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | N/A | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{6BB93B4E-44D8-40E2-BD97-42DBCF18A40F}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32 | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32\ = "%systemroot%\\system32\\shell32.dll" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{2E7C0A19-0438-41E9-81E3-3AD3D64F55BA}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32\ = "%systemroot%\\SysWow64\\shell32.dll" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InProcServer32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\INPROCSERVER32 | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0066 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Driver | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Security | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000D | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000A | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ContainerID | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2} | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\en | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000D | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\en | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000C | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\000C | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0002 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver | N/A | N/A |
| Delete value | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\InstallFlags | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\000C | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6} | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\en-US | C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\wermgr.exe | N/A |
Disables Windows logging functionality
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\wermgr.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\OneDrive\Installer | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | N/A | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SQMClient\UserId = "{05AF8039-B7CC-4152-9960-AE0D805EC571}" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{5D65DD0D-81BF-4FF4-AEEA-6EFFB445CB3F}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{944903E8-B03F-43A0-8341-872200D2DA9C}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\INSTANCE\INITPROPERTYBAG | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\VERSIONINDEPENDENTPROGID | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\shell | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{9D613F8A-B30E-4938-8490-CB5677701EBF}\PROXYSTUBCLSID32 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ = "OneDrive" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{F0440F4E-4884-4A8F-8A45-BA89C00F96F2}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{AEEBAD4E-3E0A-415B-9B94-19C499CD7B6A}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VERSIONINDEPENDENTPROGID | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\TypeLib\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CurVer | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\Interface\{D0ED5C72-6197-4AAD-9B16-53FE461DD85C} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{466F31F7-9892-477E-B189-FA5C59DE3603}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\CLSID\{6bb93b4e-44d8-40e2-bd97-42dbcf18a40f} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ie_to_edge_bho.dll | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\BannerNotificationHandler.BannerNotificationHandler | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{B5C25645-7426-433F-8A5F-42B7FF27A7B2}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\PROGID | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pow\shell\Import\command\ = "powercfg /import \"%1\"" | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MSEDGEMHT\SHELL\RUNAS\COMMAND | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe,0" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\TYPELIB\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\Interface\{8D3F8F15-1DE1-4662-BF93-762EABE988B2} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\Interface\{EA23A664-A558-4548-A8FE-A6B94D37C3CF} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B}\1.0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\PROGRAMMABLE | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{0F872661-C863-47A4-863F-C065C182858A}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\WOW6432NODE\INTERFACE\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\PROXYSTUBCLSID32 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\InitPropertyBag\Attributes = "17" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{679EC955-75AA-4FB2-A7ED-8C0152ECF409}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_CLASSES\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55} | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pow\shell | C:\Windows\system32\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BoosterX.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\BoosterX.exe
"C:\Users\Admin\AppData\Local\Temp\BoosterX.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SYSTEM32\bcdedit.exe
"bcdedit.exe" /enum {current} /v
C:\Windows\SYSTEM32\wevtutil.exe
"wevtutil.exe" gl Microsoft-Windows-SleepStudy/Diagnostic
C:\Windows\SYSTEM32\wevtutil.exe
"wevtutil.exe" gl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\SYSTEM32\wevtutil.exe
"wevtutil.exe" gl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c chcp 437 & "C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /enum-devices
C:\Windows\system32\chcp.com
chcp 437
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /enum-devices
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c chcp 437 & "C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /enum-devices /disconnected
C:\Windows\system32\chcp.com
chcp 437
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /enum-devices /disconnected
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\dismhost.exe {9B946999-89EE-44EE-8F07-F4CF6FD4A798}
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /F /FI "IMAGENAME eq SystemSettings.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /FI "IMAGENAME eq SystemSettings.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powercfg /export "C:\Users\Admin\AppData\Roaming\BoosterX\BackUpPower.pow" 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
C:\Windows\system32\powercfg.exe
powercfg /export "C:\Users\Admin\AppData\Roaming\BoosterX\BackUpPower.pow" 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseSpeed" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseSpeed" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold1" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold1" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold2" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold2" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAnimations" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAnimations" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\DWM" /v "AlwaysHibernateThumbnails" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\DWM" /v "AlwaysHibernateThumbnails" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v "MinAnimate" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v "MinAnimate" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "IconsOnly" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "IconsOnly" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewShadow" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewShadow" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewAlphaSelect" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewAlphaSelect" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop" /v "DragFullWindows" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v "DragFullWindows" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\DWM" /v "EnableAeroPeek" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\DWM" /v "EnableAeroPeek" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "FontSmoothing" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "FontSmoothing" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop" /v "UserPreferencesMask" /t reg_binary /d "9012038010000000" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v "UserPreferencesMask" /t reg_binary /d "9012038010000000" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "ShellState" /t reg_binary /d "240000003EA8000000000000000000000000000001000000130000000000000073000000" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "ShellState" /t reg_binary /d "240000003EA8000000000000000000000000000001000000130000000000000073000000" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t reg_dword /d "2" /f
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c bcdedit /set disabledynamictick yes
C:\Windows\system32\bcdedit.exe
bcdedit /set disabledynamictick yes
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c bcdedit /set useplatformtick yes
C:\Windows\system32\bcdedit.exe
bcdedit /set useplatformtick yes
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "GamePanelStartupTipIndex" /t reg_dword /d "3" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "GamePanelStartupTipIndex" /t reg_dword /d "3" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "ShowStartupPanel" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "ShowStartupPanel" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "UseNexusForGameBarEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "UseNexusForGameBarEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AllowAutoGameMode" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AllowAutoGameMode" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Dwm" /v "OverlayTestMode" /t reg_dword /d "5" /f
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Dwm" /v "OverlayTestMode" /t reg_dword /d "5" /f
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "C:\Users\Admin\AppData\Roaming\BoosterX\disable.bat"
C:\Windows\system32\net.exe
net stop wuauserv
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop wuauserv
C:\Windows\system32\net.exe
net stop UsoSvc
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop UsoSvc
C:\Windows\system32\net.exe
net stop uhssvc
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop uhssvc
C:\Windows\system32\net.exe
net stop WaaSMedicSvc
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WaaSMedicSvc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.0.325999809\1797427689" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be9cf5de-a040-4790-9627-52c73ae02148} 324 "\\.\pipe\gecko-crash-server-pipe.324" 1828 1a40da0b758 gpu
C:\Windows\system32\sc.exe
sc config wuauserv start= disabled
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.1.587700006\1547251292" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2008 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96fed52e-0ac5-43b0-b392-852c62caa037} 324 "\\.\pipe\gecko-crash-server-pipe.324" 2436 1a400b85958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.2.1371431197\440026142" -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3056 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5329be89-fec8-4e1d-9dd8-37d16fba28b4} 324 "\\.\pipe\gecko-crash-server-pipe.324" 3032 1a4106f2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.3.120763579\1354522670" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ea445c-24df-4b9f-956f-9bf9284166c4} 324 "\\.\pipe\gecko-crash-server-pipe.324" 3672 1a41294d258 tab
C:\Windows\system32\sc.exe
sc config UsoSvc start= disabled
C:\Windows\system32\sc.exe
sc config uhssvc start= disabled
C:\Windows\system32\sc.exe
sc config WaaSMedicSvc start= disabled
C:\Windows\system32\sc.exe
sc failure wuauserv reset= 0 actions= ""
C:\Windows\system32\sc.exe
sc failure UsoSvc reset= 0 actions= ""
C:\Windows\system32\sc.exe
sc failure uhssvc reset= 0 actions= ""
C:\Windows\system32\sc.exe
sc failure WaaSMedicSvc reset= 0 actions= ""
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\WaaSMedicSvc.dll
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\WaaSMedicSvc.dll /grant *S-1-1-0:F
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\WaaSMedicSvc_BAK.dll /setowner "NT SERVICE\TrustedInstaller"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\WaaSMedicSvc_BAK.dll /remove *S-1-1-0
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v Start /t REG_DWORD /d 4 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /v FailureActions /t REG_BINARY /d 000000000000000000000000030000001400000000000000c0d4010000000000e09304000000000000000000 /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v NoAutoUpdate /t REG_DWORD /d 1 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Get-ScheduledTask -TaskPath '\Microsoft\Windows\InstallService\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\Windows\UpdateOrchestrator\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\Windows\UpdateAssistant\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\Windows\WaaSMedic\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\Windows\WindowsUpdate\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\WindowsUpdate\*' | Disable-ScheduledTask; Get-ScheduledTask -TaskPath '\Microsoft\Windows\WindowsUpdate\AU\*' | Disable-ScheduledTask"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.4.1642275563\1463986242" -childID 3 -isForBrowser -prefsHandle 5220 -prefMapHandle 5088 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c579147-06a5-40a0-acd2-3c553fb2d97f} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5184 1a413d33258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.5.1606228192\2083844534" -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5868286e-65da-49c6-a4d8-3b6d03b77eda} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5332 1a413d36258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.6.1857570821\2080751760" -childID 5 -isForBrowser -prefsHandle 4976 -prefMapHandle 5096 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb22f8e-e3d1-450c-949c-b2a180017625} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5480 1a413d36558 tab
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d "0" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.7.1443123351\1041306636" -childID 6 -isForBrowser -prefsHandle 3384 -prefMapHandle 4976 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1296 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec34309-722d-4d34-98ef-491495779099} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5724 1a415cc4958 tab
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d "0" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.8.1784488202\993075639" -parentBuildID 20230214051806 -prefsHandle 5320 -prefMapHandle 5872 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2837a609-b77a-45e2-8844-ee289941983d} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5864 1a415d84b58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="324.9.1970939704\1104894371" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5260 -prefMapHandle 5852 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c86c409f-bebf-4c27-b8b6-c675d60ac20c} 324 "\\.\pipe\gecko-crash-server-pipe.324" 5932 1a4112bcb58 utility
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "StartupBoostEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "StartupBoostEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "BackgroundModeEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge" /v "BackgroundModeEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t reg_dword /d "3" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching" /v "SearchOrderConfig" /t reg_dword /d "3" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_TOASTS_ABOVE_LOCK" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_CRITICAL_TOASTS_ABOVE_LOCK" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_ALLOW_CRITICAL_TOASTS_ABOVE_LOCK" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_TOASTS_ENABLED" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings" /v "NOC_GLOBAL_SETTING_TOASTS_ENABLED" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastApplicationNotification" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoToastApplicationNotification" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\PushNotifications" /v "NoTileApplicationNotification" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\Maps" /v "AutoUpdateEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\Maps" /v "AutoUpdateEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t reg_dword /d "0" /f
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe
"C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".bmp" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe
"C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe"
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe
"C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe"
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe
"C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".bmp" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".dib" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".dib" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".gif" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".gif" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jfif" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jfif" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpe" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpe" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpeg" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpeg" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpg" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jpg" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jxr" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".jxr" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".png" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations" /v ".png" /t reg_sz /d "PhotoViewer.FileAssoc.Tiff" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t reg_sz /d "506" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Accessibility\StickyKeys" /v "Flags" /t reg_sz /d "506" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t reg_sz /d "122" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t reg_sz /d "122" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t reg_sz /d "58" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t reg_sz /d "58" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "WaitforIdleState" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "WaitforIdleState" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowRecent" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowFrequent" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "ShowFrequent" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackDocs" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackDocs" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\AppSync" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\AppSync" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe" /v "Debugger" /t reg_sz /d "systray.exe" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mobsync.exe" /v "Debugger" /t reg_sz /d "systray.exe" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCR\.pow" /ve /t reg_sz /d "Power Plan" /f
C:\Windows\system32\reg.exe
reg add "HKCR\.pow" /ve /t reg_sz /d "Power Plan" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCR\.pow" /v "FriendlyTypeName" /t reg_sz /d "Power Plan" /f
C:\Windows\system32\reg.exe
reg add "HKCR\.pow" /v "FriendlyTypeName" /t reg_sz /d "Power Plan" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCR\.pow\DefaultIcon" /ve /t reg_expand_sz /d "%SystemRoot%\System32\powercfg.cpl,-202" /f
C:\Windows\system32\reg.exe
