Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
10/08/2024, 08:43
General
-
Target
zion.exe
-
Size
3.8MB
-
MD5
bb9e693d2df3edaeceb9d8b6cb2fa1df
-
SHA1
0a66c6bca9c11cd5375e7c54897ffc36baab5c27
-
SHA256
201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90
-
SHA512
a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79
-
SSDEEP
98304:sQWQ43Ym5daZdjObRfkqXf0F9+KH4kpc+DX/0H:sQWQ43YmOZdukSIEKYOD
Score
9/10
Malware Config
Signatures
-
Modifies boot configuration data using bcdedit 1 TTPs 3 IoCs
-
Power Settings 1 TTPs 2 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Control Panel 7 IoCs
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\zion.exe"C:\Users\Admin\AppData\Local\Temp\zion.exe"1⤵
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Themes" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\AcpiDev" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CAD" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CldFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\FileCrypt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\GpuEnergyDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\PptpMiniport" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RapiMgr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasAgileVpn" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Rasl2tp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasSstp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wanarp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\wanarpv6" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wdnsfltr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WcesComm" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcifs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcnfs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRT" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRTProxy" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\FVE" /v "DisableExternalDMAUnderLock" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "HVCIMATRequired" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\DXGKrnl\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbehci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbohci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\NDIS\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\disk\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAVC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\storahci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorMagnetism" /v "MagnetismUpdateIntervalInMilliseconds" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorSpeed" /v "CursorUpdateInterval" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v "AlpcWakePolicy" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v ContentEvaluation /t REG_DWORD /d "0" /f > NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ShowStatus" /t REG_DWORD /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ExtraIconsOnMinimized" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Transparency" /t REG_DWORD /d "255" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Label" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\HighContrast" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\SoundSentry" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\TimeOut" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell" /v "FolderType" /t REG_SZ /d "NotSpecified" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "link" /t REG_BINARY /d "00000000" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "186" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "MaximumSpeed" /t REG_SZ /d "40" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "TimeToMaximumSpeed" /t REG_SZ /d "3000" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /t REG_DWORD /d "2" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Language Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Layout Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\AppEvents\Schemes" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DelayedDesktopSwitchTimeout" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_LargeMFUIcons" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t REG_DWORD /d "2" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Gwx" /v "DisableGwx" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableOSUpgrade" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogEnable" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogLevel" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Peernet" /v "Disabled" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Internet Explorer\Main" /v "DEPOff" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Remote Assistance" /v "fAllowToGetHelp" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" /v "UseActionCenterExperience" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices" /v "TCGSecurityActivationDisabled" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\OneDrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d "1" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers" /v "authenticodeenabled" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t REG_DWORD /d "2" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "AllowPepPerfStates" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" /v "fDisablePowerManagement" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\Default\VetoPolicy" /v "EA:EnergySaverEngaged" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\28\VetoPolicy" /v "EA:PowerStateDischarging" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Misc" /v "DeviceIdlePolicy" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores1" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores1" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark1" /t REG_DWORD /d "100" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance1" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution1" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f2⤵
- Power Settings
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f2⤵
- Power Settings
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPCONCURRENCY" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "ProccesorThrottlingEnabled" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleThreshold" /t REG_DWORD /d "1" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdle" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuLatencyTimer" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuSlowdown" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "DedicatedSegmentSize" /t REG_DWORD /d "1298" /f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "Threshold" /t REG_DWORD /d "1" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuDebuggingEnabled" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "ProccesorLatencyThrottlingEnabled" /t REG_DWORD /d "0" /f2⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Themes" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\AcpiDev" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CAD" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CldFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\FileCrypt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\GpuEnergyDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\PptpMiniport" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RapiMgr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasAgileVpn" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Rasl2tp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasSstp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wanarp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\wanarpv6" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wdnsfltr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WcesComm" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcifs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcnfs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRT" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRTProxy" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\FVE" /v "DisableExternalDMAUnderLock" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "HVCIMATRequired" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\DXGKrnl\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbehci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbohci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\NDIS\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\disk\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAVC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\storahci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorMagnetism" /v "MagnetismUpdateIntervalInMilliseconds" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorSpeed" /v "CursorUpdateInterval" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v "AlpcWakePolicy" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v ContentEvaluation /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ShowStatus" /t REG_DWORD /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ExtraIconsOnMinimized" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Transparency" /t REG_DWORD /d "255" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Label" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\HighContrast" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\SoundSentry" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\TimeOut" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell" /v "FolderType" /t REG_SZ /d "NotSpecified" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "link" /t REG_BINARY /d "00000000" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "186" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "MaximumSpeed" /t REG_SZ /d "40" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "TimeToMaximumSpeed" /t REG_SZ /d "3000" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /t REG_DWORD /d "2" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Language Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Layout Hotkey" /t REG_SZ /d "3" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\AppEvents\Schemes" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DelayedDesktopSwitchTimeout" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_LargeMFUIcons" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t REG_DWORD /d "2" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Gwx" /v "DisableGwx" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableOSUpgrade" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogEnable" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogLevel" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Peernet" /v "Disabled" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Internet Explorer\Main" /v "DEPOff" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Remote Assistance" /v "fAllowToGetHelp" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" /v "UseActionCenterExperience" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f > NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices" /v "TCGSecurityActivationDisabled" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\OneDrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d "1" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers" /v "authenticodeenabled" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C FOR /F %%a in ('WMIC PATH Win32_USBHub GET DeviceID^| FINDSTR /L "VID_"') DO ( REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "EnhancedPowerManagementEnabled" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "AllowIdleIrpInD3" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D1Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D2Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D3Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "DeviceSelectiveSuspended" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "SelectiveSuspendEnabled" /T REG_DWORD /d 0 >NUL 2>&1 ECHO Disabling USB idling for %%a )2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C FOR /F "tokens=*" %%a in ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Enum" /S /F "StorPort"^| FINDSTR /E "StorPort"') DO ( REG ADD "%%a" /F /V "EnableIdlePowerManagement" /T REG_DWORD /d 0 >NUL 2>&1 FOR /F "tokens=*" %%z IN ("%%a") DO ( SET STR=%%z SET STR=!STR:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\=! SET STR=!STR:\Device Parameters\StorPort=! ECHO Disabling StorPort Idling for !STR! ) )2⤵
-
-
C:\Windows\system32\cmd.exe"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set hypervisorlaunchtype off2⤵
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set hypervisorlaunchtype off3⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set hypervisorlaunchtype off2⤵
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set hypervisorlaunchtype off3⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set disable8dot3 1 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set disable8dot3 13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set disablelastaccess 13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior query memoryusage >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior query memoryusage3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set memoryusage 2 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set memoryusage 23⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set mftzone 4 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set mftzone 43⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set disablelastaccess 13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set disabledeletenotify 0 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set disabledeletenotify 03⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C fsutil behavior set encryptpagingfile 0 >NUL 2>&12⤵
-
C:\Windows\SysWOW64\fsutil.exefsutil behavior set encryptpagingfile 03⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f > NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C echo y | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo y "3⤵
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f3⤵
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set bootux disabled2⤵
