Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/850854604554895461/1271993054978379877/zion.exe?ex=66b95b58&is=66b809d8&hm=695201ca1acec349c5bbd4139504d31d00c24a218ae037c846f14484e7b603c1& was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Modifies boot configuration data using bcdedit
Possible privilege escalation attempt
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Disables taskbar notifications via registry modification
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Modifies system executable filetype association
Event Triggered Execution: Component Object Model Hijacking
Modifies file permissions
Checks whether UAC is enabled
Hijack Execution Flow: Executable Installer File Permissions Weakness
Indicator Removal: File Deletion
Command and Scripting Interpreter: PowerShell
Power Settings
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in Windows directory
Hide Artifacts: Ignore Process Interrupts
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
System policy modification
Checks processor information in registry
NTFS ADS
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-11 20:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 20:25
Reported
2024-08-11 20:30
Platform
win10v2004-20240802-en
Max time kernel
300s
Max time network
280s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Disables taskbar notifications via registry modification
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WmiPrvSE.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwm.exe | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwm.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WmiPrvSE.exe | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe\MitigationOptions = 22222222222222222222222222222222 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe | C:\Windows\SysWOW64\reg.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\zion.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Hijack Execution Flow: Executable Installer File Permissions Weakness
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
Indicator Removal: File Deletion
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\powercfg.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\B18DEBBD-6608-4A18-A7CB-4ABDDD4CE33B\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\Dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\FFF1CC39-FBB2-4C01-B2F1-B13B9C26288D\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\FD6B7694-DBA1-475A-831E-78D058D597C3\dismhost.exe | N/A |
Hide Artifacts: Ignore Process Interrupts
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a2808484d8f468e90000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a28084840000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a2808484000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da2808484000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a280848400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Mouse\MouseSensitivity = "10" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Sound\Beep = "No" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SoundSentry\WindowsEffect = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Mouse\MouseSpeed = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\FontSmoothing = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\User Profile\HttpAcceptLanguageOptOut = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Mouse\MouseThreshold1 = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\DragFullWindows = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\Keyboard Response\Flags = "122" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Cursors\ContactVisualization = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\WindowMetrics\MinAnimate = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SoundSentry\FSTextEffect = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SoundSentry\Flags = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\ScreenSaverIsSecure = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\HungAppTimeout = "1000" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\WaitToKillAppTimeout = "1000" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Mouse\MouseHoverTime = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\WindowMetrics\MaxAnimate = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\AutoEndTasks = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Cursors\GestureVisualization = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Mouse\MouseThreshold2 = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\UserPreferencesMask = 9012038010000000 | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SlateLaunch\LaunchAT = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "1000" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Sound\ExtendedSounds = "No" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\StickyKeys\Flags = "506" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SlateLaunch\ATapp | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\SoundSentry\TextEffect = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\ToggleKeys\Flags = "58" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Accessibility\DynamicScrollbars = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\MenuShowDelay = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678816908256972" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\PROGID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\BannerNotificationHandler.BannerNotificationHandler.1 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{1B7AED4F-FCAF-4DA4-8795-C03E635D8EDC}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}\VERSIONINDEPENDENTPROGID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{10C9242E-D604-49B5-99E4-BF87945EF86C}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\AppID\OneDrive.EXE | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{B05D37A9-03A2-45CF-8850-F660DF0CBF07}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\PROGID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{DA82E55E-FA2F-45B3-AEC3-E7294106EF52}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{F0440F4E-4884-4A8F-8A45-BA89C00F96F2}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{0D4E4444-CB20-4C2B-B8B2-94E5656ECAE8}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{E9DE26A1-51B2-47B4-B1BF-C87059CC02A7}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{944903E8-B03F-43A0-8341-872200D2DA9C}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\TypeLib\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0\0 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{5D65DD0D-81BF-4FF4-AEEA-6EFFB445CB3F}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{9E1CD0DF-72E7-4284-9598-342C0A46F96B} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\BANNERNOTIFICATIONHANDLER.BANNERNOTIFICATIONHANDLER\CLSID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{8D3F8F15-1DE1-4662-BF93-762EABE988B2}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{B5C25645-7426-433F-8A5F-42B7FF27A7B2}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Directory\Background\shellex\ContextMenuHandlers\ FileSyncEx | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\System.IsPinnedToNameSpaceTree = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\PROGID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\TYPELIB\{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}\1.0\FLAGS | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\SYNCENGINEFILEINFOPROVIDER.SYNCENGINEFILEINFOPROVIDER\CLSID | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{D8C80EBB-099C-4208-AFA3-FBC4D11F8A3C}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\TYPELIB\{638805C3-4BA3-4AC8-8AAC-71A0BA2BC284}\1.0\HELPDIR | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{A7126D4C-F492-4EB9-8A2A-F673DBDD3334}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{466F31F7-9892-477E-B189-FA5C59DE3603}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\WOW6432Node\Interface\{B05D37A9-03A2-45CF-8850-F660DF0CBF07} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\INTERFACE\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\PROXYSTUBCLSID32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\INTERFACE\{B5C25645-7426-433F-8A5F-42B7FF27A7B2}\TYPELIB | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8} | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_CLASSES\WOW6432NODE\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\INPROCSERVER32 | C:\Windows\SysWOW64\OneDriveSetup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 668298.