reg add "HKCR\.pow\DefaultIcon" /ve /t reg_expand_sz /d "C:\Windows\System32\powercfg.cpl,-202" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCR\.pow\shell\Import\command" /ve /t reg_sz /d "powercfg /import ""%1""" /f
C:\Windows\system32\reg.exe
reg add "HKCR\.pow\shell\Import\command" /ve /t reg_sz /d "powercfg /import ""%1""" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v "HiberbootEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v "HiberbootEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HibernateEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\0b2d69d7-a2a1-449c-9680-f91c70521c60" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\0b2d69d7-a2a1-449c-9680-f91c70521c60" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\51dea550-bb38-4bc4-991b-eacf37be5ec8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\51dea550-bb38-4bc4-991b-eacf37be5ec8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\80e3c60e-bb94-4ad8-bbe0-0d3195efc663" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\80e3c60e-bb94-4ad8-bbe0-0d3195efc663" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\d3d55efd-c1ff-424e-9dc3-441be7833010" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\d3d55efd-c1ff-424e-9dc3-441be7833010" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\d639518a-e56d-4345-8af2-b9f32fb26109" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\d639518a-e56d-4345-8af2-b9f32fb26109" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\dab60367-53fe-4fbc-825e-521d069d2456" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\dab60367-53fe-4fbc-825e-521d069d2456" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\dbc9e238-6de9-49e3-92cd-8c2b4946b472" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\dbc9e238-6de9-49e3-92cd-8c2b4946b472" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\fc95af4d-40e7-4b6d-835a-56d131dbc80e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\fc95af4d-40e7-4b6d-835a-56d131dbc80e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0d7dbae2-4294-402a-ba8e-26777e8488cd\309dce9b-bef4-4119-9921-a851fb12f0f4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0d7dbae2-4294-402a-ba8e-26777e8488cd\309dce9b-bef4-4119-9921-a851fb12f0f4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\1A34BDC3-7E6B-442E-A9D0-64B6EF378E84" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\1A34BDC3-7E6B-442E-A9D0-64B6EF378E84" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\25DFA149-5DD1-4736-B5AB-E8A37B5B8187" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\25DFA149-5DD1-4736-B5AB-E8A37B5B8187" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\29f6c1db-86da-48c5-9fdb-f2b67b1f44da" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\29f6c1db-86da-48c5-9fdb-f2b67b1f44da" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\9d7815a6-7ee4-497e-8888-515a05f02364" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\9d7815a6-7ee4-497e-8888-515a05f02364" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\A4B195F5-8225-47D8-8012-9D41369786E2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\A4B195F5-8225-47D8-8012-9D41369786E2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\abfc2519-3608-4c2a-94ea-171b0ed546ab" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\abfc2519-3608-4c2a-94ea-171b0ed546ab" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\0853a681-27c8-4100-a2fd-82013e970683" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\0853a681-27c8-4100-a2fd-82013e970683" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\498c044a-201b-4631-a522-5c744ed4e678" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\498c044a-201b-4631-a522-5c744ed4e678" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\3166BC41-7E98-4e03-B34E-EC0F5F2B218E" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\3166BC41-7E98-4e03-B34E-EC0F5F2B218E" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\C36F0EB4-2988-4a70-8EEE-0884FC2C2433" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\C36F0EB4-2988-4a70-8EEE-0884FC2C2433" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\C42B79AA-AA3A-484b-A98F-2CF32AA90A28" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\C42B79AA-AA3A-484b-A98F-2CF32AA90A28" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\D502F7EE-1DC7-4EFD-A55D-F04B6F5C0545" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2E601130-5351-4d9d-8E04-252966BAD054\D502F7EE-1DC7-4EFD-A55D-F04B6F5C0545" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\2BFC24F9-5EA2-4801-8213-3DBAE01AA39D" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\2BFC24F9-5EA2-4801-8213-3DBAE01AA39D" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\73CDE64D-D720-4bb2-A860-C755AFE77EF2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\73CDE64D-D720-4bb2-A860-C755AFE77EF2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\D6BA4903-386F-4c2c-8ADB-5C21B3328D25" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\48672F38-7A9A-4bb2-8BF8-3D85BE19DE4E\D6BA4903-386F-4c2c-8ADB-5C21B3328D25" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\5ca83367-6e45-459f-a27b-476b1d01c936" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\5ca83367-6e45-459f-a27b-476b1d01c936" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\7648efa3-dd9c-4e3e-b566-50f929386280" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\7648efa3-dd9c-4e3e-b566-50f929386280" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\833a6b62-dfa4-46d1-82f8-e09e34d029d6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\833a6b62-dfa4-46d1-82f8-e09e34d029d6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\96996bc0-ad50-47ec-923b-6f41874dd9eb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\96996bc0-ad50-47ec-923b-6f41874dd9eb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\99ff10e7-23b1-4c07-a9d1-5c3206d741b4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\99ff10e7-23b1-4c07-a9d1-5c3206d741b4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\06cadf0e-64ed-448a-8927-ce7bf90eb35d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\06cadf0e-64ed-448a-8927-ce7bf90eb35d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\06cadf0e-64ed-448a-8927-ce7bf90eb35e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\06cadf0e-64ed-448a-8927-ce7bf90eb35e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\0cc5b647-c1df-4637-891a-dec35c318583" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\0cc5b647-c1df-4637-891a-dec35c318583" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\0cc5b647-c1df-4637-891a-dec35c318584" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\0cc5b647-c1df-4637-891a-dec35c318584" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\12a0ab44-fe28-4fa9-b3bd-4b64f44960a6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\12a0ab44-fe28-4fa9-b3bd-4b64f44960a6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\12a0ab44-fe28-4fa9-b3bd-4b64f44960a7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\12a0ab44-fe28-4fa9-b3bd-4b64f44960a7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\1facfc65-a930-4bc5-9f38-504ec097bbc0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\1facfc65-a930-4bc5-9f38-504ec097bbc0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\2430ab6f-a520-44a2-9601-f7f23b5134b1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\2430ab6f-a520-44a2-9601-f7f23b5134b1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\2ddd5a84-5a71-437e-912a-db0b8c788732" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\2ddd5a84-5a71-437e-912a-db0b8c788732" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\36687f9e-e3a5-4dbf-b1dc-15eb381c6863" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\36687f9e-e3a5-4dbf-b1dc-15eb381c6863" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4009efa7-e72d-4cba-9edf-91084ea8cbc3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4009efa7-e72d-4cba-9edf-91084ea8cbc3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\40fbefc7-2e9d-4d25-a185-0cfd8574bac6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\40fbefc7-2e9d-4d25-a185-0cfd8574bac6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\40fbefc7-2e9d-4d25-a185-0cfd8574bac7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\40fbefc7-2e9d-4d25-a185-0cfd8574bac7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\447235c7-6a8d-4cc0-8e24-9eaf70b96e2b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\447235c7-6a8d-4cc0-8e24-9eaf70b96e2b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\447235c7-6a8d-4cc0-8e24-9eaf70b96e2c" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\447235c7-6a8d-4cc0-8e24-9eaf70b96e2c" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\45bcc044-d885-43e2-8605-ee0ec6e96b59" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\45bcc044-d885-43e2-8605-ee0ec6e96b59" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\465e1f50-b610-473a-ab58-00d1077dc418" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\465e1f50-b610-473a-ab58-00d1077dc418" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\465e1f50-b610-473a-ab58-00d1077dc419" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\465e1f50-b610-473a-ab58-00d1077dc419" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4b92d758-5a24-4851-a470-815d78aee119" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4b92d758-5a24-4851-a470-815d78aee119" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4bdaf4e9-d103-46d7-a5f0-6280121616ef" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4bdaf4e9-d103-46d7-a5f0-6280121616ef" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4d2b0152-7d5c-498b-88e2-34345392a2c5" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4d2b0152-7d5c-498b-88e2-34345392a2c5" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4e4450b3-6179-4e91-b8f1-5bb9938f81a1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\4e4450b3-6179-4e91-b8f1-5bb9938f81a1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\5d76a2ca-e8c0-402f-a133-2158492d58ad" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\5d76a2ca-e8c0-402f-a133-2158492d58ad" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\616cdaa5-695e-4545-97ad-97dc2d1bdd88" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\616cdaa5-695e-4545-97ad-97dc2d1bdd88" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\616cdaa5-695e-4545-97ad-97dc2d1bdd89" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\616cdaa5-695e-4545-97ad-97dc2d1bdd89" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\619b7505-003b-4e82-b7a6-4dd29c300971" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\619b7505-003b-4e82-b7a6-4dd29c300971" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\619b7505-003b-4e82-b7a6-4dd29c300972" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\619b7505-003b-4e82-b7a6-4dd29c300972" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\6c2993b0-8f48-481f-bcc6-00dd2742aa06" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\6c2993b0-8f48-481f-bcc6-00dd2742aa06" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\71021b41-c749-4d21-be74-a00f335d582b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\71021b41-c749-4d21-be74-a00f335d582b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e100" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e101" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\75b0ae3f-bce0-45a7-8c89-c9611c25e101" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7b224883-b3cc-4d79-819f-8374152cbe7c" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7b224883-b3cc-4d79-819f-8374152cbe7c" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7d24baa7-0b84-480f-840c-1b0743c00f5f" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7d24baa7-0b84-480f-840c-1b0743c00f5f" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7d24baa7-0b84-480f-840c-1b0743c00f60" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7d24baa7-0b84-480f-840c-1b0743c00f60" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7f2492b6-60b1-45e5-ae55-773f8cd5caec" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7f2492b6-60b1-45e5-ae55-773f8cd5caec" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7f2f5cfa-f10c-4823-b5e1-e93ae85f46b5" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\7f2f5cfa-f10c-4823-b5e1-e93ae85f46b5" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\893dee8e-2bef-41e0-89c6-b55d0929964d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\893dee8e-2bef-41e0-89c6-b55d0929964d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\8baa4a8a-14c6-4451-8e8b-14bdbd197537" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\8baa4a8a-14c6-4451-8e8b-14bdbd197537" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\93b8b6dc-0698-4d1c-9ee4-0644e900c85d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\93b8b6dc-0698-4d1c-9ee4-0644e900c85d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\984cf492-3bed-4488-a8f9-4286c97bf5aa" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\984cf492-3bed-4488-a8f9-4286c97bf5aa" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\984cf492-3bed-4488-a8f9-4286c97bf5ab" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\984cf492-3bed-4488-a8f9-4286c97bf5ab" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\9943e905-9a30-4ec1-9b99-44dd3b76f7a2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\9943e905-9a30-4ec1-9b99-44dd3b76f7a2" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\b000397d-9b0b-483d-98c9-692a6060cfbf" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\b000397d-9b0b-483d-98c9-692a6060cfbf" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\bae08b81-2d5e-4688-ad6a-13243356654b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\bae08b81-2d5e-4688-ad6a-13243356654b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\bc5038f7-23e0-4960-96da-33abaf5935ed" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\bc5038f7-23e0-4960-96da-33abaf5935ed" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\c4581c31-89ab-4597-8e2b-9c9cab440e6b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\c4581c31-89ab-4597-8e2b-9c9cab440e6b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\c7be0679-2817-4d69-9d02-519a537ed0c6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\c7be0679-2817-4d69-9d02-519a537ed0c6" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\cfeda3d0-7697-4566-a922-a9086cd49dfa" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\cfeda3d0-7697-4566-a922-a9086cd49dfa" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\d8edeb9b-95cf-4f95-a73c-b061973693c8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\d8edeb9b-95cf-4f95-a73c-b061973693c8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\d8edeb9b-95cf-4f95-a73c-b061973693c9" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\d8edeb9b-95cf-4f95-a73c-b061973693c9" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\dfd10d17-d5eb-45dd-877a-9a34ddd15c82" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\dfd10d17-d5eb-45dd-877a-9a34ddd15c82" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\e0007330-f589-42ed-a401-5ddb10e785d3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\e0007330-f589-42ed-a401-5ddb10e785d3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\ea062031-0e34-4ff1-9b6d-eb1059334028" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\ea062031-0e34-4ff1-9b6d-eb1059334028" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\ea062031-0e34-4ff1-9b6d-eb1059334029" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\ea062031-0e34-4ff1-9b6d-eb1059334029" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\f735a673-2066-4f80-a0c5-ddee0cf1bf5d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\f735a673-2066-4f80-a0c5-ddee0cf1bf5d" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\f8861c27-95e7-475c-865b-13c0cb3f9d6b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\f8861c27-95e7-475c-865b-13c0cb3f9d6b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\fddc842b-8364-4edc-94cf-c17f60de1c80" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\fddc842b-8364-4edc-94cf-c17f60de1c80" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\5FB4938D-1EE8-4b0f-9A3C-5036B0AB995C\DD848B2A-8A5D-4451-9AE2-39CD41658F6C" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\5FB4938D-1EE8-4b0f-9A3C-5036B0AB995C\DD848B2A-8A5D-4451-9AE2-39CD41658F6C" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\17aaa29b-8b43-4b94-aafe-35f64daaf1ee" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\17aaa29b-8b43-4b94-aafe-35f64daaf1ee" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\3c0bc021-c8a8-4e07-a973-6b14cbcb2b7e" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\90959d22-d6a1-49b9-af93-bce885ad335b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\90959d22-d6a1-49b9-af93-bce885ad335b" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\A9CEB8DA-CD46-44FB-A98B-02AF69DE4623" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\A9CEB8DA-CD46-44FB-A98B-02AF69DE4623" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcb" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\f1fbfde2-a960-4165-9f88-50667911ce96" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\f1fbfde2-a960-4165-9f88-50667911ce96" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\FBD9AA66-9553-4097-BA44-ED6E9D65EAB8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\FBD9AA66-9553-4097-BA44-ED6E9D65EAB8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\468FE7E5-1158-46EC-88BC-5B96C9E44FD0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\468FE7E5-1158-46EC-88BC-5B96C9E44FD0" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\49CB11A5-56E2-4AFB-9D38-3DF47872E21B" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\49CB11A5-56E2-4AFB-9D38-3DF47872E21B" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\5ADBBFBC-074E-4da1-BA38-DB8B36B2C8F3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\5ADBBFBC-074E-4da1-BA38-DB8B36B2C8F3" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\60C07FE1-0556-45CF-9903-D56E32210242" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\60C07FE1-0556-45CF-9903-D56E32210242" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\82011705-FB95-4D46-8D35-4042B1D20DEF" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\82011705-FB95-4D46-8D35-4042B1D20DEF" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\9FE527BE-1B70-48DA-930D-7BCF17B44990" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\9FE527BE-1B70-48DA-930D-7BCF17B44990" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\C763EE92-71E8-4127-84EB-F6ED043A3E3D" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\8619B916-E004-4dd8-9B66-DAE86F806698\C763EE92-71E8-4127-84EB-F6ED043A3E3D" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\13D09884-F74E-474A-A852-B6BDE8AD03A8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\13D09884-F74E-474A-A852-B6BDE8AD03A8" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\5C5BB349-AD29-4ee2-9D0B-2B25270F7A81" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\5C5BB349-AD29-4ee2-9D0B-2B25270F7A81" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\E69653CA-CF7F-4F05-AA73-CB833FA90AD4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA\E69653CA-CF7F-4F05-AA73-CB833FA90AD4" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\5dbb7c9f-38e9-40d2-9749-4f8a0e9f640f" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\5dbb7c9f-38e9-40d2-9749-4f8a0e9f640f" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\637ea02f-bbcb-4015-8e2c-a1c7b9c0b546" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\637ea02f-bbcb-4015-8e2c-a1c7b9c0b546" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\8183ba9a-e910-48da-8769-14ae6dc1170a" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\8183ba9a-e910-48da-8769-14ae6dc1170a" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\9a66d8d7-4ff7-4ef9-b5a2-5a326ca2a469" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\9a66d8d7-4ff7-4ef9-b5a2-5a326ca2a469" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\bcded951-187b-4d05-bccc-f7e51960c258" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\bcded951-187b-4d05-bccc-f7e51960c258" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\F3C5027D-CD16-4930-AA6B-90DB844A8F00" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\e73a048d-bf27-4f12-9731-8b2076e8891f\F3C5027D-CD16-4930-AA6B-90DB844A8F00" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\89cc76a4-f226-4d4b-a040-6e9a1da9b882" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\89cc76a4-f226-4d4b-a040-6e9a1da9b882" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcc" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\7516b95f-f776-4464-8c53-06167f40cc99\aded5e82-b909-4619-9949-f5d71dac0bcc" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\DE830923-A562-41AF-A086-E3A2C6BAD2DA" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0E796BDB-100D-47D6-A2D5-F7D2DAA51F51" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0E796BDB-100D-47D6-A2D5-F7D2DAA51F51" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\68AFB2D9-EE95-47A8-8F50-4115088073B1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\68AFB2D9-EE95-47A8-8F50-4115088073B1" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4faab71a-92e5-4726-b531-224559672d19" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\4faab71a-92e5-4726-b531-224559672d19" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\245d8541-3943-4422-b025-13a784f679b7" /v "Attributes" /t reg_dword /d "2" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\245d8541-3943-4422-b025-13a784f679b7" /v "Attributes" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powercfg -import "C:\Users\Admin\AppData\Roaming\BoosterX\PowerXv2.pow" 66666666-6666-6666-6666-666666666666