-
C:\Windows\system32\bcdedit.exebcdedit.exe /set bootux disabled3⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&12⤵
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://temp/1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1439032151-114461736-209893012-1481939910-1514887246-1725727301-1447272912050937209"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1515052255-1106295739-20939196321104374528-1389750038-1610614413-684308786-930893433"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "89938811115404413061874134822-777980048-1631972845-840562338292368017-1666090594"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5e0c319595a386945510c1ed7f1728fc1
SHA1c1c782e8d44e74331ac2cb0be3c8afc88e553572
SHA256e87b49ce84066ce4c26237b551b6225cd14fca3d949fe63a00b6d05b6d78abb3
SHA5125eeb0845b686a46f846ec3337d79ab8544013737d42cfd1fbf1bbe33d6518e81a5ad1ccf7eda78258a2f4c2c9dfce3896077197d38373e5f0cfd570b26aaaeac
-
Filesize
2KB
MD545b572d0bb379ede95c1043faa0ea370
SHA1618c227f19dcf389502880f5219ed890dd3d42e7
SHA256e7db42a8b243749ca4d802dd3cdb294c0e3d54524ccb51715a8937c69c113fde
SHA512e75a8b65e9c47662a231eee6a8435efcc121a1b1606076c0d7a17478fc3b5f512a3ee6adcf71bb8b8e1aa5322daeed7cf1b1a9d5fdcdcfe348d80296427517af
-
Filesize
48KB
MD5343fa15c150a516b20cc9f787cfd530e
SHA1369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA5127726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57
-
Filesize
4KB
MD5612a650d1c773ee52d62546e66ff5918
SHA1a7479722bea44f8719b651ba69aa337d60da4290
SHA2569e0774deea09130ce23833cc3f0118e8dd06750e3570a230b199c87cdf354c00
SHA5125882a9d5340d0197c660d0774f22a82f03a0fc73d14476c47d3ab86dfea8f80850bfb8af7a9433b120f4728da4889083086666145b3e2390966e6816ad981483
-
Filesize
12.7MB
MD519a5ca1a8fc272a0a9982d1d874d4c96
SHA147b9c800750180c320ca1e104c391256110327ff
SHA2568f2ef5755d89ae86e3c2c487593ce86a776df2dd77fde50b33f9991dfeb7305d
SHA51252a016deccd0100c2e2144e42225656ec46cacd381054fda24eb1927bc2a4405432c068d6231afe7c02e8df8d931b0d442049f7e233fe8346d65ac3004db55bd
-
Filesize
1.1MB
MD560c09571aba2af4a1dae59b58a393ffe
SHA1297759b3f9902c3777a170a734a936b2e46bfa19
SHA256ad3acfb6a9de1d64ccc4987f17fca06312dc5cf78a32a1e2d08417c94d87ea6c
SHA5127b0981a55d281243f4cb74eefdf46115331905e829e97effbce7350252a36830c55445b8a0d0ecd15d78db1814ab063de0dd9b296a74c29daf6e2646e61e1401
-
Filesize
10KB
MD5dbef78447120e830587017c581f994f1
SHA1ea5214b9503e9a3b5335053b9f2e85c1bd26f3ce
SHA256a380116d80066949811b29c5b53c20488c1ca6b05a955c1698aff58fc18ebf94
SHA512eda079a1c4e25d18099accf11860b7c78c9c303c855d87ddfd1750a41e47571db6acf929921a20be693a18d948799279c3f7be47574a2004810021271d735b3b
-
Filesize
8KB
MD54aae089d3731c3f9dca27587e61cc4a2
SHA197b570c80cce9d68fbdd728f8524d92bce4a5c35
SHA256ed8f2f1786d5c57aee9c8228286f41b1665f46b88b882557675350d5108b438c
SHA5126ec755dc7f6531bf0ecec25f8fbf5f712ccf46f93b954f8acf522b33b4bd13f3781e73f1122a81bd5165c507b0a58222a3cafe6fbd25f5d606b4414a9a4009fc
-
Filesize
203KB
MD5341b5e34c25f09be5c77873cac713164
SHA190d3eba09e21b74843df9621ff003b458f3cc8ed
SHA256d61628b93d12de2f5bc0e3dc01f3e5ea3457eb5dd6b67e7bb0f27f3ffda001e9
SHA5125a82ac5101bed21a079544aa97d702c889d363f04f9b5bcebedca835a8108493d53475e62fbe8bc029a0fcf6221a381d3aa3446c16d4bb0c5b77f8b8ea699b22
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
7KB
MD5a7a850a710198cef50835e894f35325c
SHA1c79012067ce41ca391a1307391c1741814d986f3
SHA25608640681a5a619fd231a7f8447c38461efb5925061fc46e088db063443a6618d
SHA512249681d8783fa8f5f9f7b5cd192e9fc41041df4a210806df6f48b0147f2fe4d65ae05d138d02437505fac2383e305c9dc479c2499b899677ec99d893c82084d3
-
Filesize
1KB
MD5085815e35f5f33645059cb24ee6f6a9b
SHA1927374397a33e9f87df57b5af70a4bdf0a1d486e
SHA256f552b935fd2525a4f47c9bc3a1746d985950bba95356ab46b5e8ce76287e3a92
SHA5126204522d482915cf9d5c6928490f3b297d261df57d1590c565289d264d18ba339b4af50c2061fcd495d6a9f89de8c4ebfadcd9adbf7b82f4bba989d5f616a64b
-
Filesize
2KB
MD57936681dda577329a0833a9870bb8744
SHA11b4789e87643f496f30ebb8fd4027494161bc21b
SHA2566286f7f2b51269179cfba42b7e429d43dac6acb54da7a093a065df64ddda07be
SHA5123815f500ec46993ed4c37e662d6a45726548a33977d03df2b199d079f8e741bbb85447e0439dfb32f48ca601160bdd03401e2410923908f4a203b2ff5a8c281b
-
Filesize
424KB
MD536965efeeeeea19dbec5661aa850ea77
SHA162b885712481a62e372c952913df6ec007c314a7
SHA256ae4851b8406a029cef55abbb1aac5bd1dd3fe3a5d88847f992237776212bce2e
SHA512fc25c820766c3e19083417a2cbea781227d69e84ece0db75dc07f826fb171c889bc5803e9a4bc6a96fc61938a9534880ba7397448937bf7ba70473beb8fccbba
-
Filesize
412KB
MD58db19e02bb21b1bf7b031c2c462a6de4
SHA1759d734dfaf33157502aca8c0c2d47b5dbdb81dc
SHA256690b97c46c037f9b49914224969593d398786c8a5aa8e72f74beb696e6a1dc68