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\zion.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\zion.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\zion.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\MaxTelemetryAllowed = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowOnlineTips = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput\AllowLinguisticDataCollection = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\TurnOffWinCal = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\AllowTelemetry = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "255" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput\AllowLanguageFeaturesUninstall = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAMeetNow = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation = "1" | C:\Users\Admin\Downloads\zion.exe | N/A |
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/850854604554895461/1271993054978379877/zion.exe?ex=66b95b58&is=66b809d8&hm=695201ca1acec349c5bbd4139504d31d00c24a218ae037c846f14484e7b603c1&
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,8803182847308814858,10175143125722004731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\zion.exe
"C:\Users\Admin\Downloads\zion.exe"
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" /restoredefaultschemes
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -duplicatescheme 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c 00000000-0000-0000-0000-000000000000
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setactive 00000000-0000-0000-0000-000000000000
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -changename 00000000-0000-0000-0000-000000000000 "ZION Tweaking"
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -hibernate off
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex 00000000-0000-0000-0000-000000000000 54533251-82be-4824-96c1-47b60b740d00 921becee-fb48-4e16-8c5c-9b8997d07bce 0
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex 00000000-0000-0000-0000-000000000000 0cc5b647-c1df-4637-891a-dec35c318583 12bbebe6-58d6-4636-95bb-3217ef867c1a 0
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex 00000000-0000-0000-0000-000000000000 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 5d76a2ca-e8c0-402f-a133-2158492d58ad 0
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex 00000000-0000-0000-0000-000000000000 75b0ae3f-bce9-490a-80b1-aef3b9f7b8fe 5d76a2ca-e8c0-402f-a133-2158492d58ad 0
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex 00000000-0000-0000-0000-000000000000 5ca83367-6e45-459f-a27b-476b1d01c936 8ba3d6a4-fe92-4783-84ef-5650e77f1ef6 0
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setactive 00000000-0000-0000-0000-000000000000
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex scheme_current sub_processor 5d76a2ca-e8c0-402f-a133-2158492d58ad 1
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setactive scheme_current
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\ModernSleep" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power\ModernSleep" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v "CoalescingTimerInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmickvpexchange" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmickvpexchange" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicguestinterface" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicguestinterface" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicshutdown" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicshutdown" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicheartbeat" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicheartbeat" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicvmsession" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicvmsession" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicrdv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicrdv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmictimesync" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmictimesync" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmicvss" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmicvss" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\hyperkbd" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\hyperkbd" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\hypervideo" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\hypervideo" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\gencounter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\gencounter" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vmgid" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vmgid" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\storflt" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\storflt" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\bttflt" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\bttflt" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\vpci" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\vpci" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\hvservice" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\hvservice" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\hvcrash" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\hvcrash" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Services\HvHost" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Services\HvHost" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C devmanview /disable "Remote Desktop Device Redirector Bus"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disable8dot3 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disable8dot3 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disablelastaccess 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior query memoryusage >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior query memoryusage
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set memoryusage 2 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set memoryusage 2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set mftzone 4 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set mftzone 4
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disablelastaccess 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disabledeletenotify 0 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disabledeletenotify 0
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set encryptpagingfile 0 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set encryptpagingfile 0
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C echo y | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y "