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.0.275322532\454075926" -parentBuildID 20230214051806 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 22133 -prefMapSize 235161 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d022f7-1fdd-4bff-8678-f4e0d0c5eb78} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1800 1e3b8c2a958 gpu
C:\Windows\system32\powercfg.exe
powercfg -import "C:\Users\Admin\AppData\Roaming\BoosterX\PowerXv2.pow" 66666666-6666-6666-6666-666666666666
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.1.1480407465\958169023" -parentBuildID 20230214051806 -prefsHandle 2288 -prefMapHandle 2276 -prefsLen 22133 -prefMapSize 235161 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {453db834-b7ab-444d-b063-df07d73f09f8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2308 1e3ac189c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.2.1333932817\25409" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3012 -prefsLen 22635 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04a9a592-8e23-4b4b-990e-26bb18303b6b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2988 1e3bc916158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.3.2076624535\796248183" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27979 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00105c70-0a9e-453b-a30f-adcdc74e4582} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3680 1e3bdf3b458 tab
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c powercfg -setactive 66666666-6666-6666-6666-666666666666
C:\Windows\system32\powercfg.exe
powercfg -setactive 66666666-6666-6666-6666-666666666666
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack" /v "Start" /t reg_dword /d "4" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.4.216040577\154625654" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 27979 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6977d3-360f-4fbf-9142-0360c6b99fc8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5056 1e3c012be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.5.1519046219\909238367" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 27979 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1348b13-99fb-432d-844b-ea043255a805} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5188 1e3c0678558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.6.1303783133\779516584" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27979 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95abd81a-6672-4362-af43-f3ffe8cf9378} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5380 1e3c0676158 tab
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagsvc" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagsvc" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushservice" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushservice" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\Device Information\Device" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\Device Information\Device" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe'" /v "Debugger" /t reg_sz /d "%windir%\System32\taskkill.exe" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'DeviceCensus.exe'" /v "Debugger" /t reg_sz /d "C:\Windows\System32\taskkill.exe" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe'" /v "Debugger" /t reg_sz /d "%windir%\System32\taskkill.exe" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\'CompatTelRunner.exe'" /v "Debugger" /t reg_sz /d "C:\Windows\System32\taskkill.exe" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\SQMClient\Windows" /v "CEIPEnable" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows\AppCompat" /v "AITEnable" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "LimitEnhancedDiagnosticDataWindowsAnalytics" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "Disabled" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform" /v "Disabled" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.7.901853408\218322305" -childID 6 -isForBrowser -prefsHandle 5468 -prefMapHandle 5172 -prefsLen 27979 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1255e107-b600-442b-ad74-6e8a832116e0} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5420 1e3c12d5858 tab
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wersvc" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wersvc" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wercplsupport" /v "Start" /t reg_dword /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wercplsupport" /v "Start" /t reg_dword /d "4" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" /v "AgentActivationOnLockScreenEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\VoiceActivation\UserPreferenceForAllApps" /v "AgentActivationOnLockScreenEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoiceAboveLock" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsActivateWithVoiceAboveLock" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableWindowsLocationProvider" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableWindowsLocationProvider" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocation" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" /v "SensorPermissionState" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AlwaysUseAutoLangDetection" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AlwaysUseAutoLangDetection" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "DisableWebSearch" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "ConnectedSearchUseWeb" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353694Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353694Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353696Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353696Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableSoftLanding" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsSpotlightFeatures" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v "DisableWindowsConsumerFeatures" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSyncOnPaidNetwork" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableSyncOnPaidNetwork" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t reg_dword /d "5" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t reg_dword /d "5" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableApplicationSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableAppSyncSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableCredentialsSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableDesktopThemeSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisablePersonalizationSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableStartLayoutSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWebBrowserSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSync" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /v "DisableWindowsSettingSyncUserOverride" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" /Disable
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Change /TN "\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" /Disable
C:\Windows\system32\schtasks.exe
schtasks /Change /TN "\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload" /Disable
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "NumberOfSIUFInPeriod" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f
C:\Windows\system32\reg.exe
reg delete "HKCU\SOFTWARE\Microsoft\Siuf\Rules" /v "PeriodInNanoSeconds" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "DoNotShowFeedbackNotifications" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "DoNotShowFeedbackNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "DoNotShowFeedbackNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization" /v "AllowInputPersonalization" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableSensors" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v "value" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v "value" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v "value" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v "value" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v "AutoConnectAllowedOEM" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v "AutoConnectAllowedOEM" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "HttpAcceptLanguageOptOut" /t reg_dword /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "HttpAcceptLanguageOptOut" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Input\TIPC" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration" /v "Status" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessLocation" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userAccountInformation" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessAccountInfo" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\activity" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessMotion" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessPhone" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTrustedDevices" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsSyncWithDevices" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsGetDiagnosticInfo" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\contacts" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessContacts" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appointments" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{D89823BA-7180-4B81-B50C-7E471E6121A3}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\phoneCallHistory" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{8BC668CF-7728-45BD-93F8-CF2B3B41D7AB}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCallHistory" /t reg_dword /d "2" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.8.669766963\1941223616" -childID 7 -isForBrowser -prefsHandle 2892 -prefMapHandle 3612 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0b114fc-7f8d-4e0e-a372-f7a51259f0a5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3912 1e3bf57a558 tab
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\email" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{9231CB4C-BF57-4AF3-8C55-FDA7BFCC04C5}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessEmail" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\userDataTasks" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessTasks" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\chat" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{992AFA70-6F47-4148-B3E9-3003349C1548}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{21157C1F-2651-4CC1-90CA-1F28B02263F6}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessCalendar" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\radios" /v "Value" /t reg_sz /d "Deny" /f
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.9.232615691\1424955528" -childID 8 -isForBrowser -prefsHandle 5256 -prefMapHandle 10192 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c56a2d98-eb06-4d95-8d04-7fca8078d00b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 10160 1e3c2292858 tab
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t reg_dword /d "2" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsAccessRadios" /t reg_dword /d "2" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\bluetoothSync" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\documentsLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\picturesLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\videosLibrary" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\broadFileSystemAccess" /v "Value" /t reg_sz /d "Deny" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB" /t REG_DWORD /d "0x16777216" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.10.972171577\1334446551" -childID 9 -isForBrowser -prefsHandle 9992 -prefMapHandle 9964 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {465e676e-2104-4c5b-945c-661088f4f9de} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9956 1e3c3067158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.11.1747872199\795404030" -childID 10 -isForBrowser -prefsHandle 9832 -prefMapHandle 9992 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82719963-b3f9-4676-a913-56d3dad0983f} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9768 1e3c32ad158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.12.979671535\740591558" -childID 11 -isForBrowser -prefsHandle 9564 -prefMapHandle 9560 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {196289f6-eb6d-4e4d-9a69-4c423563379f} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9576 1e3c32ae058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.13.904017076\1864563943" -childID 12 -isForBrowser -prefsHandle 9372 -prefMapHandle 9368 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf10395-3a81-4f03-9897-3cf39aea9de5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9384 1e3c32aef58 tab
C:\Windows\system32\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB" /t REG_DWORD /d "0x16777216" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t reg_dword /d "3" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverride" /t reg_dword /d "3" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t reg_dword /d "3" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettingsOverrideMask" /t reg_dword /d "3" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettings" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "FeatureSettings" /t reg_dword /d "1" /f
C:\Windows\SYSTEM32\cmd.exe
cmd /c del "C:\Windows\System32\IntegratedServicesRegionPolicySet.json"
C:\Windows\SYSTEM32\cmd.exe
cmd /c move "C:\Users\Admin\AppData\Roaming\BoosterX\edge.json" "C:\Windows\System32\IntegratedServicesRegionPolicySet.json"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /F /IM MicrosoftEdgeUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.14.1338976167\1789846296" -childID 13 -isForBrowser -prefsHandle 9120 -prefMapHandle 9116 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8543acc-c512-4b8b-b3d2-9783e6b6a779} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9128 1e3c0ae3c58 tab
C:\Windows\system32\taskkill.exe
taskkill /F /IM MicrosoftEdgeUpdate.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v "NoRemove" /t REG_DWORD /d 0 /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge" /v "NoRemove" /t REG_DWORD /d 0 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" /v "experiment_control_labels" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}" /v "experiment_control_labels" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdateDev" /v "AllowUninstall" /t REG_DWORD /d 1 /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.15.1327249912\1031337553" -childID 14 -isForBrowser -prefsHandle 8976 -prefMapHandle 8972 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5ffa30f-29bb-49f3-9264-8f05e945b814} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8992 1e3c12d4058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.16.1888088582\1089811270" -childID 15 -isForBrowser -prefsHandle 8772 -prefMapHandle 8776 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79c22259-ac10-4a0d-9d0c-c0f157a031f9} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8856 1e3c12d5558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.17.1969829599\417105492" -childID 16 -isForBrowser -prefsHandle 8592 -prefMapHandle 8596 -prefsLen 28058 -prefMapSize 235161 -jsInitHandle 1400 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11384e2b-e2a7-46cb-9480-8a5b024a0c64} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8580 1e3c13f2958 tab
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdateDev" /v "AllowUninstall" /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --uninstall --force-uninstall --msedge --system-level --verbose-logging
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --uninstall --force-uninstall --msedge --system-level --verbose-logging
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff76f485460,0x7ff76f485470,0x7ff76f485480
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "6380" "2088" "2012" "2084" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --uninstall --force-uninstall --msedge --system-level --verbose-logging
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1\Owners" /va /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\5966FEB1-E748-4A4E-87AC-658F8D57DEBC\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\5966FEB1-E748-4A4E-87AC-658F8D57DEBC\dismhost.exe {84D222FE-FB51-49C6-8ACF-9B18FD1083F1}
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1\Owners" /va /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\D59EC9CB-6A37-44BF-A453-A4FB0FCBBE9D\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\D59EC9CB-6A37-44BF-A453-A4FB0FCBBE9D\dismhost.exe {64401BB5-774B-4D31-A3C7-E44053730A3F}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266\Owners" /va /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266 /NoRestart
C:\Users\Admin\AppData\Local\Temp\0C0D6DA4-21A4-43D1-A066-6AC3F6DDC922\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\0C0D6DA4-21A4-43D1-A066-6AC3F6DDC922\dismhost.exe {0AFA6F57-154D-4C22-858E-D744F3B376D5}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1\Owners" /va /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1 /NoRestart
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\dismhost.exe {4B0BBBD4-B665-40BA-9E19-8EE5A9540005}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1\Owners" /va /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\CC323162-A1B0-4F29-8BEB-5151B5EC4B30\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\CC323162-A1B0-4F29-8BEB-5151B5EC4B30\dismhost.exe {2A535634-96D8-40B7-9D1C-21BBEACD36F0}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1\Owners" /va /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\FDF2FE35-7130-460C-B677-EE3F3B5F33CF\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\FDF2FE35-7130-460C-B677-EE3F3B5F33CF\dismhost.exe {36D7C421-D2A1-451E-88F9-8231B0A4FE89}