SHA512ad46dd23abbff1e7144df6dbe0ec0fe970566c7adfc2f1e537be2b2391fd6e12ca125d7901f90a363051d6213d0952dd3c4415412ced4ef130a3164b205ab118
-
Filesize
11KB
MD513aa1d5f6a8b832844ef868c800a71c0
SHA11ebba7174738c8b6c158b9d8368adac8c3fdbde0
SHA25679f4b9a856b4d0b7cac8e294240677bb532559f97ef68cbf289141e1f4348a0e
SHA51293ef140e66f166739089ff2effe11e7d6bae5ea57ae1f0beff068fcb577f37b56aa8c314e43bbbc41f5190a10ff06540709c4feae0f036912fea201aed5f9895
-
Filesize
11KB
MD533f8b35d09524d4601db62e7afb60409
SHA1b05c232ba335a25403c1b9fc58d74bf632b5bc26
SHA2568f4729b6991c9d6394abd7da4e17f7971f3e1fa80006d4471fdd0d806ad46031
SHA512c3625945ccce6296d54f349671767ecf1289443afbab85bb22c7a10c5e71d6d1d472824719b34e4684b15e3cd2ac5a74af845251236cf59b8b75431c50d4cea7
-
Filesize
7KB
MD535a6ad112bd3e0d9a09b893c9fcf4479
SHA18c68b841bfd4f0c6f473869d0be59759aec2e134
SHA2565562d0a61a984a6a14cf42ad1570530777bd7dddedc4d9220fba11bca04ba45b
SHA512b2cb30ff036be8bde0f1e57330a4ce1b4368eaa9af7efa460cec9fb2845fdd8d77c0e0be853bf08d2eb848ac6e81184d3ed42962d73bbd4002ea888d7be9da37
-
Filesize
2KB
MD59350e08753e11620571b1426c432777c
SHA1bd1d7971dc453d115eaf63c9cbd4a3c685ad08bb
SHA256d823c15a2df45b2bc34416b8fc1ed37223d9204023fe082ab7499c66b5ffa33c
SHA51281929059d20b175154b33730de386c3b7db4743e605821fabcb1f6e2e2b7f88ba7d83fe0d1e30927ba535a90656d01a012c9f6a81454fd68d61e4ea6090b7cac
-
Filesize
242KB
MD5541f52e24fe1ef9f8e12377a6ccae0c0
SHA1189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA25681e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88
-
Filesize
170KB
MD561698f2ba07bda2ba323140f20b28e28
SHA1d3e46602b6e042abdfb6a8630ccaff23801cd104
SHA25651c06f89c259219fd364b1a36991964e772e968873496a4d61532d488b2cb8c0
SHA512eb7f3dc17e49d2c2191fd6eb235e22ef3aa63157f90da42af3e6653e174e129e663b9c1eac8798d770a99ecdad4230754f07c84a96a73d85e6c8ef14aeb1cfeb
-
Filesize
4KB
MD536cf8d512a14fd2c5263e06775f2da47
SHA13e8ae2e7855ac773837272177b985f1705f65667
SHA256c3d0d9bf10e08fc22138cb4fd1d0fdf59f37cd2e12e3ff779ece43259f861cc9
SHA512e61afb7cf48065a5ad087dcd9ae7ae2c46552cb68c1bd1bd8f9df51b8f0eb040e6e69423d45b09166d16959e7bd1e247d7dd02552da8ec40d9bc805883e58725
-
Filesize
13B
MD5b2a4bc176e9f29b0c439ef9a53a62a1a
SHA11ae520cbbf7e14af867232784194366b3d1c3f34
SHA2567b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73
SHA512e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f
-
Filesize
347B
MD54db097dd1e7a582a23718215c7f81d86
SHA12963f0223d9839938bf024fea1faf03ff920a335
SHA256059543687e9e247de7d4589767cd343b5f7e2d2a7c9db21d9bd44932a70b8952
SHA51202feb81c6e752866826c5740a3bfe8957da2fb003d3f9516b9fe830e78afaca4f4ef26073e3fb3fb8e1ac147ea39c29d44980afa4872717882e570800176b5ae
-
Filesize
33KB
MD53a9157ef3ee77f151941f24ca5e72a0d
SHA1ae37dd4625e98e8f806bcdb4f59eaa250cbf3846
SHA256d5f97906669d1bf7553ebad835e580ae559e62af581951463708e5135de9b74a
SHA5124fd63436362e3ac2f3a090643554ae8a618450e57ba7382f3ad31a8f515cee757c13975a09b833740a3772f7cded7c0770bddbe4247c8b30ac149e648156ad68
-
Filesize
34KB
MD55859909dc26c3d1e40f19f27dfbfbb2f
SHA11ee0f78d3fb3494bbc4de5c5afcfec9851910aa8
SHA25669cc4a1a2215186ed47dadc41c4cc4e0708ce63d3c9279d4e9cbe27924150581
SHA512fc44a616363a7344e28925f94ad63fcbb318be37db2fcf76aed917c21f65f2f337366d513537962401dec1ca6b81efeae158335b7dc50de6f7d5e31c7ddb880e
-
Filesize
44KB
MD513bc1d9176d55a359bb9a0b72957b12d
SHA1337e4985634f676f1dc8b1ab5b02fa430ab5ca11
SHA2565e80a4e4b19b1d5aac0e749e16268f64d887d81b2e81eddfa94147d2590b93fe
SHA512151e9b33020ae14fc988c011ab41d231f1b944e57bb0bbb7ad6d32e2aef86fe72e40d2fad09f1edaf80c65d61bbb27b7272c17113ae28880a4d0c4b539b06092
-
Filesize
35KB
MD51f302c7185ffd3d4b0a11cc0fa6097ce
SHA12da0badfc6aadb54e2c6071dfea770dd2b2a5c63
SHA2562721df6edb5875b8ab7813e38e960339dcc1dcd37f6b6c0fadede03fcc413065
SHA51219c7ed4dfee53c8451e55d6016cafc3c9707adbc42aa34209282e9681bd845debee699ad92392fdf1f78b7c50132d175e593a2242d8aa3df63d6ae0970d05963
-
Filesize
36KB
MD55cd67da940a3309936b976eacabb5cff
SHA17e152e810ad4439a32a1c827a00e6f842fe8df57
SHA2568dd33e57e56a4638533f0a55a1f2ae02ca0970f27a17d0a4d93dfc4918d2bfb2
SHA512516087fb3972144ed061128e5abf9738cdc6f78df46a3f4b88256630c9bfca420aff164c6a48520dd0e740fa60b60be43b19c4fe23637cb998b4f7034d948322
-
Filesize
145KB
MD59d10f99a6712e28f8acd5641e3a7ea6b
SHA1835e982347db919a681ba12f3891f62152e50f0d
SHA25670964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc
SHA5122141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5
-
Filesize
843B
MD58ec90d35d3304b65242eb9eb8ac8bac6
SHA119e71bfe8acc80daa7f689a12c94ca4b3bbbfc84
SHA25633236496bd0b071b92809c67ae56fa41286d38855ddbf5e2c7e67cf71e73872d
SHA512fb54b1ce3327de49c492419519a1308af19e2e651613280ec263f9f39dd810f954bb6cec109a86eced688fd969a42d72cd286394521210eb054163e0ee0d3981
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
4.0MB
-
Filesize
3.8MB
-
Filesize
6.9MB