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1\Owners" /va /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1\Owners" /va /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1 /NoRestart
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1 /NoRestart
C:\Users\Admin\AppData\Local\Temp\BF301E38-B128-4A60-B7EC-648A7295DC2C\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\BF301E38-B128-4A60-B7EC-648A7295DC2C\dismhost.exe {D6F8CEA2-5FDE-4ECD-9391-B74384C55738}
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /F /FI "IMAGENAME eq SystemSettings.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /FI "IMAGENAME eq SystemSettings.exe"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "SWD\PRINTENUM\{A3791397-2601-4263-8668-AFFD8018BCD2}"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "SWD\PRINTENUM\{0F3B8CFF-B60B-4720-8D80-8882BFA3F128}"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "SWD\PRINTENUM\{B9B3E78B-CB99-4720-8FCD-81E1AE04C3C3}"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "SWD\PRINTENUM\{5100DE6F-A06A-4676-A207-6AB2454A35D8}"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "SWD\PRINTENUM\PrintQueues"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "ROOT\NdisVirtualBus\0000"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "ROOT\NdisVirtualBus"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "ROOT\UMBUS\0000"
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
"C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe" /disable-device "ROOT\umbus"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseSpeed" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseSpeed" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold1" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold1" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold2" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Mouse" /v "MouseThreshold2" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v "Enabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1\Owners" /va /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications" /v "DisableNotifications" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAnimations" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1\Owners" /va /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1 /NoRestart
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAnimations" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows\DWM" /v "AlwaysHibernateThumbnails" /t reg_dword /d "0" /f
C:\Windows\system32\Dism.exe
dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1 /NoRestart
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Microsoft\Windows\DWM" /v "AlwaysHibernateThumbnails" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v "MinAnimate" /t reg_sz /d "0" /f
C:\Users\Admin\AppData\Local\Temp\950BFBD3-FF4C-4BB4-B485-FAD3F4422F42\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\950BFBD3-FF4C-4BB4-B485-FAD3F4422F42\dismhost.exe {30D05DA2-75AF-432D-9E42-1A25DB3B7027}
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop\WindowMetrics" /v "MinAnimate" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "IconsOnly" /t reg_dword /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "IconsOnly" /t reg_dword /d "1" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewShadow" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewShadow" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewAlphaSelect" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ListviewAlphaSelect" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop" /v "DragFullWindows" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v "DragFullWindows" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\DWM" /v "EnableAeroPeek" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\DWM" /v "EnableAeroPeek" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "FontSmoothing" /t reg_sz /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v "FontSmoothing" /t reg_sz /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\Control Panel\Desktop" /v "UserPreferencesMask" /t reg_binary /d "9012038010000000" /f
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v "UserPreferencesMask" /t reg_binary /d "9012038010000000" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "ShellState" /t reg_binary /d "240000003EA8000000000000000000000000000001000000130000000000000073000000" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "ShellState" /t reg_binary /d "240000003EA8000000000000000000000000000001000000130000000000000073000000" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t reg_dword /d "2" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t reg_dword /d "2" /f
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c bcdedit /set disabledynamictick yes
C:\Windows\system32\bcdedit.exe
bcdedit /set disabledynamictick yes
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c bcdedit /set useplatformtick yes
C:\Windows\system32\bcdedit.exe
bcdedit /set useplatformtick yes
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AutoGameModeEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "GamePanelStartupTipIndex" /t reg_dword /d "3" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "GamePanelStartupTipIndex" /t reg_dword /d "3" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "ShowStartupPanel" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "ShowStartupPanel" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "UseNexusForGameBarEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage *MicrosoftEdge* | Remove-AppxPackage
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "UseNexusForGameBarEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AllowAutoGameMode" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\GameBar" /v "AllowAutoGameMode" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR" /v "AppCaptureEnabled" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t reg_dword /d "0" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t reg_dword /d "0" /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Dwm" /v "OverlayTestMode" /t reg_dword /d "5" /f
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Dwm" /v "OverlayTestMode" /t reg_dword /d "5" /f
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c "C:\Users\Admin\AppData\Roaming\BoosterX\disable.bat"
C:\Windows\system32\net.exe
net stop wuauserv
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.19041.1266" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop wuauserv
C:\Windows\system32\net.exe
net stop UsoSvc
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop UsoSvc
C:\Windows\system32\net.exe
net stop uhssvc
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.19041.1266" /v Visibility /t REG_DWORD /d 1 /f
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop uhssvc
C:\Windows\system32\net.exe
net stop WaaSMedicSvc
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.19041.1266\Owners" /va /f
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WaaSMedicSvc
C:\Windows\system32\sc.exe
sc config wuauserv start= disabled
C:\Windows\system32\sc.exe
sc config UsoSvc start= disabled
C:\Windows\system32\sc.exe
sc config uhssvc start= disabled
C:\Windows\system32\reg.exe
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.19041.1266\Owners" /va /f
C:\Windows\system32\sc.exe
sc config WaaSMedicSvc start= disabled
C:\Windows\system32\sc.exe
sc failure wuauserv reset= 0 actions= ""
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c dism /online /Remove-Package /PackageName:Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~~10.0.19041.1266 /NoRestart
C:\Windows\system32\sc.exe
sc failure UsoSvc reset= 0 actions= ""
C:\Windows\system32\sc.exe
sc failure uhssvc reset= 0 actions= ""
C:\Windows\system32\sc.exe
sc failure WaaSMedicSvc reset= 0 actions= ""
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\WaaSMedicSvc.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.boosterx.org | udp |
| US | 172.67.146.209:443 | api.boosterx.org | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:80 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 209.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reserve.boosterx.org | udp |
| DE | 139.162.165.156:80 | reserve.boosterx.org | tcp |
| DE | 139.162.165.156:80 | reserve.boosterx.org | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.165.162.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:64392 | tcp | |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 44.237.98.207:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 207.98.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collapseloader.org | udp |
| US | 188.114.96.2:80 | collapseloader.org | tcp |
| US | 8.8.8.8:53 | collapseloader.org | udp |
| US | 8.8.8.8:53 | collapseloader.org | udp |
| US | 188.114.96.2:443 | collapseloader.org | tcp |
| US | 188.114.96.2:443 | collapseloader.org | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.collapseloader.org | udp |
| US | 104.21.54.82:443 | cdn.collapseloader.org | tcp |
| US | 8.8.8.8:53 | web.collapseloader.org | udp |
| US | 104.21.54.82:443 | web.collapseloader.org | tcp |
| US | 8.8.8.8:53 | 82.54.21.104.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:64398 | tcp | |
| N/A | 127.0.0.1:64774 | tcp | |
| N/A | 127.0.0.1:64887 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | speedtest.net | udp |
| US | 151.101.2.219:80 | speedtest.net | tcp |
| US | 151.101.2.219:80 | speedtest.net | tcp |
| US | 8.8.8.8:53 | speedtest.net | udp |
| US | 8.8.8.8:53 | speedtest.net | udp |
| US | 8.8.8.8:53 | www.speedtest.net | udp |
| US | 104.18.203.232:443 | www.speedtest.net | tcp |
| US | 8.8.8.8:53 | www.speedtest.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.speedtest.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 219.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.203.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ziffstatic.com | udp |
| US | 8.8.8.8:53 | b.cdnst.net | udp |
| NL | 23.62.61.193:443 | cdn.ziffstatic.com | tcp |
| US | 8.8.8.8:53 | e96286.dsci.akamaiedge.net | udp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 8.8.8.8:53 | dualstack.zd.map.fastly.net | udp |
| US | 8.8.8.8:53 | e96286.dsci.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dualstack.zd.map.fastly.net | udp |
| NL | 23.62.61.193:443 | e96286.dsci.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| GB | 3.162.21.19:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 193.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.static.zdbb.net | udp |
| SE | 184.31.15.161:443 | cdn.static.zdbb.net | tcp |
| US | 8.8.8.8:53 | e96286.g.akamaiedge.net | udp |
| GB | 3.162.21.19:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 8.8.8.8:53 | gurgle.speedtest.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| IE | 52.209.147.189:443 | zdbb.net | tcp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 54.84.67.135:443 | gurgle.speedtest.net | tcp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | 19.21.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | livepixel-production.bln.liveintent.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | e96286.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | livepixel-production.bln.liveintent.com | udp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 3.224.54.56:443 | gurgle.zdbb.net | tcp |
| GB | 18.165.160.110:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| GB | 18.172.89.8:443 | tags.crwdcntrl.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 44.223.244.62:443 | rp.liadm.com | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 189.147.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.67.84.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.54.224.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.244.223.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 18.202.122.123:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk | udp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk | tcp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | tags.bkrtx.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 44.215.51.172:443 | jogger.zdbb.net | tcp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| GB | 45.92.46.45:8080 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | e5529.g.akamaiedge.net | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 193.3.26.19:8080 | speedtest.upp.com.prod.hosts.ooklaserver.net | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 3.162.16.219:443 | aax.amazon-adsystem.com | tcp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | e5529.g.akamaiedge.net | udp |
| GB | 188.94.45.252:8080 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com | udp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net | udp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com | udp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com | udp |
| US | 8.8.8.8:53 | 123.122.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.101.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.51.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.46.92.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.26.113.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.37.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.26.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.16.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.111.87.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.82.148.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net | udp |
| US | 8.8.8.8:53 | speedtest.upp.com | udp |
| GB | 23.59.66.82:443 | e5529.g.akamaiedge.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| FR | 142.250.178.130:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| FR | 142.250.178.130:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | e9126.x.akamaiedge.net | udp |
| IE | 34.252.112.229:443 | aa.agkn.com | tcp |
| US | 8.8.8.8:53 | e9126.x.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ActivationEdge-activation-212358690.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ActivationEdge-activation-212358690.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | 4.152.7.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.66.59.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.112.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c2shb.pubgw.yahoo.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| IE | 54.220.51.236:443 | c2shb.pubgw.yahoo.com | tcp |
| IE | 54.220.51.236:443 | c2shb.pubgw.yahoo.com | tcp |
| IE | 54.220.51.236:443 | c2shb.pubgw.yahoo.com | tcp |
| IE | 54.220.51.236:443 | c2shb.pubgw.yahoo.com | tcp |
| IE | 54.220.51.236:443 | c2shb.pubgw.yahoo.com | tcp |
| US | 8.8.8.8:53 | k8s-pbp-dtpgatew-3eb9e31923-1694008236.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | k8s-pbp-dtpgatew-3eb9e31923-1694008236.eu-west-1.elb.amazonaws.com | udp |
| IE | 54.220.51.236:443 | k8s-pbp-dtpgatew-3eb9e31923-1694008236.eu-west-1.elb.amazonaws.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | ids.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ids.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.4.69:443 | ids.ad.gt.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | secure-us.imrworldwide.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 104.22.4.69:443 | p.ad.gt | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | p.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 104.22.4.69:443 | p.ad.gt.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| US | 8.8.8.8:53 | iad-2-sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | p.ad.gt.cdn.cloudflare.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | census.eu-west-1.nielsencollections.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | census.eu-west-1.nielsencollections.com | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 236.51.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | analytics-alv.google.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw2.smartadserver.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixels.ad.gt.cdn.cloudflare.net | udp |
| FR | 142.250.201.163:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | pixels.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 69.173.156.139:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| DE | 3.125.188.154:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.125.188.154:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.125.188.154:443 | btlr-eu-central-1.sharethrough.com | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| IE | 34.251.99.216:443 | secure-us.imrworldwide.com | tcp |
| DE | 3.125.188.154:443 | btlr-eu-central-1.sharethrough.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 3.125.188.154:443 | btlr-eu-central-1.sharethrough.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| NL | 178.250.1.8:443 | bidder.nl3.vip.prod.criteo.com | tcp |
| NL | 185.89.210.244:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| IE | 54.194.31.123:443 | dpm.demdex.net | tcp |
| FR | 91.134.110.136:443 | rtb-csync-euw2.smartadserver.com | tcp |
| US | 69.166.1.67:443 | iad-2-sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.99.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.fr3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | cdn-gl.imrworldwide.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.31.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.fr3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | d2926jmvsihu4k.cloudfront.net | udp |
| US | 8.8.8.8:53 | 04853685278c46ce98d47a666989bd70.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d2926jmvsihu4k.cloudfront.net | udp |
| FR | 216.58.214.161:443 | 04853685278c46ce98d47a666989bd70.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc8.fr3.eu.criteo.com | udp |
| GB | 18.165.160.34:443 | d2926jmvsihu4k.cloudfront.net | tcp |
| FR | 216.58.214.161:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 185.235.87.63:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.232:443 | gbc8.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc8.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bee.imrworldwide.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 18.165.160.73:443 | bee.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | d289cm8jitwx96.cloudfront.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d289cm8jitwx96.cloudfront.net | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 6uvmwijq0fkkuyodqdezajkcxjm2s1716904586.nuid.imrworldwide.com | udp |
| GB | 18.165.160.70:443 | 6uvmwijq0fkkuyodqdezajkcxjm2s1716904586.nuid.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | d29sshy11yr8a1.cloudfront.net | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d29sshy11yr8a1.cloudfront.net | udp |
| US | 8.8.8.8:53 | 70.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | idx.liadm.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 3.219.3.41:443 | idx.liadm.com | tcp |
| US | 8.8.8.8:53 | idx.cph.liveintent.com | udp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 34.98.64.218:443 | ookla-d.openx.net | tcp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | idx.cph.liveintent.com | udp |
| BE | 2.21.18.175:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 34.98.64.218:443 | ookla-d.openx.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.18.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.3.219.3.in-addr.arpa | udp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net | tcp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:64923 | tcp | |
| N/A | 127.0.0.1:64927 | tcp | |
| DE | 139.162.165.156:80 | reserve.boosterx.org | tcp |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.93.73.104.in-addr.arpa | udp |
Files
memory/4172-0-0x00007FFD056E3000-0x00007FFD056E5000-memory.dmp
memory/4172-1-0x000001B1935D0000-0x000001B195708000-memory.dmp
memory/4172-2-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-3-0x000001B1B1600000-0x000001B1B2DD6000-memory.dmp
memory/4172-17-0x000001B197640000-0x000001B19765C000-memory.dmp
memory/4172-18-0x000001B197510000-0x000001B197524000-memory.dmp
memory/4172-19-0x000001B197660000-0x000001B197686000-memory.dmp
memory/4172-20-0x000001B1B5340000-0x000001B1B5348000-memory.dmp
memory/4172-21-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-22-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-23-0x000001B1B6FD0000-0x000001B1B7008000-memory.dmp
memory/4172-24-0x000001B1B5800000-0x000001B1B580E000-memory.dmp
memory/4172-28-0x000001B1BA330000-0x000001B1BA3E8000-memory.dmp
memory/4172-31-0x000001B1BA1D0000-0x000001B1BA1EA000-memory.dmp
memory/4172-30-0x000001B1BA510000-0x000001B1BAA82000-memory.dmp
memory/4172-29-0x000001B1BA400000-0x000001B1BA510000-memory.dmp
memory/4172-34-0x000001B1BB240000-0x000001B1BB25A000-memory.dmp
memory/4172-33-0x000001B1BB230000-0x000001B1BB238000-memory.dmp
memory/4172-32-0x000001B1BB220000-0x000001B1BB22E000-memory.dmp
memory/4172-27-0x000001B1BA2D0000-0x000001B1BA328000-memory.dmp
memory/4172-26-0x000001B1BA170000-0x000001B1BA178000-memory.dmp
memory/4172-25-0x000001B1BA120000-0x000001B1BA126000-memory.dmp
memory/4172-38-0x000001B1BA1B0000-0x000001B1BA1BA000-memory.dmp
memory/4172-37-0x000001B1BA210000-0x000001B1BA218000-memory.dmp
memory/4172-36-0x000001B1BB7C0000-0x000001B1BB872000-memory.dmp
memory/4172-35-0x000001B1BB5F0000-0x000001B1BB638000-memory.dmp
memory/4172-39-0x000001B1BA1C0000-0x000001B1BA1C8000-memory.dmp
memory/4172-40-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-41-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-44-0x000001B1BB190000-0x000001B1BB1B2000-memory.dmp
memory/4172-43-0x000001B1BB070000-0x000001B1BB07E000-memory.dmp
memory/4172-42-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-45-0x000001B1BB3A0000-0x000001B1BB3B8000-memory.dmp
memory/4172-46-0x000001B1BB540000-0x000001B1BB548000-memory.dmp
memory/4172-48-0x000001B1BB3D0000-0x000001B1BB3F0000-memory.dmp
memory/4172-50-0x000001B1BB400000-0x000001B1BB408000-memory.dmp
memory/4172-49-0x000001B1BB3F0000-0x000001B1BB3FE000-memory.dmp
memory/4172-47-0x000001B1BB3C0000-0x000001B1BB3C6000-memory.dmp
memory/4172-51-0x000001B1BB430000-0x000001B1BB458000-memory.dmp
memory/4172-52-0x000001B1BB460000-0x000001B1BB4B8000-memory.dmp
memory/4172-55-0x000001B1BB4D0000-0x000001B1BB4EE000-memory.dmp
memory/4172-54-0x000001B1BB4C0000-0x000001B1BB4C8000-memory.dmp
memory/4172-53-0x000001B1BB420000-0x000001B1BB430000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lr0x51zn.sx0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4172-65-0x000001B1BB520000-0x000001B1BB52A000-memory.dmp
memory/4172-66-0x000001B1BB670000-0x000001B1BB696000-memory.dmp
memory/4172-67-0x000001B1BB700000-0x000001B1BB716000-memory.dmp
memory/4172-70-0x000001B1BC9B0000-0x000001B1BCA06000-memory.dmp
memory/4172-72-0x000001B1BB790000-0x000001B1BB79C000-memory.dmp
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\pnputil.exe
| MD5 | 3797239a93a815022c89c9a158fbeab9 |
| SHA1 | c2364a1a57e0022aa29c9be87a26d16aa9b64671 |
| SHA256 | 4e1be0a106c0cf0cb3d6e8e4ecd2023b5d64b583b9e8619fe4fd8ca279f27c86 |
| SHA512 | a353483e82ee7c18dbe8a5dc073433bcbdef0f0c589cebdd594c4a5ee8d61adc055e37b6f90ec9bf230dddcfc2b714c58c1c36ea977f83dfa107f63d35d9c4a0 |
C:\Users\Admin\AppData\Roaming\BoosterX\pnp\en-US\pnputil.exe.mui
| MD5 | 0a4d5c41bf8c01fa2a98c4185b0b592d |
| SHA1 | 858e8e37fa2f0f121141b23323fd3e7c55f42de9 |
| SHA256 | 7f3bc636238c04c39c0a84f85b26921b014b8b7def301f9e94382c5040d2b60e |
| SHA512 | 621637f21da85029b8fcd336bfa02d83de7f15b245eff594f0ec2e31f72ff9810daaa3968f1bd846a560b2eba2501af01cded6f40578fb0d7f8d9b525c59ce9d |
memory/4172-77-0x000001B1BB7A0000-0x000001B1BB7A6000-memory.dmp
memory/4172-78-0x000001B1BB7B0000-0x000001B1BB7B8000-memory.dmp
memory/4172-80-0x000001B1BCA20000-0x000001B1BCA3E000-memory.dmp
memory/4172-79-0x000001B1BCA10000-0x000001B1BCA20000-memory.dmp
memory/4172-81-0x00007FFD056E3000-0x00007FFD056E5000-memory.dmp
memory/4172-82-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-83-0x000001B1BCAE0000-0x000001B1BCAFE000-memory.dmp
memory/4172-84-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-85-0x000001B1BB560000-0x000001B1BB568000-memory.dmp
memory/4172-87-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-88-0x000001B1BB5A0000-0x000001B1BB5A6000-memory.dmp
memory/4172-91-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-92-0x00007FFD056E0000-0x00007FFD061A1000-memory.dmp
memory/4172-93-0x000001B1BD300000-0x000001B1BD30C000-memory.dmp
memory/4172-95-0x000001B1BD2D0000-0x000001B1BD2E4000-memory.dmp
memory/4172-94-0x000001B1BD2C0000-0x000001B1BD2D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\DismHost.exe
| MD5 | e5d5e9c1f65b8ec7aa5b7f1b1acdd731 |
| SHA1 | dbb14dcda6502ab1d23a7c77d405dafbcbeb439e |
| SHA256 | e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80 |
| SHA512 | 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\DismCorePS.dll
| MD5 | a033f16836d6f8acbe3b27b614b51453 |
| SHA1 | 716297072897aea3ec985640793d2cdcbf996cf9 |
| SHA256 | e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e |
| SHA512 | ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\dismprov.dll
| MD5 | 490be3119ea17fa29329e77b7e416e80 |
| SHA1 | c71191c3415c98b7d9c9bbcf1005ce6a813221da |
| SHA256 | ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a |
| SHA512 | 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\OSProvider.dll
| MD5 | db4c3a07a1d3a45af53a4cf44ed550ad |
| SHA1 | 5dea737faadf0422c94f8f50e9588033d53d13b3 |
| SHA256 | 2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758 |
| SHA512 | 5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\LogProvider.dll
| MD5 | 815a4e7a7342224a239232f2c788d7c0 |
| SHA1 | 430b7526d864cfbd727b75738197230d148de21a |
| SHA256 | a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2 |
| SHA512 | 0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 8422f36ed6bdb7e7e9c438328091c129 |
| SHA1 | ed562990ec3e3fd6133d7f59952ffebf2029bd2e |
| SHA256 | 0df364480f6b7e36fb7aefbaeb31f7e6ea6bf6e45a319b158a75e931de5ee06a |
| SHA512 | 4a09c7433179f3b0f8c82c521de54feb0fa3270639c1e0f8b181e4c6982bed94bdeea8e6db7f9b58462bbea6ab54cf789a7026cc3654689a0887a870c438eba3 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\CbsProvider.dll
| MD5 | 6ad0376a375e747e66f29fb7877da7d0 |
| SHA1 | a0de5966453ff2c899f00f165bbff50214b5ea39 |
| SHA256 | 4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f |
| SHA512 | 8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\AppxProvider.dll.mui
| MD5 | bd0dd9c5a602cb0ad7eabc16b3c1abfc |
| SHA1 | cede6e6a55d972c22da4bc9e0389759690e6b37f |
| SHA256 | 8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3 |
| SHA512 | 86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\AppxProvider.dll
| MD5 | a7927846f2bd5e6ab6159fbe762990b1 |
| SHA1 | 8e3b40c0783cc88765bbc02ccc781960e4592f3f |
| SHA256 | 913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f |
| SHA512 | 1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\AssocProvider.dll
| MD5 | 94dc379aa020d365ea5a32c4fab7f6a3 |
| SHA1 | 7270573fd7df3f3c996a772f85915e5982ad30a1 |
| SHA256 | dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907 |
| SHA512 | 998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\DismCore.dll
| MD5 | b1f793773dc727b4af1648d6d61f5602 |
| SHA1 | be7ed4e121c39989f2fb343558171ef8b5f7af68 |
| SHA256 | af7f342adf5b533ea6978b68064f39bfb1e4ad3b572ae1b7f2287f5533334d4e |
| SHA512 | 66a92bff5869a56a7931d7ed9881d79c22ba741c55fb42c11364f037e1ec99902db2679b67a7e60cbf760740d5b47dcf1a6dcfae5ad6711a0bd7f086cc054eed |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\FolderProvider.dll
| MD5 | 4f3250ecb7a170a5eb18295aa768702d |
| SHA1 | 70eb14976ddab023f85bc778621ade1d4b5f4d9d |
| SHA256 | a235317ab7ed89e6530844a78b933d50f6f48ea5df481de158eb99dd8c4ba461 |
| SHA512 | e9ce6cced5029d931d82e78e7e609a892bfe239096b55062b78e8ff38cce34ce6dd4e91efb41c4cd6ecf6017d098e4c9b13d6cb4408d761051468ee7f74bc569 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\IntlProvider.dll
| MD5 | 510e132215cef8d09be40402f355879b |
| SHA1 | cae8659f2d3fd54eb321a8f690267ba93d56c6f1 |
| SHA256 | 1bb39f3389aa4258a923fa265afa2279688e6cdb14ff771f1621a56b03ddcf52 |
| SHA512 | 2f7b2ec0e94738838f755759cd35e20ab2138b8eca023ee6ef630ab83a3de1bc0792f12ea0d722abe9a6953626cbddf8ba55ea32fc794d2df677a0625e498ab0 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\IntlProvider.dll.mui
| MD5 | 2eb303db5753eb7a6bb3ab773eeabdcb |
| SHA1 | 44c6c38e6ae5f9ce9d7ca9d45a3cc3020b1353e4 |
| SHA256 | aa43b64db4fdcd89e56ba5309f3ba2ffac2663ba30514e87c160687f4314221f |
| SHA512 | df1c8cefed4b5ef5a47f9bc0c42776611b3af709938a0900db79c6c9f4fae21acbbb6c4b1cad3c5a2051b622fe7e6e01486d34622742a981623fed933f1b1427 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\OfflineSetupProvider.dll
| MD5 | 9cd7292cca75d278387d2bdfb940003c |
| SHA1 | bab579889ed3ac9cb0f124842c3e495cb2ec92ac |
| SHA256 | b38d322af8e614cc54299effd2164247c75bd7e68e0eb1a428376fcedaca9a6f |
| SHA512 | ebf96839e47bef9e240836b1d02065c703547a2424e05074467fe70f83c1ebf3db6cb71bf0d38848ec25e2e81b4cbb506ced7973b85e2ab2d8e4273de720779d |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\SmiProvider.dll
| MD5 | ad7bbb62335f6dc36214d8c9fe1aaca0 |
| SHA1 | f03cb2db64c361d47a1c21f6d714e090d695b776 |
| SHA256 | ac1e7407317859981d253fd9d977e246a4d0da24572c45efe0ade1745376bffb |
| SHA512 | 4ad7132f0ad5a7228ec116c28d23ee9acfdbf4adf535b0b9995f2e7eec8776e652a0a18539c02b6f4b3e0c8fa2f75d5181577dec16993fa55cb971d7e82faac5 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\SysprepProvider.dll
| MD5 | 8bd67d87dbdcf881fb9c1f4f6bf83f46 |
| SHA1 | 10bd2e541b6a125c29f05958f496edf31ff9abb1 |
| SHA256 | f9b4d0afe87f434e8319556961b292ddc7d3a8c6fc06b8a08a50b5a96e28a204 |
| SHA512 | 258a4075a3149669ccd6ff602f71a721b195c9d15dea22d994d4d3e35cdf27beb0b8b8f5da8f52914f769642f89edbb1d9d857087778be713a874571a2ec6f89 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\WimProvider.dll.mui
| MD5 | da1c1b3e004b71b15638d091c0c82c56 |
| SHA1 | a1195ca1caa80e9f463c443737d97b4b966fae0f |
| SHA256 | a9eebcb85a0271061ac620ff9d2a6d22332721c782aeb06ab1ccf1149bff2aa4 |
| SHA512 | df373693e971a85397850107f233914a09478cbeee9b1e1903154f8693842b66fdb2ea0de4403aea7cdeca0c70d0723733c8a2938e90e07987d5eace6b481ef5 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\WimProvider.dll
| MD5 | 229df404d67e69e57f9e284a66f2adeb |
| SHA1 | 7f4f703dbe8c274f5104d4d104dafcadf0c3857b |
| SHA256 | 8b7821a1fb9170c6aa1ec25eea378f43661812eba25064bb95999156b472c377 |
| SHA512 | 917912cdfcf1d46f691cadc6e7aaae1a302a66721beec0e9b22e394592b290605caf410221045f2ce89896e5d9602ee4946202f2de9390e92c8aaa5a609b3a54 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\VhdProvider.dll.mui
| MD5 | 0656529f4d1b3ff2d4deffbaf18ce95b |
| SHA1 | ffcf4f53bf767bcd4f6044082b82c4f25598b5c6 |
| SHA256 | 2ba085379434b3f9fcb0c70c2bd02a7f4f0170e6160578a583eb42c8d333fab7 |
| SHA512 | f17b6c4087498af8951ea0f80f65923713e410458669f3e19624ab6e225222d1f2bb1e6779e5aae328aca88acec940dcf9c9447b83dd27dc6616625f005dec1c |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\VhdProvider.dll
| MD5 | c6488a9b3569230669c72f3239cbc108 |
| SHA1 | 87b9b2ab5de52f246c1936480463bd402ad519b9 |
| SHA256 | 4ed23b46188dae12523f96a2755434c0574cd27584f9921133b0b4c1017b8a36 |
| SHA512 | 47ae886893032306e9b69b2d1c736ce23061b5be7552d2ed1d680b91e45fe0225b5acb12b83f6d572ef0b270dbaa47af3320516f4bfadb0a2889a9ffed45a66f |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\UnattendProvider.dll.mui
| MD5 | 8acee3337dfd444254bb8abdd3c29ada |
| SHA1 | 25d98d3426f32fa199c026b6eb829b469609b2e3 |
| SHA256 | 11f7957b8cc57dd7176f62b0612e658d6588b7caa8be4db3a337953b02b98c24 |
| SHA512 | 2849978060fa6e1fcfa37c870ae59ef22a67c0f8653468e07803422497fcc7275409ed0c36fe2d8e88026c13c82705abed771b4492761eead24cb5c32bdf2ea7 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\UnattendProvider.dll
| MD5 | f7bd21c4170b1397eb098fa18ef45d4b |
| SHA1 | 05d36abc4853eda468eab68d289337962c76195f |
| SHA256 | 05da5af89fafe492adf5255a7dbf16468be6d130ee8a9d713ab2182c72346db0 |
| SHA512 | 8a804bfe27f25b9d7c87cfb6951e1f1254e984ff9eada0b1547c30352397438d2c9e2f1c3b42c2db43f693b08224e0c7b7a17cd0b21ced893e12c330b91355ff |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\TransmogProvider.dll.mui
| MD5 | 2138fda89b1a5a18b32aed1d8762cde5 |
| SHA1 | a476f7dc86e62c7dc0edf27bb778174348cac566 |
| SHA256 | a75288f9e83cccf2a6a644ff78e6c26dadd5772a2626f80120b81975664e7dab |
| SHA512 | d7cbf569b5d57730c81fc121e92e1042a37e07922c02f36efac3769622f40234c70dafe9ed88a659d90c3855b5240f67f99b55ddecc46eea0e28e5b80ecc820b |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\TransmogProvider.dll
| MD5 | 84ae9659e8d28c2bd19d45dbe32b6736 |
| SHA1 | 2a47058eafab4135a55575a359fbd22390788e93 |
| SHA256 | 943ea79ccbbb9790723f411720777af386acc03efab709ac2cbfeb7bd040a3e4 |
| SHA512 | d108a4a8699cd98576a5de9ce2f925697ece546fb441a76db6a922564ea70c54449cb1e8ac049a203979331c2c0ee7790d090ae5bb72d8d5e02786ef1cca530d |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\SysprepProvider.dll.mui
| MD5 | 93d076056dd01dfc64d95d4c552a2dff |
| SHA1 | a90fd06a62c6d63d87e00f5f7e9646b44d2c726a |
| SHA256 | 4389362a9dc662aa3c7a1d830498472bc586e00f0d269a8541975a34b03a1aa4 |
| SHA512 | b089574d4be0ccae205219c9e256de34c039081a547f05acfe4165d036b175de5d9676160effc3c19d87bbb41d0f415da598e507ed8f7b302cdbfdfb81f694ee |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\SmiProvider.dll.mui
| MD5 | f32e38247d0b21476bbfb49989478f7e |
| SHA1 | b950fd72ea2a6a94ee049454df562aed79ca1e35 |
| SHA256 | a1a302e940f6d6718700737b787af7a2053ef68b5ea2ec61497e7ae2444c5835 |
| SHA512 | f483807d790a4bc3e68d6d1f986bd4a57b4a67c91fb3dbef88220a4b510f11d1190cdd98a857eb1937e921e668dff2bcb5e4a7df640b1f3639ce6d2239ff8106 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\SetupPlatformProvider.dll.mui
| MD5 | 73e78fbbf6e6679fa643441c66628d37 |
| SHA1 | 57b70e6226c0cf3f8bc9a939f8b1ec411dedeff5 |
| SHA256 | 5d4dfc9bde18be1ec0b3834a65de6abab581e04c8c4f66ee14a62fb4b1b4cd06 |
| SHA512 | a045a6cdf9ca989b3ed9a50cda208affa17372f65b1d86e1bf4c10b5d5e3fee58c5d4b8ec0749a54e2e2156ed0e9776b59a8d3b78f062349873cb574ab3f77fa |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\SetupPlatformProvider.dll
| MD5 | 1ae66f4524911b2728201fff6776903c |
| SHA1 | 68bea62eb0f616af0729dbcbb80dc27de5816a83 |
| SHA256 | 367e73f97318b6663018a83a11019147e67b62ab83988730ebbda93984664dd3 |
| SHA512 | 7abf07d1338e08dc8b65b4f987eaff96d99aa46c892b5d2d79684ca7cf5f139d2634d9b990e5f6730f7f8a647e4fbb3d5905f9f2a5680250852671599f15ee69 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\ProvProvider.dll.mui
| MD5 | b8a8c6c4cd89eeda1e299c212dc9c198 |
| SHA1 | f88c8a563b20864e0fc6f3d63fadda507aa2e96e |
| SHA256 | 50ad19e21b6425d12aa57cd4656748877db1f147189ec44abb19ba90be8505ea |
| SHA512 | 4a6f0dac5b3b18e4942ce5f51b566ce3ba465baa43457384ee785d1c0e7c33f9b9396a143aac0398a34e4e2f7d704ba06d3cc68761fd3cb6f53f4043a906e475 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\ProvProvider.dll
| MD5 | 70c34975e700a9d7e120aaecf9d8f14b |
| SHA1 | e24d47f025c0ec0f60ec187bfc664e9347dc2c9c |
| SHA256 | a3e652c0bbe2082f2e0290da73485fb2c6e35c33ac60daa51a65f8c782dbd7a7 |
| SHA512 | 7f6a24345f5724d710e0b6c23b3b251e96d656fac58ea67b2b84d7d9a38d7723eae2c278e6e218e7f69f79d1cce240d91a8b0fd0d99960cacc65d82eb614a260 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\OSProvider.dll.mui
| MD5 | 0633e0fccd477d9b22de4dd5a84abe53 |
| SHA1 | e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9 |
| SHA256 | b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706 |
| SHA512 | e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\OfflineSetupProvider.dll.mui
| MD5 | 015271d46ab128a854a4e9d214ab8a43 |
| SHA1 | 2569deff96fb5ad6db924cee2e08a998ddc80b2a |
| SHA256 | 692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec |
| SHA512 | 6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\MsiProvider.dll.mui
| MD5 | c5e60ee2d8534f57fddb81ffce297763 |
| SHA1 | 78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2 |
| SHA256 | 1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145 |
| SHA512 | ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\MsiProvider.dll
| MD5 | 9a760ddc9fdca758501faf7e6d9ec368 |
| SHA1 | 5d395ad119ceb41b776690f9085f508eaaddb263 |
| SHA256 | 7ff3939e1ef015da8c9577af4edfdd46f0029a2cfe4e3dac574d3175516e095f |
| SHA512 | 59d095246b62a7777e7d2d50c2474f4b633a1ae96056e4a4cb5265ccf7432fed0ea5df9b350f44d70b55a726241da10f228d8b5cbee9b0890c0b9dc9e810b139 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\LogProvider.dll.mui
| MD5 | 8933c8d708e5acf5a458824b19fd97da |
| SHA1 | de55756ddbeebc5ad9d3ce950acba5d2fb312331 |
| SHA256 | 6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6 |
| SHA512 | ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\ImagingProvider.dll.mui
| MD5 | f2e2ba029f26341158420f3c4db9a68f |
| SHA1 | 1dee9d3dddb41460995ad8913ad701546be1e59d |
| SHA256 | 32d8c8fb9a746be209db5c3bdad14f361cf2bef8144c32e5af419c28efd35da3 |
| SHA512 | 3d45d7bcf21d5df56b516fc18f7dc1bf80e44258b0c810b199a7bc06047a547060956c9d79575b82d9b6992fb5fe64f5b0ef1e408363887ae81a64b6ff9fa03e |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\ImagingProvider.dll
| MD5 | 35e989a1df828378baa340f4e0b2dfcb |
| SHA1 | 59ecc73a0b3f55e43dace3b05ff339f24ec2c406 |
| SHA256 | 874137ee906f91285b9a018735683a0dd21bdeaf2e340cbc54296551ccf8be2d |
| SHA512 | c8d69e37c918881786a8fdab2a2c5d1632411b1f75082aeb3eb24a8ba5f93dcb39b3f4000e651f95452263525d98fd1d3cb834de93bed16fa6f92ef271c3a92a |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\IBSProvider.dll.mui
| MD5 | d4b67a347900e29392613b5d86fe4ac2 |
| SHA1 | fb84756d11bfd638c4b49268b96d0007b26ba2fb |
| SHA256 | 4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5 |
| SHA512 | af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\IBSProvider.dll
| MD5 | 120f0a2022f423fc9aadb630250f52c4 |
| SHA1 | 826df2b752c4f1bba60a77e2b2cf908dd01d3cf7 |
| SHA256 | 5425382aaa32ffc133adb6458ff516db0e2ad60fac52dd595d53c370f4ba6fa0 |
| SHA512 | 23e50735c06cef93d11873fc8e5e29fc63dcf3f01dc56822a17c11ca57bbfb10d46fac6351f84ba30050a16d6bd0744a08a4042a9743a6df87ac8a12e81e2764 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\GenericProvider.dll.mui
| MD5 | d6b02daf9583f640269b4d8b8496a5dd |
| SHA1 | e3bc2acd8e6a73b6530bc201902ab714e34b3182 |
| SHA256 | 9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0 |
| SHA512 | 189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\GenericProvider.dll
| MD5 | ef7e2760c0a24453fc78359aea3d7869 |
| SHA1 | 0ea67f1fd29df2615da43e023e86046e8e46e2e1 |
| SHA256 | d39f38402a9309ddd1cba67be470ede348f2bc1bab2f8d565e8f15510761087a |
| SHA512 | be785ba6b564cc4e755b4044ae27f916c009b7d942fcd092aed2ae630b1704e8a2f8b4692648eed481a5eb5355fd2e1ef7f94f6fb519b7e1ff6fc3c5f1aaa06f |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\FolderProvider.dll.mui
| MD5 | 22b4a3a1ec3b6d7aa3bc61d0812dc85f |
| SHA1 | 97ae3504a29eb555632d124022d8406fc5b6f662 |
| SHA256 | c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105 |
| SHA512 | 9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\FfuProvider.dll.mui
| MD5 | dc826a9cb121e2142b670d0b10022e22 |
| SHA1 | b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9 |
| SHA256 | ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a |
| SHA512 | 038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\FfuProvider.dll
| MD5 | df785c5e4aacaee3bd16642d91492815 |
| SHA1 | 286330d2ab07512e1f636b90613afcd6529ada1e |
| SHA256 | 56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271 |
| SHA512 | 3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\DmiProvider.dll.mui
| MD5 | b7252234aa43b7295bb62336adc1b85c |
| SHA1 | b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f |
| SHA256 | 73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c |
| SHA512 | 88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\DmiProvider.dll
| MD5 | ea8488990b95ce4ef6b4e210e0d963b2 |
| SHA1 | cd8bf723aa9690b8ca9a0215321e8148626a27d1 |
| SHA256 | 04f851b9d5e58ed002ad768bdcc475f22905fb1dab8341e9b3128df6eaa25b98 |
| SHA512 | 56562131cbe5f0ea5a2508f5bfed88f21413526f1539fe4864ece5b0e03a18513f3db33c07e7abd7b8aaffc34a7587952b96bb9990d9f4efa886f613d95a5b1b |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\dismprov.dll.mui
| MD5 | 7d06108999cc83eb3a23eadcebb547a5 |
| SHA1 | 200866d87a490d17f6f8b17b26225afeb6d39446 |
| SHA256 | cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311 |
| SHA512 | 9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002 |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\DismCore.dll.mui
| MD5 | 7a15f6e845f0679de593c5896fe171f9 |
| SHA1 | 0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4 |
| SHA256 | f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419 |
| SHA512 | 5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\CbsProvider.dll.mui
| MD5 | 6c51a3187d2464c48cc8550b141e25c5 |
| SHA1 | a42e5ae0a3090b5ab4376058e506b111405d5508 |
| SHA256 | d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199 |
| SHA512 | 87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba |
C:\Users\Admin\AppData\Local\Temp\8C66C657-DDB4-47A7-90C8-E3E5D512F86C\en-US\AssocProvider.dll.mui
| MD5 | 8833761572f0964bdc1bea6e1667f458 |
| SHA1 | 166260a12c3399a9aa298932862569756b4ecc45 |
| SHA256 | b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5 |
| SHA512 | 2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8 |
memory/4172-315-0x000001B1BCC30000-0x000001B1BCC38000-memory.dmp
memory/4172-314-0x000001B1B8920000-0x000001B1B8926000-memory.dmp
memory/4172-316-0x000001B1BCCD0000-0x000001B1BCD0A000-memory.dmp
memory/4172-317-0x000001B1BCC80000-0x000001B1BCC92000-memory.dmp
memory/4172-319-0x000001B1BCC60000-0x000001B1BCC66000-memory.dmp
C:\Users\Admin\AppData\Roaming\BoosterX\disable.bat
| MD5 | 154e55c61c746ae435cdf64a2e60861d |
| SHA1 | 811d294fdb4ee01821333e6faf5a59a2f0f1b571 |
| SHA256 | 0a1531ec51cb6145c347f606fefbdba2a5ab5c8b2a158a1917c6615c0adc9330 |
| SHA512 | 1e32b1d428f098cbcb0fc2d02414f07335162840c0595b63b74d6b563263ceed7a38fa9f031aa91930057b25b1b0de2de68ec152c68b4a61c0da119f5c9a1183 |
memory/4888-322-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-324-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-323-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-334-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-333-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-332-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-331-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-330-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-329-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
memory/4888-328-0x000001BA5B1D0000-0x000001BA5B1D1000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 81252638a33b64909a1ad108216b63f2 |
| SHA1 | c48d6bbfa99567264b116df1dad9df51e1161692 |
| SHA256 | 7047b26826d6f2a9478a614f7ef54e523e6addee9d046cdbc786d392e05b0115 |
| SHA512 | 8745127812b041aefd25ffbf755112ecab6358bf1f8437edbe05f742ecedc7ee3b10ff5be84196b43f1a593400beb7d3be6487a461718ffed525d982e9b0b138 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
| MD5 | 23f581feb3085698d56e6656ff31a8dd |
| SHA1 | dc15db9de5dd7f465bb920a3ac767a39482715e6 |
| SHA256 | fa2c9596a0e8475095933a81605f0294211b53b73c65fe8e5a6ecb33ee3495ff |
| SHA512 | 3b4a208cb12bc996d4c9279f893378b8db30ac7f309a27ecc971fade36c60dcc184dc3e4e0888ec325eac422bf66d27c401d465e9b51bdcedcb00414ca121f95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | b8de73f7caf96f33aa047c6f893fce95 |
| SHA1 | 256b08c3246a72afd91a03e3b86f44e087588d21 |
| SHA256 | b25a56a81edc090e9bdf0c49212630b156ae52d0ed722b681699e1e35e730a42 |
| SHA512 | dcc1c1d6fae3067ac9b14e7786391b0d329d6403d0e5b95ee31505a171e1800bd6e85b369f4f7e50ab04177118b3449bc1cb2be0e450af65af5e70434dd0dbea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b65ebf5d222c7aa176eb93ea99d17b6f |
| SHA1 | cf90da8fa6a8457f6fa94f60d22c766dac4e77f6 |
| SHA256 | 8b978e73ccdc4ca9cbe4a5f03bbacc1eebd4b3f42b7c16025e9265230c3b5d54 |
| SHA512 | c57995d50c9a6ff8e0d6ece7f6cb8a8e2f7c8a463aeaeb3d28dfb084fbf71fc11aa2d45f68aa98c80a20adfd97245eef58201985f307692c977134fbf470aa2f |
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.F62QpD_j.exe.part
| MD5 | 059bc7b8b4e1e9314b0116556b8f3cc4 |
| SHA1 | 3cb26c15b6f99fce02ada7368b32c0dd90f5f296 |
| SHA256 | 941ff9660d5a7873a1b4a481aa902a17c56f8b4a22cebd5b27c3f77dc9f9428f |
| SHA512 | 7e9553ec1048a5afa91f9c7eb2e202e76361cf54cf22b74d048bf398f4abed111de95c9feba8a775c9d10369e706e868d9e4b15ba93e6eb2e30ece58fcb13f44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | 749949dfc6e59d48fc5e8ffb8ea7911c |
| SHA1 | 30a4c592e7a8a43155fd12a0fb64fd784cf16816 |
| SHA256 | 41c18af9133c27bc6f5ef171a4a81f596e4c09117943055dc8963e80fb6edcd8 |
| SHA512 | 7977bd1121aac137bbf675529493a149c0ef8367806a97ffb9bc1b84b7bc2ae7e31f834fb7db64f52755e7987b4f269d89acec4df42d3042a073fc8c199b7156 |
C:\Users\Admin\Downloads\CollapseLoader_506f893_fixed.exe
| MD5 | 43d32e9310514bbffca90ea3a1d3177f |
| SHA1 | 6e2a51988733a8a1e778496f902c7bcf70fe6213 |
| SHA256 | 39f8d0fa20d3c52343fee72a0613f28fba334b3bc2e3e47f96eb839c8ed9d256 |
| SHA512 | 9be7549b5038e812a7e4205129786e7f93628187d9052d0190a6ed7bf83f1cddcb61f2eab7c54c5ef5f6be2e0a07bd6ba130fa188700946732714ab5a828d83c |
memory/5940-581-0x00007FFCF4370000-0x00007FFCF4A49000-memory.dmp
memory/5940-582-0x00007FFCFDAC0000-0x00007FFCFDAE5000-memory.dmp
memory/5940-583-0x00007FFD154A0000-0x00007FFD154AF000-memory.dmp
memory/5940-645-0x00007FFCFDA90000-0x00007FFCFDABD000-memory.dmp
memory/5940-644-0x00007FFD0C9E0000-0x00007FFD0C9F9000-memory.dmp
memory/5940-615-0x00007FFD14DE0000-0x00007FFD14DED000-memory.dmp
memory/5940-614-0x00007FFD13B30000-0x00007FFD13B49000-memory.dmp
memory/5324-651-0x00007FFCF3C90000-0x00007FFCF4369000-memory.dmp
memory/5324-654-0x00007FFD14650000-0x00007FFD1465F000-memory.dmp
memory/5324-653-0x00007FFCFDA60000-0x00007FFCFDA85000-memory.dmp
memory/5940-652-0x00007FFD146A0000-0x00007FFD146AD000-memory.dmp
memory/5324-656-0x00007FFD11860000-0x00007FFD1186D000-memory.dmp
memory/5324-655-0x00007FFD06600000-0x00007FFD06619000-memory.dmp
memory/5324-660-0x00007FFCFD890000-0x00007FFCFD8BD000-memory.dmp
memory/5324-661-0x00007FFD0EB00000-0x00007FFD0EB0D000-memory.dmp
memory/5940-659-0x00007FFCFDAC0000-0x00007FFCFDAE5000-memory.dmp
memory/5940-658-0x00007FFCF4370000-0x00007FFCF4A49000-memory.dmp
memory/5324-657-0x00007FFCFDA40000-0x00007FFCFDA59000-memory.dmp
memory/5940-662-0x00007FFCFD840000-0x00007FFCFD883000-memory.dmp
memory/5324-678-0x00007FFD11860000-0x00007FFD1186D000-memory.dmp
memory/5324-677-0x00007FFD06600000-0x00007FFD06619000-memory.dmp
memory/5324-676-0x00007FFD14650000-0x00007FFD1465F000-memory.dmp
memory/5324-675-0x00007FFCFDA60000-0x00007FFCFDA85000-memory.dmp
memory/5324-667-0x00007FFCF3C90000-0x00007FFCF4369000-memory.dmp
memory/5940-666-0x00007FFCF3690000-0x00007FFCF3BB9000-memory.dmp
memory/5940-665-0x00007FFCF3BC0000-0x00007FFCF3C8D000-memory.dmp
memory/5940-664-0x00007FFCFD6D0000-0x00007FFCFD703000-memory.dmp
memory/5324-663-0x00007FFCF3C90000-0x00007FFCF4369000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore.jsonlz4
| MD5 | 5fa5d828946196be6671c4a2625ba648 |
| SHA1 | bc280d17c0ba624e13bcb74975f69f44a4826b1f |
| SHA256 | 2f02116a12d2d48e5b73c2a857c5a2a37d4b664677cce90b7aa0e0d96b46d0d4 |
| SHA512 | adcbe545f35c251bf35471c3ebdc6fc9c8620f50caa7d2949e29743347a57abfdb2f358fc7ace65af735a105da54ce296f90b1d6612e488db21087c2d90000a0 |
memory/5940-818-0x00007FFCF6270000-0x00007FFCF638B000-memory.dmp
memory/5940-820-0x00007FFCFD8A0000-0x00007FFCFD8B2000-memory.dmp
memory/5940-819-0x00007FFCFDA40000-0x00007FFCFDA56000-memory.dmp
memory/5940-813-0x00007FFCF3690000-0x00007FFCF3BB9000-memory.dmp
memory/5940-812-0x00007FFCF3BC0000-0x00007FFCF3C8D000-memory.dmp
memory/5940-817-0x00007FFCFDA60000-0x00007FFCFDA87000-memory.dmp
memory/5940-816-0x00007FFD11860000-0x00007FFD1186B000-memory.dmp
memory/5940-815-0x00007FFD14650000-0x00007FFD1465D000-memory.dmp
memory/5940-814-0x00007FFD06600000-0x00007FFD06614000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | 9da43a214421869cfc06517a9c73881c |
| SHA1 | 3af94af008af135e938ed413a38c1679f7264a1c |
| SHA256 | 899633eb359ac2caa45fa43f490db79a3603cdc1595aa912f0b33ba30d6deaf8 |
| SHA512 | f95ce66f25e8647a48ba60f0f28cd335f452222d1b4f486410ceaedd046214d59b8026279c15fcb7fd0b26a9e64e0240ce9174a22e3eef48f1a0af65cec71488 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1f4bfaae1b631f104564a8a9ff7b1797 |
| SHA1 | cb1e7770d644c3488f7be399e13845d81abd843e |
| SHA256 | f1f3cfd8796f9bce3731c0140b4747e8f1aa30c8fc6979a4d423ad1b54a09129 |
| SHA512 | 89a1078266f0775b33e4d0caab9b39385379bf74db4718066195d59faed13756836876e0c9b5a375b0291cd5d5d995cc2c3fd39ac5c0d5cb5b9fd8e5daf028fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js
| MD5 | 22be8ce4ce0870aa657783c5ee2ac8ac |
| SHA1 | 4ec0ef8c373feee8ee21c975bc9424fa44a43e66 |
| SHA256 | 6d7f921471dd0f2c7e2c11c106af98ee2474b431302b1be6d7750871188dc86f |
| SHA512 | 80ffea2e4e83b935fbe491a1ba0f4ed87883afbceabe998a8bf336d5d73d6203b2524b2bc6c948d001b3b99c7acae8eee68bfc77e6f7fea6ecb90a275ae1d010 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9b68537b13908bc3e01d6a93e7cbafb |
| SHA1 | bac59dd347c7ddfd1d96c81d3e4a455d492657ce |
| SHA256 | 2107aab12b58c3ef5e40a6dd1ab73f46fbd04cc6f25a75b3fc63335e376340fe |
| SHA512 | 5f13e6a7e4eeaada3ee8b1c3d3831bc76bde4c2576c01378290100451bd585c55bf88d11dffefd28997bbe3e3cf7880348719fc32830240011d72dace7d71c6e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\7D3068195A30D049CC263CE0A0641E65E92E39CF
| MD5 | 1e9b58a62ad63b14e56e62acad306044 |
| SHA1 | 0ca583c8f7db1d40d32561ab9e6f265ea0f0e82d |
| SHA256 | 112c3fbad2b48cc7638dab30646f71701f3af7ae1fd57c9e227ed69e54d4ef31 |
| SHA512 | c1a06d7b0a0d13f52e8e1f8ca0a9d23e3916b2d75cd531bfa7d94df429914bee27de86b9a455b2f942f61e0bba7d45e093196cb107eb2f6e3b32f9a4244a2881 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\8324
| MD5 | eec1dd98d57e9cb56f17e8bc2e0283de |
| SHA1 | b687bf9c25436b661d33861822da88f9be9d8e77 |
| SHA256 | 076b775e0594613959ef89c0c26800fff78eb81e2161a69fb9852f94965d836c |
| SHA512 | 8f1d269cc6cde5de992b60b33247b0d389ea34618f1610bb54cd5fc6c726fc178bee5f02744b64e25bfba2597c428ac35ae01cceab08bff19f7e79d68a995dcd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\19928
| MD5 | 6b40f267aece3cfa488f9fd55c9e1398 |
| SHA1 | ec6fb9083ebd4c9456a421bc37b51b14e0fad213 |
| SHA256 | cbe0a1b537e455a8759e557372155872cf9b827e4a7d255fa40ed0582cce3bb5 |
| SHA512 | 218c9a1b6e63d2a3f60c2b94f5b5538d6f311196f9016a093a142a9b2e5ead7030fba83fb63cb606416681a3973702ba738d16d73760cdb65ce0cacecf99f03a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\4072
| MD5 | 18e192805c209721c262a8809c8546a2 |
| SHA1 | 6a8bb6d3c7bf4d597bd6a4f8f456196c642a1a0d |
| SHA256 | 0bd0f7409e06dd3dde3a19b15999e483ed963c6be50a6f8992743a5e3f88d31a |
| SHA512 | 45fc22a6c141a1591fa257318d817ca06d4cb0721f906d4dcf216c9e4682541ec01358d6498e2147efc25842aed583f5bf6aa2d212cf8463a5aa8a33d1a87c98 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
| MD5 | 9097a0c79f6995426c39c96c24109fd1 |
| SHA1 | 96eef3cb9a70c7cc36bdd42dc51749868b639293 |
| SHA256 | a25a44eb71cb9dc32241273da94a833f6f4eccb37de3cdf7610de37772451782 |
| SHA512 | 9395d4e13142c553b793496fd7f69de750d4ed4548fff52b57ab78192b84c8f67b91c7f25fa63ccc002d0661cd6f3d20d7dbe34a7be3e27badfff9b84972b1d0 |
memory/6820-1285-0x00000218A8840000-0x00000218A8850000-memory.dmp
memory/6820-1269-0x00000218A8740000-0x00000218A8750000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | cd5c1ad7313108d74e0bd02d8d74d89d |
| SHA1 | 520a379d55fcb1e49cac3adef0dab6a3a18ab3b8 |
| SHA256 | 50e8d1187420f3656cd37b0966cb55f5fd3f3a5551ec8158dedcfc4e166510f2 |
| SHA512 | c75dd5205c6966f1227f11f26f3ba40467a12e983caf5f110fb24c49dcd834a2db1bfbdb06b03439a34f37f5507722e0037ba9f76346a2a3eb9624cfaaf0a709 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0df3c8785c003d6bd59a37902a73f779 |
| SHA1 | 1e8aede4a4a13f20fb772af65848b114f67858d7 |
| SHA256 | d7115f4e7dba5ef7116e2cbcd5692280d7b7ba6c9cf1ce55c436aa922360d351 |
| SHA512 | 9704c9df282783f184c6085e64a5612a23e819a7f2369b749997d8d4ad1be4fafe7a8de07167aedfb959000b6328855a6810ede9d648ab3e09e163e56bdb099b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\E6BB15CCEFD92E3AC1E4ADCE0E252D300C549933
| MD5 | c80c2493810f1d0315db3282825d7fb5 |
| SHA1 | b0620b99d820aacd9cfc7668aa02217eec5cf216 |
| SHA256 | eef5f0aa41ee31d0d2908c2be4f8571c18b9a2356fb02f5d507050a5c5fc05db |
| SHA512 | a0b7118ab74acc8c14e46e1ee71f8f654a4df611d3a4e544d04b959e36c681f68f08696873704dc24e3692d43c33bc58f343e575f1b5b2ebaa8a8a9826e97837 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore.jsonlz4
| MD5 | 9cc2a06d559c367f6d4dc50b67bc4f08 |
| SHA1 | bc94c8683b572b8c0587e951a37a47665bc4886f |
| SHA256 | 7216fc9736d6cc32a733636861be8861eca87daac4b9c883ac9a014d01aed2fa |
| SHA512 | 9f9b7b8432db7899360c657d3ec383870fe41ee275d3f7658be6b176c7be8c07a5f728ec9a58f2b914e1206041e6352e9225b092a93b6cef66e62375890c5825 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\places.sqlite
| MD5 | dbf6a397e2e57d255633585c0fdb6164 |
| SHA1 | ef7994b72e33ea31989572ce57116210d5ed218b |
| SHA256 | f457d18c2fad4fbdf5aa3652566664cebd5ccb00d0b324ee5a7e942bdf7237f0 |
| SHA512 | 5c11251767b55f649b8ab5af1f22783be6d1ae79a54ba47adb84194c7e3059e95640e20bf5ea3f8a1f8b31f0eb42d7b53f7e2d8f06249640ec7d9a1e666aefd6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionCheckpoints.json.tmp
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Windows\Logs\DISM\dism.log
| MD5 | 554f95f3d93638ff1fc65082e578e5d0 |
| SHA1 | 125ec020f05ed7d24afb50be0bc4a05e7cc90c8e |
| SHA256 | b9a1779e972aac363dba3897b508b503db1ff4a7b91165df99a87a8794c2259e |
| SHA512 | 90d5313433adea024d425c11902f6fc82f5a9ef79fc79698ee180eea391facc0f6268d23b35ba0649b3ca67511f5b03c6fa9f39e4d85a591b5d6c66941ea5534 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\ProvProvider.dll.mui
| MD5 | 8b06fdc5e1da9820ceb1ea9fc44ca999 |
| SHA1 | 48ef01c83bec84ea711652bceb214d0c86585cf0 |
| SHA256 | fe6f1404c1f4c8db52919f157e4b7c7bc2f7fb989aff66c9d93a08daad80923d |
| SHA512 | ee4eaabbd9e20c57326a75376ede7bde7aeefc1e9e183fcb66608ceff12256ef5dfa7c6b6ade3f02fe843223f4a609374cb9fef8f58c5a78aacfffb1405041bd |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\OSProvider.dll.mui
| MD5 | 5cfb24402d08d912795b5afd13e13363 |
| SHA1 | 6c3eab43d71bae4fc20a36308ac1369f1d8d3ea2 |
| SHA256 | 386c557aee0130efcbf08cd773c4409e3b191ef5671daddaa5212bd90f46e023 |
| SHA512 | 187111b9557967dfe7a9ef2c02df477d9f306beb32876a480c44216f59c7b3dfb2100916a877b7f6aa2e2f8e543bd78bec40741868ad2ab5af297a3fb38ecf64 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\WimProvider.dll.mui
| MD5 | 343f4a62507463d6735db2abc8aa56dc |
| SHA1 | e9d0042a4a42993763474265a0f717ab24f7b8cc |
| SHA256 | 3c6acb208af7429951c84269de19728cdaa8496a092dcc48fe322969145a1e65 |
| SHA512 | 67315ee7514f882ba41e29539d9e22b5b95cc51c6795394c8371d16341f250688a817aa43b5bb18ae9240070d27b81cddad7765f26809b396f03718ce66c0fab |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\VhdProvider.dll.mui
| MD5 | f8ccefd0f946e4de14c9cc3aa10b6cce |
| SHA1 | 8b4386cba281c9d9976cc275b8ae4251ef33b4ba |
| SHA256 | 81ba836c643fc05e892b6847b581ea6de4cd893d05a88c29f828f75c1934e834 |
| SHA512 | aa169db993e280da776e3b2fd0813b8e9ff72e7d5050f738459b651fc6039d574ecc159288a32ba9efe8a08a5b2e94ad858cdc6d2ee1f6422b0855a71fe59d08 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\UnattendProvider.dll.mui
| MD5 | c65d4b456f46c339e3995a25fd4cb6af |
| SHA1 | 35c524248ef5ce7240018c7c0dadd8507fab6e96 |
| SHA256 | eff8993acf5602ff526ceac5bb0964555fa41b9f62b9c26a32bb6ff7a077f357 |
| SHA512 | 28ac91810c06a28b18fa70b63ff0af74e9068b6bd08937edcfee9ce6285c07216399e7108eb8d6b8a3fc3129513f61ab4af3ec480e00f6fb704fd3cd78bb8ebb |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\TransmogProvider.dll.mui
| MD5 | a7c5cd3a8c35738f7be6637f9d74e739 |
| SHA1 | d55fc603d0b14c2b159c38915d992029dac04d94 |
| SHA256 | d8e33f28d9deb661feaca095c6a73c54679d00147bdf35bec774f4f481090477 |
| SHA512 | cbb3b9cde1840425fabd79663f43278b38a0ff21a704273e7c757797f76f7cfcd1bfab39298fbae465700ed62d40612c57712a309a52d6be0015a576cdde24f1 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\SmiProvider.dll.mui
| MD5 | a6d24ca7b0a14a3fd8a53e50ae511aa2 |
| SHA1 | 5b89222c5078172741088093a45aa630fbc65f5c |
| SHA256 | 3351ea8ebcc292ace596981fbfeadb13fab2132a3f4ca7a73389e203156ab272 |
| SHA512 | 07261d826b3b22bc84d1574a5089905c95a1ee9a2b92e8c7baac8558add8ed43e182234292793171d4fd6544c2f4cb77c89952fd53399d95648c7dda88285eee |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\ProvProvider.dll.mui
| MD5 | 465ff43b338a4059ee0308a8de105a98 |
| SHA1 | 0811614122cf0b8e23f805789b1910f788b20ffb |
| SHA256 | 49d4ef65391503ab867354dceeb241e7690c92383458fd3349a85c669b80bd49 |
| SHA512 | 05ccaeea8e613ca50612b73b16175d77f68171a1e5af5111d382fccc88ecc41f83ae84f4c4d91885649197557e0b4c19bee3b23adfd13022b482cb8a92c3b728 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\OSProvider.dll.mui
| MD5 | d1f7a1ea380d32e97056793baba7cb6b |
| SHA1 | f5bae8cfdff3e45aaea570d0425b47833e2da197 |
| SHA256 | 344d70160791fa6d5e4b39afa0ebe996a4e6092672ce1e0750b4c640ca8e6a18 |
| SHA512 | 95def4c80bf43a8e9e7cf6dc272e4eb7e1847e5fa997c8a3f2ba53b9bb337289bacd8fd8a719b75818d44ae33ff817fdbf572296b258254543aaff98792a4649 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\OfflineSetupProvider.dll.mui
| MD5 | 19575370d599f89404fe876b132fd170 |
| SHA1 | 968fdaee7daed95a62cfa33cd03c42804dc96652 |
| SHA256 | 2ca9f61d307e874e29fbfcc90645a797c82a0891d9ecfd7c3aefa8ea759a2bc5 |
| SHA512 | d35a383e49e2614019fdfdf585b607caab3ecaee6e577793863b8a1b84df2bc76de09577c9474b098d026523539f6e7b7d63071dfdc601821b5aad73f060e00a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\MsiProvider.dll.mui
| MD5 | 8cf549ca23aa04d862ebf6e6e607cc54 |
| SHA1 | 6348fbe4f32a01460de297e472343b3c0b32e34b |
| SHA256 | 634ca4c93f54c358d1c541059a2e60fdc4a11f38ab676ed379a9e38a2fb3797d |
| SHA512 | 5cb719abbaac3498cdded40ea191158621255f1fb958835e01809ef7532e5e8b3ad03af1170f0464dc7bdcf49230457e86c8c58640716c629fe659e94112fce9 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\TransmogProvider.dll.mui
| MD5 | dd549e06e8b1a71eef97ebcd494fcc10 |
| SHA1 | b020953e0bb6dd6ae80f881f59591d067e75c63a |
| SHA256 | 1be0b61e8978639eb2f66956a1604f6f0a2d668f868a9ff48b5db33dea812901 |
| SHA512 | 0d3f4700bd676a03d39460a7af08780eb06bfba2c9bbb6827ff8a39f37d0dc946de057ec2fd70715ce8839f55927cbea57c7d8b85a859252b0dc8d9a23c7b540 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\AssocProvider.dll.mui
| MD5 | 8fc0592e6bae1c2c0b6faf5abaae06bd |
| SHA1 | 3d2b07af39c682fd1aa7b7d17949752ca02462d3 |
| SHA256 | a4384de24af2c0ee9e5ebf233e718c8cf4c5277a72139caf96d6458365f765e1 |
| SHA512 | 854d9994ac9297b5f141bbbb80f4be1ef137b359bfa1483e930a9626a84998192ad3b94d0a54397f50bcc7077b9988e2bfbd35f667a04c8840e0299c506f9813 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\OfflineSetupProvider.dll.mui
| MD5 | 1bfd1893b356d1f873485eafbbd4ded7 |
| SHA1 | 7151a11102265ed68078acaefb2246fd26048150 |
| SHA256 | ddac20708f8522f780dfd1246242ff8394aa1390044189675b52a7daf6148a5a |
| SHA512 | 1fdc72d22934650e8530ed799eebb9d30a2ba53e3b4c35f96f1053368acb94fc319091ecb0f01b04548cca45242ebd778d939ee4a2c6a1145c8f819c8a857c22 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\ProvProvider.dll.mui
| MD5 | d8effff8244fc2aef3444f1c601ba5f8 |
| SHA1 | 6b0e75773f8d1df1705e507d3c28f5e62d74034e |
| SHA256 | eb2111050a0da0dc74e5cbb6d818f00969e1b11d96b060f0e7a3ed1362f38525 |
| SHA512 | a87ad843904121db3cd650849475b3cbd9c34a5d793aa6a66b5aa5a80246f802599533afb972fc77711c92cc2554eb4f9d7ac2df32b0bc67103316b7fe06804d |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\ProvProvider.dll.mui
| MD5 | 3a9147271851e3cf031227e616c7d710 |
| SHA1 | 33f789539bf7cd1ec71532a361b858e96aecd450 |
| SHA256 | dd3129c091c6a6606f5ed2155cf08b3fc8145de346afb0d1cf61c9ce41c94784 |
| SHA512 | 19587e2dc95f8be9158e3b8a723dd2a9ae31024267ee8939fbdad81ae962a9f2a4329df2b9ed9aba7edb97c52553de3f78410903d37aa76f7c6a81e92a7aee35 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\ProvProvider.dll.mui
| MD5 | 07ca052ae319d1a94b60131cb2aefea3 |
| SHA1 | 5a182fd3dafe34917a93cf461ceb28696def0fb2 |
| SHA256 | 28da3b15a8b2ccf8790fbd51d50c3987612f29ecc3a05ebbd25de1754bd35f94 |
| SHA512 | 30ac6549a71f7ed054c6cad99244ad552936bc3bf982c2564359c19145730a2af418bd564265252ca7cfe229026d9283d8d5d48165b25e000295c5e294fed711 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\OSProvider.dll.mui
| MD5 | db199a00be2aa8ac162375bc87ac8ac6 |
| SHA1 | 8300a26f851bcedd39d7b1d61fa3d076d8f303a1 |
| SHA256 | 8bcaffe6d9d2ed5ef57b79ad4de4cefe6431763347b6b1d091f224e021e391e0 |
| SHA512 | ba937d0c7e6d5a81ac1926d5de88703f2108dd69f3ddd55f0f9fc099d0e88362c0b2badb06adbb8713fff8b039ef07f652a504f4fb157e366dd0d728dfd1f084 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\WimProvider.dll.mui
| MD5 | 2a8e2a7037e5c1af91364a4b16a8a5f8 |
| SHA1 | 5c487429258ec1e7e50d48975070ec685cac1ed7 |
| SHA256 | ef96a9d1692b95abce3cf1ee0b5d69c6e1c89e24523dc1af966a6ad2129488fb |
| SHA512 | da5486fe1c5e3073ed4753d3d5306ec08438050e56c8196f21ac560a90dcd0cc312e96f6eb18a83649b460be1966ab5667328a0d5a08814f0df246c9f9767d4c |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\VhdProvider.dll.mui
| MD5 | f2eb563cf97f341bb240b80b402a9238 |
| SHA1 | 2032061c6c5022b1671ee4798872dfc961000a96 |
| SHA256 | 9f25d99249430d51be68642fa8d17615583c7b0ccbb22facf3632601e4908203 |
| SHA512 | cec465a39d4eb1f7a5f382e0e532f9d031721b83722fdf2a111172b56e4af1ae21106a1f7429e6a580e9bb2d371de794372a9710313e0d5147be8d805229f1f9 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\UnattendProvider.dll.mui
| MD5 | 91518a87c297429aeb52dc30d84a131c |
| SHA1 | 10f347d82c1b04c746876ba94522280bf791d5a9 |
| SHA256 | 0d16a08e631499cbe13dc8ad3f00b6556f0a55c66477704e187933b1613c4ef6 |
| SHA512 | 822de4158fb82c865f0fc28a4fe522ac3e274e108733b1572a124e635e9828e8fc4019f25e490cce4e35b31da96ee56973af6aee88fe464a9169ccb0f9749c31 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\TransmogProvider.dll.mui
| MD5 | b84e4d6a853fac7d9b7e1092ab1e90c4 |
| SHA1 | 6755f298d78fa28e59ddf523b42b7df30325b878 |
| SHA256 | 1baded3205376914442a5c300a7602cca693720b5d97bff0fe891fe997fc3662 |
| SHA512 | 8eecbd372c42160fffa8c5c041ba4b8a2b50d9e0a2237ac181d3a3514ed70ad59984ad223ba928f1c9adb6253fb66a234c0a63c7d62ce79d2ab525d0ecdb993d |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\SmiProvider.dll.mui
| MD5 | 936c9e7aa93c3aeacc9887a3ce014e42 |
| SHA1 | ba2ca3ecf6818b92f78ef7f618c8705bf4343232 |
| SHA256 | 6d899a83c00bb0cd13be07daa5bbb304eea5b22a82d117ba543f00b43239081d |
| SHA512 | f40ff420621678c7b3c63e1b69f83a22ccbb1f1bbc3a7b4437fabed19f93004c474aea4406de6b582f4d11aff49474dbeff4e3883dc6e73ee80a658a3af68ec0 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\SetupPlatformProvider.dll.mui
| MD5 | ed8f61022b497021fa127d3c9967c23a |
| SHA1 | 375400076612a997b8def30e6c4ca5be57eec408 |
| SHA256 | 07c0ef2b375923dbac3623453075920d4ee1b3bcf85d40e1a57ab532d8c19524 |
| SHA512 | 63946e2d6204d325259de4e5fd3ea18772b18b954e9549e41fc05f28c63e6bb362c4a4c34e7195b8b8b9ea2645c105c89f83a9b679130e7917ec4e404fc6ac7f |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\OfflineSetupProvider.dll.mui
| MD5 | b11e3bcb26db8122f2f240657937f555 |
| SHA1 | 8e863f5f6c58dd8852e06e232288c540c73a4f4f |
| SHA256 | b749896c362801d82a54a4ce4e29906b24ef4b0e79850356032e7f6ac7d35174 |
| SHA512 | 130886619efbf115401123b28b084ededee8b0fcee4369c019f1cfa9c72695e78ad9ccb7e6611bd6b8227ad7b7f60b8022ce70d7b194154842cf02e1c2637943 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\MsiProvider.dll.mui
| MD5 | d69cbc0e263ad9584c8c23f043a03c9d |
| SHA1 | 17279ca4ac8e63c6bbec95eac3a0254d6938f0fd |
| SHA256 | 7cba031d76404d1dbbedb48d9bac4d240c8ede0a427229a84e8208a38988ab63 |
| SHA512 | 5931fd16721444dff986b9196f7a9a931d0733f0aa89301bd617c78be022008d1ae61e7760fa1f95f859192dce0040e3720587f1dd42a0bcf053dd514fe842c0 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\LogProvider.dll.mui
| MD5 | 1f400064e806002b0043ec3ccb33b12a |
| SHA1 | a15903406575b0752f4a7a085cb8938731aa0134 |
| SHA256 | ca8b20a1fb15714910e0c137ae81e0ff82e0a5a8c49c732d5c510adc9ae54dd7 |
| SHA512 | 8a46f3990a659f28673c666b0018d80692e39a8d61642bcf69e025cd4ab4afb4c64c8946a7dd3e4460aa972edb40bec002c090d0ad4ed41ef37992eef3bd3713 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\IntlProvider.dll.mui
| MD5 | d0a5b5cb5793bb504dac1822cb684372 |
| SHA1 | 6a59b1849f5212a3ee6c25eebfb083c39ad63edc |
| SHA256 | ab45816c291db1dca40e4132900e0b961e56415cc37aa96fab144aa206b1be89 |
| SHA512 | 7d7f5586c612ae77624f371adc37f07e061436d2c7ffc725386be6212816dda656db1199984ea66a19501826e07f57ae69d0196ba1959f80e2eab37701b174ff |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\ImagingProvider.dll.mui
| MD5 | db635b4eca851068ece6086c2d492dde |
| SHA1 | 8b29132d97ac6dd7d70f03d8de70282499b919cf |
| SHA256 | e51b54ad8eb5fb7a9236d990f2966d0f827e73cbd490d67d3b7bfdd2191db931 |
| SHA512 | b194c292e6b69c545f8accff62ccf28f8bf2f2dd7c623c701129cb39e7367edd9bfe7394cef47a26c7f1aab83b7e568ef3eb25f24d8c4ea6600fb769076883c5 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\GenericProvider.dll.mui
| MD5 | efe9082a7f4c66fb7cbddb7bccf4beae |
| SHA1 | 48380a0162fe35da48f90ee8721233753b198c0d |
| SHA256 | a9016e66c6ece5113f4786e40546e1bbdd5500db9e6778622256abd2131ae966 |
| SHA512 | 49cb7825cd74ae991e546e808603e840f4a9fa921eaeb7bc8e79c016fa0fc48e8fb2c4ada86b4d8d918402c793e532c9e0b17efd1c96611b7732d22bc66f515c |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\FolderProvider.dll.mui
| MD5 | d9e6efc1ea5a0f16754f6f7fb0362fb1 |
| SHA1 | 30b03a8610f891bda9527440e5b045d6c26949a3 |
| SHA256 | c32d4ab97caf8a9e568f0d69433ae5905d6e01f486d4c01103bad3d90174cfcc |
| SHA512 | bf92ca7e77439bb9a9fd5b603dc4f881563801116520c4d758d1dceed199fcf45deda42af250d5d86e7d8e53b1dc008be2ff131eb3e1d8044897969f34c8f6c8 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\FfuProvider.dll.mui
| MD5 | 595648e525f1d9889bcc241ed9babaf2 |
| SHA1 | a925ab13b1df8b46ab8baf7eae4b9840b45aa038 |
| SHA256 | fe117ec4ef1deff67da7e5650cdf33de74b25c01bf42b63faf9c70ac4b1d2144 |
| SHA512 | c8d737c1a2bbb7714daa992f35f81e9f6805fece7426a376c165a09107c539ea7c24b44f3304f13fe15e113f5201e44209f32c36ed1a8ccefa971f015ac6d22d |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\DmiProvider.dll.mui
| MD5 | 4848ea901705815f997f79fb293a5aca |
| SHA1 | 2ec7d10e0c95432f233a2f995d0b4f24a90f73b7 |
| SHA256 | 8ea40581e4d55ce5bd1290f73bad7ccb99633095c28df3529c3882554a3a9b63 |
| SHA512 | d441060b18403cddda63d90d63253edfa7573acfd5afc5f910773a51976809d94f49ee9658e6600d9575efe8a6439e923852d091a87a1a60e0c2c0e3451f14d0 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\DismProv.dll.mui
| MD5 | ac24c87ccf2c81cf8f9c8d825d641563 |
| SHA1 | 7ec6cefdfc375053e27bf21a301e5bd952c247b6 |
| SHA256 | 4a01b7d5d6ac1626423f00debafe452555c93a92164b944dbccd2027b7119edf |
| SHA512 | 0b707702bc19f4b8141e96590e835b34220411b6d8a52f1482b350043d3e796d351dfa58e8e3414d05a63f651274692eb96a1485ac89e924c31aa6796f20dd9f |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\DismCore.dll.mui
| MD5 | b13922c43c5f5cc1a832e2c2e3c8ad4b |
| SHA1 | d2f7e192837b53ed43d8d8e44e0d7ca533159725 |
| SHA256 | b1c48ea18d50d27d86dc07c3530605ef5fca0b3dcc27cc5acce8bb9edfc4a254 |
| SHA512 | fdc6690654d67db50e17377b2f744b6ad3f16de7e1ec8bc90a97643dcd1e5a03cdf71dc39c9db8c92be921af9a120a5832d78313cbacf2f79405a589b1be86c2 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\AssocProvider.dll.mui
| MD5 | fff347e0c489304e30564cef7faccc30 |
| SHA1 | e9f8a46da580bf4b710bcd4604dfce85d7d65b12 |
| SHA256 | 2527e7e7e58e9eaf17f41410e23f8f51ecf7c22a2f8853c175ddfd1c0c192f13 |
| SHA512 | d491bf2777743f062da6927db2fdca128272e3040846176f76ce8fc6057e65e3f83c9f7dc5924ee6503a2a5c6e4bc5adc871cbb1169e792dcb7bed04caeec580 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\AppxProvider.dll.mui
| MD5 | e76079779fb26fd42788c06fa9ee43e8 |
| SHA1 | f8042c80afd9600e9181c32e5aa7dc3f985da59e |
| SHA256 | cfc8ebe044a5fb8d2065ccb064c43c71b5574aeaf92f113e25a36c58dccfa406 |
| SHA512 | 3bab4ab3012772253a51aa708018c38ecabad8ee70343fb18556213e5c8adf99a300360fc2bc1cb1928c4b7afe7168b5889fc58add1c8dd6be4773a2d9575219 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\WimProvider.dll.mui
| MD5 | 84ef0cde36b5c8073d4ab7ee2d55d5ce |
| SHA1 | 3802a7da41170976de01af537f44eabb1217d807 |
| SHA256 | 34cffaf476ce3ffc41aa6d43818bd541d65eb4b8a7760d0d085049961da303b8 |
| SHA512 | 3d69fa4a00f548fc4a2962870db17382fb66fcc0ad59023977587e18cf5495b63e09a5735f24f6073bb2b24e41e6261e4253df9dc5ef5730bcd8540bce29e286 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\VhdProvider.dll.mui
| MD5 | cbdcb943ab6ca6c3d52e99a1a2cddddd |
| SHA1 | a08440ffebc85b123427e11b6892ce7c49a73d37 |
| SHA256 | 8e024654cf1869d28cc7b0ae5e170ad2ca815e5ea67823c79dd383faf0231171 |
| SHA512 | 63535d89d28d1b1a34ba6afd3f6c4c31e49d4dce20e212220efa88128f15e36ef4d28ca3ed7ee02d7ed01650bb890bf614cbe18d9a93348fb278cda19c4e4c80 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\UnattendProvider.dll.mui
| MD5 | 74ef7fe50beca88b126dc4fc16b39876 |
| SHA1 | d740740bd0e9fe889e5d88d6733261966f880c34 |
| SHA256 | bdeebe8e6233c79e8e951325ee86ea56921dffce60d6198ac506428b1c303d80 |
| SHA512 | 9d7bb5cdb52b344e8a2700f5321cda483c77cf8949720a1968f678c85bfc23a1b1392643bc6b825ba454ea06d6fbd2fba22cde4bff799fd4269d4a80aa803773 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\TransmogProvider.dll.mui
| MD5 | 604a38894edcbf4a5e5a80ffc1152867 |
| SHA1 | baa59863ba8394035d81cea801af73ad03c5ab05 |
| SHA256 | 8f35db3053ba5c4fd7d6cffcd250fb483c0796754b2d70de6410314e86fb23d7 |
| SHA512 | 0061d8b7c699b7b132e81e29aefe646067e7383c9d86e408bee1979c2d4068dbf6833d305e6ee749be73aa9d27553cbb3b454aa6c7df1f934871c65d5ea3daef |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\SmiProvider.dll.mui
| MD5 | 3c544db581cd2b12c2e1243f146ae7f4 |
| SHA1 | e4160b0837f701a8ee886774396cdcc5564b961f |
| SHA256 | 523cb94c141e426b66e9b3be4ee07a6ff9212d77cb968c18f36927252abcf63e |
| SHA512 | f8515d62e6093983d631d38ff011fb2a7d2ce0f6893de4df0ff9acc980b5786288744c80a922148d0fbf82c08933202f56d68c679d1aea2837c5f4c92bfbcc3a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\SetupPlatformProvider.dll.mui
| MD5 | 4de5ad5431eb5aa8b8598edcad003479 |
| SHA1 | 933f68c3facd43eed511711fa4b684328b9350fa |
| SHA256 | 69aa27c46af765eff41bb9d3d89b8103e088cf2d675ca7f8f75b2863685293c4 |
| SHA512 | b643c984dcdfd43928a3d48d8bccf22c90fc9ec368216cd79b697f6b9f857ab09d522220a878c20d8a32d2defb4a94fc483f2e403169ceed7edd920a8346ad05 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\OSProvider.dll.mui
| MD5 | 107de92a12daac69d7d35db6383f3288 |
| SHA1 | 1ac50d3531ba1fe26db66a80dc5bab328584f3a8 |
| SHA256 | 1593b71998aea17dbe2d79dcb724c8e322cf2b42f1085287aecc4846c6110fc7 |
| SHA512 | 4b63c5889e9fa68570459cc9d6b365443e2efee6a962a356c53749c0d873ce5766cf98e4de6dd4f0653073055241679a26c74df789791dd9f216fb5cd90a5ba2 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\OfflineSetupProvider.dll.mui
| MD5 | f3c9a0354a32371faa1ef99d5f95e4ab |
| SHA1 | ac20b37ff15cfdf11b9bcbe327335a474a1b3ffd |
| SHA256 | 7786258c88638cef31b2f012dcc6982ddb504575b4197b2d35004531d644c676 |
| SHA512 | 53f9e8dae08aa8cb4297721ba5e47d4855ef6b35066ce727a416468d2ccfa574b0caf432e9bf2411490a06dc0fe00529e5ba7652f78423c1a320625d8b50b81c |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\MsiProvider.dll.mui
| MD5 | a675898b9ba9d64864c18c74f1c412c5 |
| SHA1 | d774dd3d6266d36901176644440f2d04ec5d8b61 |
| SHA256 | 6759d936ceb9e1568c6f8c2b536aa665528666a4bb1bc36a4e7cc1418584d3d8 |
| SHA512 | e5de32652f7b3d3c56df9d1aa2a7f99046d235d58e088bf8a918a1b3fe273801142b09672bdf17b54d067e765936f469a050992fcb10f56c6d23d378079be4ae |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\LogProvider.dll.mui
| MD5 | 11e473163495717bd22c340353a9f0ea |
| SHA1 | a162c63c1f5b15676b5898480061f47e131277cd |
| SHA256 | 9c96c8b812c0603525985f6b6f83df016064d513cdbd321db6982750f39bad07 |
| SHA512 | 3e23c991353ee843b464977e10b6f56a2977d93b7cf666ad92724a029bfd8c6a51d3c74d99a614756d5f675cccae23c3e5f5d1cd936ab57f3a3d940fd8c7b19c |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\IntlProvider.dll.mui
| MD5 | 4906d8cf79603c4b485440c04a832e7c |
| SHA1 | 0ccc3ddb7a4a0c425271537094b0a5670bb27993 |
| SHA256 | b7bef046cf104c8eaf0697007ea35261d0c8a5500d584fb707cfad9f9055fd78 |
| SHA512 | 7c2ab03cbcf25e2bf4883c4a8410ef86be78cdd75dafe1b115bf6ea01d1272d4b36e90ae688673fc34a483c930663a1bfd518524a8de30bed54d8bbef6651106 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\ImagingProvider.dll.mui
| MD5 | 95e04f99f554382c19c632b5856ff54d |
| SHA1 | d4292e03c213f92b43e965be2a6e506807d0f374 |
| SHA256 | e29c8a3872a4c2e7d9f98c38fe90d40d471a46219b20fd0916708f55b9ae8a32 |
| SHA512 | a86c047020316dd575c96f5aeb78162ca199b04c3d7b44a680326b87fdfe2b9e1b6adf1ce54631fa1a5d9d8cf4dfe904192a5082f061484fd444265e0dd8e248 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\GenericProvider.dll.mui
| MD5 | 9c1cd51ae8e1b13f88aef5d06c724e13 |
| SHA1 | 15b5b2150832e32aed0bd4e6f6750cf8fde92ac2 |
| SHA256 | 81e744ae77bdfdfa7602b808b97e5c9f7066b8994e79630d155d87fc6eecc5e9 |
| SHA512 | ba17a831a77110a3a6ae592e97191663b0bbc8dd15f8b597c5cd1634625e696f47b1195265194f23a576aec02ae80b6c595e524409e25a5be5abaa4579288628 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\FolderProvider.dll.mui
| MD5 | 8e8f3a993636d31c04c4454b94b3cee8 |
| SHA1 | 76ac076a72cf98ee8c118bb97f7a83861a9a2ca0 |
| SHA256 | 996fe201d45099fd72b7ef93495fb11c875cffea770d6b41e90f815e64090174 |
| SHA512 | 12dad2ac3cb3e6d5de4a4ce3a20d7c6bc8c4d1a36dd2726e279fa25232c585693ee8540ed35078633bd2ee0fd41f09747e91defab60da71fc0a6e790b12ae65f |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\FfuProvider.dll.mui
| MD5 | c6f85c85f5e5bcd13003dbb6ffaf0b94 |
| SHA1 | 693007ff47a374dedfd408abd858f6a55adee82a |
| SHA256 | dbcbb5218ad6363845f4f7615d2d3c775fef1e421f7a0f1918c4ac54288e06f9 |
| SHA512 | 607a4f990e36da572d980d24599769518c235653d3d0cf9c12287770eebd3962d7538eb112899bc0b6b8dbbff9c1ec0fad220e25ed39344264a5a4e321e47bc1 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\DmiProvider.dll.mui
| MD5 | e008f678d3e0f7263ef4af05a8e86c6c |
| SHA1 | 6367a747b8a3c3cca488cba17e5cc4d1f9fd2d0d |
| SHA256 | 0b08fe0aa971ad3fda569c129b1f6e4605bf025c264b107828d3abdfcdebc58e |
| SHA512 | 89d720b44e35d53ff6899e8eb6aae99482a55895190c9dc20575930c44c343231caa5e7f9ed212b02e2d2ee294d6c3db06a29a60de1d1c8c6e13a18248ece8a1 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\DismProv.dll.mui
| MD5 | 1f7ff9949dabba4ad3cdbf4d0759b033 |
| SHA1 | 9b12cd640830ec801427155d77c693d68091c326 |
| SHA256 | 5feb00e3b46a7097453b6b4d4c133a8cfcba60a677e5e349634224746717db21 |
| SHA512 | edb16133a8deec5a8f19eee31a301766338bcb2c7631d171962b4142c698d08e32c4d38febc95adefabf089bcb190eb9b42d3f944a3aa4594347681fbed48a69 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\DismCore.dll.mui
| MD5 | 0e4351e98c2720e0dbe098746aac8de8 |
| SHA1 | 77171dddee21dd1f8801cd3ab421ed59a1bd6735 |
| SHA256 | aecec5cfbfabb1c8646b7efd4c2cee17ba3ad056c4dae44c420da736ecb61365 |
| SHA512 | a4f26a0b4f153eb4aff21434a3c06cd00369c006d1b706b22c7e24fc315d4db13d34f233e78dac3f3f37c32acdc4df64877c0d6728a0865f075cec34b0fcab57 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\CbsProvider.dll.mui
| MD5 | 94ff160e9844b094a59a6ade787a1fb8 |
| SHA1 | 8d8e5d3bad491325f8701767908c5c8db902aa3a |
| SHA256 | 41d2932082117e8a0495524255a5b384862413e471083aba58f05c0805a403e2 |
| SHA512 | a8f8ace61f53989174b7211312ebd35c868d079a575e93ffd95a7abc193075527ea686e7d7142412c1e3f8bdc8b37bf8cd1d07f601eb1e79f152754d97307447 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\AssocProvider.dll.mui
| MD5 | 5b467c45cdd1f5df351c88e2aba85a11 |
| SHA1 | 6d6732a51199b1a90c0fbea2b4f555bd36231ced |
| SHA256 | 2239cbeb285351230632a7dfd39feeee1fca91cee314676121a7cb71bd31d6bc |
| SHA512 | 6bb3854c22ead036d38c9ae6b968eca3f573d7f17d69a5c2e9fc5e9d79f392240f3b010f67a2fb272aedd65c2d752fc70a8b4e5fd0188aad0108e24c97ba676a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\it-IT\AppxProvider.dll.mui
| MD5 | beaa6c9c4e67cc2e6a18775dc7b6da19 |
| SHA1 | e30f58a2a6d9b634be80c965f23aac9fc2d0c3c4 |
| SHA256 | cbb34cf67dc87b2a060d4b75e3c94730f4565650210bd251a0b73e07588213d4 |
| SHA512 | ab24d242cb9129ae8f851fba689a5e868e03cf9b9342bb68c145436f2adec77b70f51c7c31d1b27acd210732f421828be645e21716a5a95a3d4cfac6614ef81b |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\WimProvider.dll.mui
| MD5 | c63ca7fc87f9e66e72499d1927d04b88 |
| SHA1 | b37e25ea852dd4a466bf2ab6bb14a7ee895a534e |
| SHA256 | ae0e8efe64b516f451d458b82d325fdc59cbace6bae7e621d055722901083e16 |
| SHA512 | e98bbd0717544df7119293f54cdf5d95d8b67bb5273f4f25373424dd367b0ce664bb1d56bff484cf506d929baf02ac873231ec737f1098fcde474785a871c7fc |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\VhdProvider.dll.mui
| MD5 | f385649363d810a8399ff819613e2603 |
| SHA1 | da1757aed8f37b8b716b5361c53122230a41af19 |
| SHA256 | 5a022bfcea4f9278c2153ee7b1c91a7f8dcf12f43075753f4eaf7371bb4bdf5e |
| SHA512 | 9c719312bd0af4df2f480bee8bf3881896570daa4197c0b62a1a546edb2d788938adcd5160df2d9ff9e3b5d3ed0e020cf857f7191650bbd687d2a8b9dfacbfe8 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\UnattendProvider.dll.mui
| MD5 | e799fc8e9f7d67f4b60352c7b3e72943 |
| SHA1 | 39f23199ad3c368d6216b24d31b52685a6ffab9d |
| SHA256 | 4628177f430b600d0bc7311bc13b4d5a96ebfbce8789ad9513188e0d881ca9fa |
| SHA512 | 663c21c646bb2de92afafc7f5519906f5af7b2ec439ee14e2e86720a898cd6176b1171746bb09c0218d3ba303910814ac495f9ba15724d8725fd9445ee821523 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\TransmogProvider.dll.mui
| MD5 | 4b712687a01cc1fe0745bf56a3c27b77 |
| SHA1 | f8855dca91c144db93c83a35b2ac9a84af9e50d9 |
| SHA256 | 1acd9c423337c986ea6632c064f2a98ef2423cd918cd7323c04a5ec38b41905d |
| SHA512 | af99a7b9ad2d81fa1bef8e7334f5b41e4c0612cb36940ce6210ce5d8bd83a026ade7cca33b965175b60c2533ee0558291dcb977a5a6c4096bb4c6fd89ede1518 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\SmiProvider.dll.mui
| MD5 | 154ee2f646cdea13189856e0aca4ff34 |
| SHA1 | 23726c33aff02ef6452701b5dd97160721ec49bd |
| SHA256 | 68dfc4501a394945da024e65832cc42bf500e0959ee82e8fefb3e55194c1d7f2 |
| SHA512 | 4cc690b7d48bc9bd4364da6b979143d9b50a40bbbe3138cbc7830dea0f7f57056de422dd1a19403522655bbfafcef02ea00a37eea4a7dc0aa2365f02cf3578c4 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\ja-JP\CbsProvider.dll.mui
| MD5 | a2bf5378a8346ddc90d2731827c8e55d |
| SHA1 | 6e63711063977db8e6e48b4315e5a3f5d3620a02 |
| SHA256 | 7ea948c5fbfa231253b263b464c682da315b7264ec32cb7fcbb507e32440a065 |
| SHA512 | f946e2373c4a34e41eeea9ec59fe0ffffc4be2d61492ed4170d214ccca24de61401ff11338f11c4abe8bec34b84cafdebf2e4a954749ad3a7fde16e5b5f75a9b |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\OSProvider.dll.mui
| MD5 | d4f685297e15dea6d61e1c02f5c55284 |
| SHA1 | 59e4899d92de5cffc9c4756b28a74c3ed1d4fa8a |
| SHA256 | d05ed84ab71c5e77c870f46c327943c5f9c36d25ccd65b14758c3e0eda58c3ef |
| SHA512 | e5b8227502c7113e6333061e4c6c28dea51fd3458a751fed14dbcc30f8a92be772d1d87359a69fd3a4634b041ea1693ae1b5ab75b996be85f8f3d71ac60338a0 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\SetupPlatformProvider.dll.mui
| MD5 | 630c2bb0521139f26ba1e5906da18653 |
| SHA1 | 1ba4d9931aac9d9069eb2a44db4ae60401761ab7 |
| SHA256 | 96e2f86d6c31e543df2e36b791a4ff0f20ff26d5c6980d292f6038fdd868967e |
| SHA512 | 12c3a3bc8558c4392dc985fbf76c953649269678d2731f04ef88695aab5be5ae43f4c3a00964b2fcee4089cff2b6ea128a8a28f75de9915347911a137986a6e8 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\MsiProvider.dll.mui
| MD5 | 2345537a4d053ec947fa9d7742e92193 |
| SHA1 | b6ab1b2295ddfad72e08343f0fa534d44433904e |
| SHA256 | 62b1b69560dd478e22b86661ac08b89e781ccef7dcd43fc117e48eb422c174b2 |
| SHA512 | 73ba6665044b083ba4682f064086e33d26c76e17a8a84e58fd3ff2b2ca61b76ee9c48e51b71e45464ba74e2cc004d906716aed35e338974e43b178f9dd9018c9 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\LogProvider.dll.mui
| MD5 | 60814859778baf89ea550c23e562e0b1 |
| SHA1 | fb2be079366fb419a5823b2a5b9da65c6c691d08 |
| SHA256 | 88b1498ec989dffc5e9a575ff6b94e19b8c7bae63f9552eebd4d92d45c41055f |
| SHA512 | 3fdce0b48878615c7dd41aa6de8da33dc8c7b2ae9100ecc56fe5b7f192fe996395538fdc11b737506ec3720db9bb6309d7bda99e7dd59610446dca0c42788784 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\IntlProvider.dll.mui
| MD5 | e40d406d5e17feef89dafb3c1b647177 |
| SHA1 | 1aaacc9cf5727471bf7a0c7d834052d948c8c12e |
| SHA256 | fdfc3f1c72c431a504edbcfaa7ad6ddb23715cf87ece4602623ac738988bd1aa |
| SHA512 | a72d81b3f0726da7d9cd3d67e44a242fde5844e707509a67d64df8a83db737ccf6d69103880d42221251b369efe8c84056fe8ab47f862c87e752217c8a67fbed |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\ImagingProvider.dll.mui
| MD5 | b7b141977bf68735fadc10829bcd6004 |
| SHA1 | 61defa25b89e7c4dd88c5c30f12befac754a8b6b |
| SHA256 | 0b8e427990dc58a5f9407f401b3045df82739235b6f0ef403a705f267ec0d518 |
| SHA512 | 0300f846dc381b2499c61e7d8685dcec015492a95ed01f2c71a5810d7f476c01b02b0b9e2e3b2eafd30e5d2c74e2c4c248becf0ff1d9bfdc28fe478ba4d2202d |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\GenericProvider.dll.mui
| MD5 | 5c9453b61bec25ef560c33162dc4ea26 |
| SHA1 | 1dafa73f4c8a1b1aa75b598d0aafeb698a576791 |
| SHA256 | 199f15c865e74f2e5e599fff293c426b0cb9e2a970365a8a027ef422cc248533 |
| SHA512 | 9abdc5f9fbcb51e2ae53db3eeca8346113a1b76ab5a4e0bede4cb0e0e9d43be67a40ce42d3554cf09236772ec47684841658b624530aa762fee71471e75801c9 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\DmiProvider.dll.mui
| MD5 | f1d841f0c026d16c2ec95f5bad6fe9b1 |
| SHA1 | a4f09b8382b88e1d1bde579030201170c9d5d234 |
| SHA256 | a63191a3670b36a499e1326fa84937f70601e213f768c05763f9dfbd0f57ccc9 |
| SHA512 | 8df567bde90f18b1a19165962ecdfd4af839f3b51de1049bc30112069a84f32b32139ce11d144166af6ef19fdf871b14c7290fc84bb36d6fdea9c950423ba365 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\DismProv.dll.mui
| MD5 | 6b1ce8eca0d43b32f6e78472d469a3f9 |
| SHA1 | d4db763a34638e23caafe06026eb1d6e74cfae00 |
| SHA256 | 33e3841724f69bc0694eeee17e902379b67bab7941506353f0d85d1e2665dc27 |
| SHA512 | 64e0f3beb34fb0469677a991b50794f8e0a0301db4a9bb0366de235c4816a2f4e4ac25db4c3517e2b931cbbc43389b69b22f81310359bb10f6758d9503274817 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\DismCore.dll.mui
| MD5 | 9a27fcb82be619943135eddfeb4c13c0 |
| SHA1 | a76c0fbf51cc25491fcf4fe600d0a026682a5fba |
| SHA256 | 6ecad6a9fd347084d2d6c1fa5f079d4add05d4719b3b06280329cf84dad88025 |
| SHA512 | 0fa126f2f1fb6933603e7a3da9b3a17fa8b0b4f22102e4010d533b32f3aac8a5f7526236b43017dbdd787782707886f42a9167f920e764c61947064b386e5372 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\CbsProvider.dll.mui
| MD5 | 87f62a21bd015ec3f873021082063456 |
| SHA1 | 8869a96cf37a9fb0c8d9704913f6e735fb49afb6 |
| SHA256 | 17cd538edec822763227d6ee4bb0fb7963e931333b5c21baf50ea16a48e8b785 |
| SHA512 | afc2e31fb189fbdb8bfd301b33a3d79b05ef831a5fa0dfd152c0fbacfcd8a52a17192bd9373b2ee84c5c917e8250ff4d58d6fd24ff9f66b903a748379e6555a3 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\AppxProvider.dll.mui
| MD5 | 8f047a75723e8729a4c84fa2c08124b5 |
| SHA1 | 63db578e441068b91bad9c6844697e4e2ead45bc |
| SHA256 | 3427511dafbbbd40a7fe1d7ddd4702befe6f0e00a7f1c437a2ffd9cbcb5f53b8 |
| SHA512 | 6bec1487f66f5da86d4cc7dd48c684dd63335b87c77ca01d80482c72250609051cdc2a9b56af3423b45e8d14e39ead725cc9a9dbc15fe6ecea74615335edfde4 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\WimProvider.dll.mui
| MD5 | 263b263e5fe8c078a3866eadf7b2bf79 |
| SHA1 | 9dad2d78e5f130b72a39c15fc548935dc9b96005 |
| SHA256 | 43bc4c6ed713d8f04d359151edd47d6d63eb64a87ec37fb95c0fc8f056c8c023 |
| SHA512 | d8ba69b15420aaa6c1afb1bded5d0afb821c73e1ef538f06dff0f4d87520622cf0a5a989a480755a3cb35b9949098575c6beb51bb747352c280916e87fbf68cf |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\VhdProvider.dll.mui
| MD5 | bc6b19d90559744702c1687b0e5b376f |
| SHA1 | a3752de9ad56f2256a5190b01c641f173b60bfed |
| SHA256 | 631d6c84c00fcf1e7260734e92bee36243b8c40e97b853be1723dcae277ffaef |
| SHA512 | 9be6cdcbfb665a57e132388a0045a5ce6560740cf2d2d0537acaa7331cf1db2c6d0e1b2200d7cb892c7b6be47b73073a38e1ed6296631b7550a474110ef10800 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\UnattendProvider.dll.mui
| MD5 | 7601ef496c3f171373605aca6299eb4b |
| SHA1 | 92c25a096a96c690cb405b2d5e2df35a06044104 |
| SHA256 | e2988f7e6ad35863b56534824069aaaf34fadd2d27524e5d030b706576fd359c |
| SHA512 | 0729514091ed0e0468a9466ba3d6b73bfd10eb0a60e1905671c443f66121d84fab57f511bf989580a715e4ea9ff9172aebfe2cc177674c8c14adce5b8a8de157 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\FolderProvider.dll.mui
| MD5 | a859ba4b521f42506f14043bf9455386 |
| SHA1 | 8ce68325bc57ff984e99c8ebaf688e91161196e8 |
| SHA256 | a45ad33b482e3b78f42b8454ab17c1cdc7df99a425d4abe6a9633446d555e4cc |
| SHA512 | 300b36dc9d65102a20219ead89c5cbbab2fca447ee6715b96e77c17956f5abd38bb9f8c120049b72a097844b7c638d2aae477556236c98a52f22814f565eddbe |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\fr-FR\FfuProvider.dll.mui
| MD5 | fba95fa26da2db4d74545053dfa8cf74 |
| SHA1 | c45151ccde9f151a59e9b533bbd176172c9547cc |
| SHA256 | 9306a28afc60ca27ddadff59474b0b1aa19c63bd7b6d34246f3996b59293a639 |
| SHA512 | cf0c4d36e036d44bc08a7185014890c7e3edf9b1ada22e777a2cd123fda6242e519d9f422d27113c794b9bd0369ac2e9d318ec04110271f438dff8b90b82e22f |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\SmiProvider.dll.mui
| MD5 | fe9a7502d09360933fec35a1dd9cb46e |
| SHA1 | 58721b66c428b32619d7f09568e86fa1a9339849 |
| SHA256 | ee5a25b54776a63bc5bdd9a5ac3c6cacc7bf2b7f3761d2b489ef0060e5ac031c |
| SHA512 | 9f8c752a19e8404c7c9497fc9b457404eeaed2d6a071aeb4927fea7c2d3fabb1547e479d8525547f4c190a56113a26a53575b4a7e4bb76c65ea656304b753a0a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\SetupPlatformProvider.dll.mui
| MD5 | 54e7735303befc4017c8f7f79c70ac7a |
| SHA1 | 0e165c98d94ccadb80aaa8bba7644f50dd16c119 |
| SHA256 | 79bd40a61064b856fa169d2ab92e0f41202f08fe78b5c749c9bfb96f471792fd |
| SHA512 | 125cff3faea70c3a7e0a3279022685d23bd0829ae7316ee2dc9afb568d03cdad4ce5d948776a736fecfc4f90d9dd655639ab4f2ab7610ad1ee41c48959ab71e0 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\LogProvider.dll.mui
| MD5 | 49546b639236f0f120a4982ba840f563 |
| SHA1 | cc080e0ce4cfc5a5e1bcc02823875234c05759f6 |
| SHA256 | bf2d54f231f3e814a401b6598793dc3604e2d381c3b3d9b5479c9fea87dad2bb |
| SHA512 | 8e6f8cd409a601be098fb1e61e733e5ce7fc06e365442e7a2ec508dd44bad2b10bd45288419bb672be5a278501da965831c8e92da545af8a3070ba66a4b01a8a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\IntlProvider.dll.mui
| MD5 | 7a667def21a5d84e95c0153e463667e5 |
| SHA1 | f980aab6026c343c535441fd52283713183e128b |
| SHA256 | db2888717225eb457283c28424f1ce53397d0aa321b7619ebe0884cd10fe6c15 |
| SHA512 | dde58035cf1e53d4afe66aa69fee934ca31264fb4c12dff62c39a4bd47381e4c07a977b58dd4020d41f0c7bbc502d5ee6f3c43628d4fba8261a82662ea4c666a |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\ImagingProvider.dll.mui
| MD5 | cc4d83d9206a2352295b036204b1e1bb |
| SHA1 | 89647c71480550dbd8ed0fe5039d53996715be9f |
| SHA256 | 116a74db2b5024a38307080651aeeb98d15212b1c2547822421f38dd43699714 |
| SHA512 | 87285d309a6410e006eb5b3277de4219bc836f531211677e615e875ea903462a38ac8be66ed08dce804d7b782eb4f4c01f73de5c3a0f90a36859b87b56fa0c4b |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\GenericProvider.dll.mui
| MD5 | 5699303a2d4970f89360068b6dde8674 |
| SHA1 | 371a7b79e71bad4d7da3fc5d79b0be08251fd7b6 |
| SHA256 | 26995bef958d5c2b5748f3f17d2767a9918ef8f2a82b98859913656b70e23358 |
| SHA512 | 8a8d07a4127510950a96701870aca16e315732c88a3d359133c08820a4f0fc4df8eb62364b80af1e7792da5a5bb4c453938c96acea208434f9e6995efc7002bf |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\FolderProvider.dll.mui
| MD5 | c514bf1f906c4505b159ac558b3192d2 |
| SHA1 | 0c97fa7adda3da788f6cdbec0aef00e68bc46402 |
| SHA256 | 09eb31cca48ab46aa3ffeb1efa50ee1a0bb58fef66328fa2f71e06e9f0ef5a2e |
| SHA512 | e9b6c78179f394d5c69718d9ce82bd6f6b278067b68a79e9138cf92d48554ffd65c47a722dc02b9031a89ed23065c5fffb529f2ff35856c20c41d5d849fbe915 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\FfuProvider.dll.mui
| MD5 | 4fe1ece3b234048791d5d97844fe3304 |
| SHA1 | dba744f5c41dd136e498acc442da8bd5e0455ba8 |
| SHA256 | a7a6297f75e30830ddde1f5dded0a9131a1e9d9dba0182ce7d9f5fb8fdb72726 |
| SHA512 | 74e74eb1c561be31edb1c944838170e9ffc554ed0484fd7a99381e4cd61bb559e4ce7aa6a785f294df991b0d76b4bec841032e1f9e4c23217051017c3fbf5feb |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\DmiProvider.dll.mui
| MD5 | f1414df5b1c4c9aa010b60fc0f49c28a |
| SHA1 | 75649556f45c3c0e4566307598472937f994b725 |
| SHA256 | 3717e900e1490eab331474a0cf20010a5f775d6c45bd6d3406cfda8e6241f864 |
| SHA512 | d0b33c06fbbaf9a721803e7ecf1130c91e2234fd3dcedff291fae1d828a6c486229f670d8d3fa0143bb2604bc7b370f71e9f618fd7aa609acdfdf1667d014fc1 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\DismProv.dll.mui
| MD5 | bc47aa123dc9506548cade2321707cc7 |
| SHA1 | dd401731adcb6623d37e35dcbe8bcdf6b6adee7e |
| SHA256 | b9c42d0a45fbdf2db979922d60e3f3dea41c2dbccae80de432674758fb23bc0f |
| SHA512 | 4d3cc7027323020c6c6bdaf6c52541ffbfe144d2285b549004ae6b724f24b9efddb7d3a7ca5053786d67e6181e1a3ff2acc9b231ba42e36113603dd6402204db |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\DismCore.dll.mui
| MD5 | f91875c04330d1f8cbb6bcfa1637be8c |
| SHA1 | abb88cf8347b02b9a3939d8eaa0a762f09520e9a |
| SHA256 | 4ca363ac6299a3eff6f099c6897ad45793fe0e2093f6f2782614b7a98bc40ff1 |
| SHA512 | c1439fb8c0ac0872247d64fb98ad49b158cb0d742f40d836e2086c97606b6bec0ad29b8c5fae6ea72c6695cf34efe2e3dacf87be5874fcadacd0439ca19d08f2 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\CbsProvider.dll.mui
| MD5 | e5fe9e638b4744b799579563e433aeaf |
| SHA1 | 380b3f0fb659fc43f5fadfbcccb4fee049a668c4 |
| SHA256 | b6517203d9dde04a3b8a715cf47f83825928e4316e09763fe3cf0f6e1b1d8cd3 |
| SHA512 | 5bc2100c11847c4744673e894d3c8722053271f3bf15788e4f25bcc2a14089cffb761784b260af593463abbf3a9efaf7988f946005f94be016743b8369e695b2 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\AssocProvider.dll.mui
| MD5 | 2168d71b7fd5330ab5fcfcb5ab1b1c07 |
| SHA1 | 2d8042e479875499aa2093c8bd245c2291739144 |
| SHA256 | f4b88cb87179472655041518d123149eb49f1f484fe581805e3a2e35c4b1e344 |
| SHA512 | 409ee809194bbc5bbfa5081a368f8834828f396e56d00436ac8f1c30bf7b0974bbae1b8790dfc08a1b6d83f771493ef7b0372cce4feb079533254f5ed665e360 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\es-ES\AppxProvider.dll.mui
| MD5 | 842ef8185050a821269f5e2ed5f0490a |
| SHA1 | b39d06f75aa4b9b46f342d07f26c84f64ba517d9 |
| SHA256 | 41c8b7200845f5ffd7466dcae1db7b8c25833f2f8118593f8c2770246a322a4d |
| SHA512 | 0ce48d990885e90a06f9829e626a73c3be7a8b214816d2792af75ff7c708ac55d047895d773052a2b67f80e3c61def222a0b78450ae3e48b5ad7c20faaeafc6e |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\SetupPlatformProvider.dll.mui
| MD5 | b7ea724078b33c1d66fd3b262ee84ce3 |
| SHA1 | f5cb0091b1796c2f38f91c728bda8a53005b229c |
| SHA256 | 3f607ebdf37ceafdbb57227bdb2f581ece3cbe82fecea2bf9c9e697883738271 |
| SHA512 | 3b0485ed8e07ef9dab7bd87b4a3d8190e7986259fe72da7b139c249dbbc3b76abbcee30e0d3fc7ba678b139dc50cb95533e146db49001151ea78ce509c10639f |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\OfflineSetupProvider.dll.mui
| MD5 | b6a9f328e947bd6af861e9a1ec486d87 |
| SHA1 | e81ba25d1b7a5df38ff6bc3ab963bd441e903fda |
| SHA256 | f33f03621a2d57ddac266af2af7b32f6dd1734b562a667465157e4961acd8a14 |
| SHA512 | 35cdbd81c5959886ad26866d280b1a2beeb1725991489426e9386c2240d2ddadcebaf4793733ac9f778e0b47ed8114f6a531721e9ac6c4da65d044f800eaa304 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\MsiProvider.dll.mui
| MD5 | 05ff17eb521d849cd7669ae3c0f987f1 |
| SHA1 | 10a05faac056172a526b4cd5aea76e42a5eacdd6 |
| SHA256 | 4ee8c55d8c83cffef3f00faa581c12f2c76c14b2b9a26fdcc512c45f5850e6ec |
| SHA512 | 8a94a0f83fa08e0738510f0bfac9ed2c4015d1f03b2045c2ad0c0f4ab432cbdf2d19d9d403dc86a112ad1ad9793fe1096578d52ea27da5fba5677ba951e7bbb6 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\LogProvider.dll.mui
| MD5 | 59e64d30a6474624a8f9fc4e08ed6404 |
| SHA1 | d9f033841af974249b7d239db1c0ad1e58fef813 |
| SHA256 | a4f2cf869d38a9a8416201b88dfcb1fa430f23d4e4666fe9e16fad4632507817 |
| SHA512 | 47984417cc55cb1d88394bca67399d3e9a45c912a236aec922b4dc3df11884c9fe78a201179c3ac81c970f032c88078639c0a85c81ba3e07ff30722af027d038 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\IntlProvider.dll.mui
| MD5 | 4ecda6437cfccc9757082807dc2452d7 |
| SHA1 | 82b4d4ee6770c95f81858e78679768114c448e6b |
| SHA256 | d44228a806821c3278d39984d025da79c8970649bce4183f70b8d666aa2abf46 |
| SHA512 | bad594522ab63f4a3d578ba617e5dde8a0e65a1d5edfe456dee34e0c0023b23c2858fefdb2dddef366498f92660aab83648fcc7d010706cb03e6592af53d269b |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\ImagingProvider.dll.mui
| MD5 | 20cb06e83e67d929510963f6571b9ae4 |
| SHA1 | f034408047576d34174ad38b21fc7c06dd04b663 |
| SHA256 | 4d3a30c1d716255488dfa53ffb71a2fe8f5eda48617a9991de69525fb40b9c34 |
| SHA512 | 7f9488aa59a12faaf9825ff3ef7d0540329162d35d9a7fc4d27d041c5c4050ceb8362ddb7e8c1a1ed924f54b5717ab14e796c6454fa9efd385f111f290450e62 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\GenericProvider.dll.mui
| MD5 | 9547095b7e78759943044a014ab80099 |
| SHA1 | 19f3517cf067be623c8cfb5f9e90241a21be3d94 |
| SHA256 | 9f18fdba0b24a584659da2997d7073ce657c060687f9036ed5c47c4db3d0b155 |
| SHA512 | ad499c7708e28fbcf90e3349b83eb029d50e876351749d78e240e12b8a32f7b2ef055a80c96d747585f10f1f4ce26e7ab61c0eddce731e1fe192153c225acf75 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\FolderProvider.dll.mui
| MD5 | 24b20f5fad20048fc14a7777d11d0350 |
| SHA1 | 116c017fa5fa6eb1d8a9db4be27aa55654d53c23 |
| SHA256 | 044382ce1f1d731a50861e19a3cbc7b40138392bd0f317fe8c9eaad305a5b3a7 |
| SHA512 | 8d70563874b7755714e477f1212dd30fa5e51da81516defedc7f6936bf06d275e2b958c732eb1372dc0bf8928c2d9fc00fb2e2c6a2e68d340fa9a5d782a15479 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\FfuProvider.dll.mui
| MD5 | bc34cbf542427b8e6c85441d15aedbcb |
| SHA1 | 6bbacc62093646ca2ad993cffb4a15337ddec11c |
| SHA256 | d9cc3f6b08116296d921f3c56bc211d1f56f36f9a6b08392bf6f8f7515861bee |
| SHA512 | 21c99c423b3e49c9c90e4289b8066b7c7081d59c82cf5e6c2872159eadbcd56e65bf5b93a9392c5b0a935ff6a5dc19adf515c55710e9d77612cf14215e194975 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\DmiProvider.dll.mui
| MD5 | 9861832e96c289f4e834a2263549a355 |
| SHA1 | 684dce192f4522cac5c776511502981be1bae64b |
| SHA256 | 56f92229f79906dce5824f81c5c968ff233fc8127e72129a8552b98e332b987a |
| SHA512 | d525730dd85ff4b661305fa1ba64249668c36b8d2b440ae679bb0fce83b720dea4284c0357fbd0703b738ef374564ad1f0a5bcc83fbc7ac55bd2c8aabbabc6a2 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\DismProv.dll.mui
| MD5 | 90a53f35c435b710ead5f59a5f0a1eee |
| SHA1 | 9c3ce85a0d05973f0e516ad61f2150319212d764 |
| SHA256 | 774266655f7114036ba9054cb1edc73ef188168efa8762d096a8169f0d50bb58 |
| SHA512 | 9851673e2a9ac58417a9ea115e401a8b0e6eed0f5d9d75c4063d62afb45ef5e4e2706bed3ca56bd3ff521fefeb26ab6ea7cd513a60bab90553bd2fac2beb3fc9 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\DismCore.dll.mui
| MD5 | 5b56a6ddfed91aec68fa7b50a5fa2dfe |
| SHA1 | 70e0a4a04b4215e7457be47a6eb5d8cf13032c5c |
| SHA256 | 8b47478a4a01aed9e05d57f874e5171bbed36b5ab8d658053f8677ef9179e2b1 |
| SHA512 | c57ea23952b262c4cf01fe84c7c69014c6f1fec712343179e2bd565c35182421f6382e827f9badb6fedf3057a9a4cabe018193105c03997ecb3c769f4ea6714d |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\CbsProvider.dll.mui
| MD5 | 1773dec13e58de37ea1cd9f7e6aaaee3 |
| SHA1 | 9b1cf9e8c734bd6e23dbba3daabb8d9405cfccee |
| SHA256 | f3ece84f5b96a2bcd79dd09598aa3b8d7e562f420a4d004e4f9f28889d14a7b4 |
| SHA512 | 21083657e88f223ddfbad07aa7cdcf9052e6347a7de4ca9eab87bd0ff612fe9d81e6821e584e0595d181657fc6d78b61edb6a8f4ee01d260bab1083286a575da |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\AssocProvider.dll.mui
| MD5 | 69feb6843b1b243b7ee81dff3d30898a |
| SHA1 | 5b9fd290c0038d39a7cc8f3fdbaa8efb1e8579df |
| SHA256 | 682f5b62ec816f2e9c603d54100ca2a04f0ef53d293ab9fda4d88d5b954f574a |
| SHA512 | 97e20f0052ae3fa499aed6cfe3b905f2b4c9d817aa0e8d81ca8af2de5f2d62ecbc3250d243e5fa9f64fc371b97d7b7a3d19c767eba1b096949a2f62701951651 |
C:\Users\Admin\AppData\Local\Temp\65B805C3-BE90-45A3-BBA2-11F7F680AD25\de-DE\AppxProvider.dll.mui
| MD5 | c0eeea45b07503cdf6033132cdd444c6 |
| SHA1 | 4b81514fad963e87e7e070fce9a8614d5cf23baa |
| SHA256 | 51776526d963bdd7f1b1becb7e2a6ab37922188fef7c444c0474946ec94032e5 |
| SHA512 | a72e5ca651b3a36e55f206fa3f6a27bc3535f2bc3486a0e1e28a5df72d59b7968d5442384bd1902f4466c20319bacd1db3c7adbfa3101f9471521892dcd8d8d4 |
C:\Users\Admin\AppData\Local\Temp\tmp72DF.tmp
| MD5 | bd2866356868563bd9d92d902cf9cc5a |
| SHA1 | c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b |
| SHA256 | 6676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb |
| SHA512 | 5eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27 |
C:\Users\Admin\AppData\Roaming\BoosterX\UninstallBat.bat
| MD5 | 24ee63b11712a972fc928342d0dde44b |
| SHA1 | f12d3382bc816e01699a876e200929d9382cbb22 |
| SHA256 | 632e9aba9bcf5261556106ab0d9d0019eeb34ce5bf30d5bbcd7d3b870c75c05a |
| SHA512 | 0fdccea62a7b5a2128ef6f33bf43565f4894ee580820d50ef42167ab5e09a27972942885e8ba009813f94ec96c116cca36836bd27dfe69d467854df4fc5ea3b2 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2024-05-28.1358.6124.1.aodl
| MD5 | 5e11447fd582594adbeb3b068ae880f5 |
| SHA1 | 1f13b081294279324fe364d51b8f494a574d7a2c |
| SHA256 | 1fdb724f60681b65e338457e662892f8de8f8e2f2e885fbba59154fc2e228b3d |
| SHA512 | 837044a198c249e8900c6b4e8245a25f932b27d1e0278e65eb58626624571002ad0c2a0d4a1388b81d55bfe0263c70947ef818dbb280c5664c12fbb267b42f4b |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session
| MD5 | ed6a2fa3b2dcef37e010b39be00f9863 |
| SHA1 | de6d8c529d98e9c4fab296351be5661938ce19eb |
| SHA256 | b97f7f7cab88d2ffe7a7003c632cbea354782de6c21bb75f80cbe6043e087ae8 |
| SHA512 | edd46e750adc3e5cefd75f88568760ae6310937f9153e8b78ddf6ee49ef68fc8e2c3dfadff3f3cacc256dec18facc2d8c7e4a80fb9d7bbfd6352fa9b8c49af44 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session
| MD5 | e8a8ae8538069d4cc22a82f1e1b91cbd |
| SHA1 | bbc24c18fd88965485c1956cbadf3325cf291868 |
| SHA256 | 80e425e03ae75cdc27b097dc0af1a0e278c040134e1fedb46c019963e5f12e03 |
| SHA512 | a92d12103b50a904f187f5310837bdc3f4ce98595a9105dc90fa26875c1929650c88b1e89887910c5190284945ffc4658df74cbf360a3c13d970438e6dd81633 |
C:\Users\Admin\AppData\Roaming\BoosterX\UninstallBat.bat
| MD5 | 77fcb1a7c83a467dec7641f7d0a172b9 |
| SHA1 | b21f6c52b45f32e837248e566f6e95bfad46df75 |
| SHA256 | 28bcb1d6e07c9b1de9fd04bb8e1a5d5655fe62aa856c676de44840acbab957d6 |
| SHA512 | 8dccec9874a9c10d7ec19ca955b433722d60b858dccb4ae0f8f6663b4353d749ffeb0766768027e8dcf4464d2510113cae14c65389f47bb65f9e768d8a0ab66f |
C:\Users\Admin\AppData\Local\Temp\Microsoft.WebpImageExtensionStoreLogo.scale-100.png
| MD5 | 4c3c59a53d6e32098331c2102571d11f |
| SHA1 | a6c4d5e56c5493a4c501bb34f44f0eafcf49fd73 |
| SHA256 | c8da7f407d9c6838b376e091464082ad9e7462438325f4450bd82453c8f551c0 |
| SHA512 | 79c8c1fc4c3202461e30e45b2db93ce6a3d07244fe60faf2d07ea0b0c3da675f325ee104a9101f8b0a0236941dbbc9255c55aeb49f9c40f9e6d66bc83860d421 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MS6XK32D\microsoft.windows[1].xml
| MD5 | 7f3bec2ea3dd9544194bf0f38222acbf |
| SHA1 | a02fd5379f0f96d29272716f6b91e4cdd06f5fd7 |
| SHA256 | fe71b3f76715a00a50e647221b24d0591ffed9b384f078c7dddbadcbaf8a1ce9 |
| SHA512 | eac9b0d373aeabc3c8b554d82ee123d90ef61fa4186291f1c41412237bdb725da79d1fc2adda0547e0c1936f535cdd458a166e134ce535e9450060ce7c5b36eb |