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Themes" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\AcpiDev" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CAD" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\CldFlt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\FileCrypt" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\GpuEnergyDrv" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\PptpMiniport" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RapiMgr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasAgileVpn" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Rasl2tp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\RasSstp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wanarp" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\wanarpv6" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wdnsfltr" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WcesComm" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcifs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\Wcnfs" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRT" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\WindowsTrustedRTProxy" /v "Start" /t REG_DWORD /d "4" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\FVE" /v "DisableExternalDMAUnderLock" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\DeviceGuard" /v "HVCIMATRequired" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\DXGKrnl\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\HidUsb\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\mouhid\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbehci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbhub\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbohci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\usbuhci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\NDIS\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "ThreadPriority" /t REG_DWORD /d "15" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\AFD\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\disk\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\iaStorAVC\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\Ntfs\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\storahci\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\stornvme\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters" /v "ThreadPriority" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorMagnetism" /v "MagnetismUpdateIntervalInMilliseconds" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\SOFTWARE\Microsoft\Input\Settings\ControllerProcessor\CursorSpeed" /v "CursorUpdateInterval" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager" /v "AlpcWakePolicy" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v ContentEvaluation /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ShowStatus" /t REG_DWORD /d "3" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "ExtraIconsOnMinimized" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Transparency" /t REG_DWORD /d "255" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\CTF\LangBar" /v "Label" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\HighContrast" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\Keyboard Response" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\SoundSentry" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\TimeOut" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKU\.DEFAULT\Control Panel\Accessibility\ToggleKeys" /v "Flags" /t REG_SZ /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "NavPaneShowAllFolders" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell" /v "FolderType" /t REG_SZ /d "NotSpecified" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" DELETE "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer" /v "link" /t REG_BINARY /d "00000000" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "Flags" /t REG_SZ /d "186" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "MaximumSpeed" /t REG_SZ /d "40" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Control Panel\Accessibility\MouseKeys" /v "TimeToMaximumSpeed" /t REG_SZ /d "3000" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "AUOptions" /t REG_DWORD /d "2" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters" /v "AutoShareWks" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Language Hotkey" /t REG_SZ /d "3" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Hotkey" /t REG_SZ /d "3" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Keyboard Layout\Toggle" /v "Layout Hotkey" /t REG_SZ /d "3" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\AppEvents\Schemes" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "DelayedDesktopSwitchTimeout" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCANetwork" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_LargeMFUIcons" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background" /v "OEMBackground" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects" /v "VisualFXSetting" /t REG_DWORD /d "2" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Gwx" /v "DisableGwx" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" /v "DisableOSUpgrade" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogEnable" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WUDF" /v "LogLevel" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Peernet" /v "Disabled" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Internet Explorer\Main" /v "DEPOff" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\Remote Assistance" /v "fAllowToGetHelp" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell" /v "UseActionCenterExperience" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo" /v "DisabledByGroupPolicy" /t REG_DWORD /d "1" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices" /v "TCGSecurityActivationDisabled" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\OneDrive" /v "DisableFileSyncNGSC" /t REG_DWORD /d "1" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\safer\codeidentifiers" /v "authenticodeenabled" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\Software\Policies\Microsoft\Windows\Windows Search" /v "AllowIndexingEncryptedStoresOrItems" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" ADD "HKLM\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger" /v "Start" /t REG_DWORD /d "0" /f > NUL 2>&1
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /deletevalue useplatformclock
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set useplatformtick yes
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set disabledynamictick yes
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set tscsyncpolicy Enhanced
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set bootdebug No
C:\Windows\system32\bcdedit.exe
bcdedit.exe /deletevalue useplatformclock
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set bootlog No
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set bootux disabled
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set useplatformtick yes
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set disabledynamictick yes
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set debug No
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set tscsyncpolicy Enhanced
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set bootdebug No
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set disableelamdrivers Yes
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set bootlog No
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set bootux disabled
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set disableelamdrivers Yes
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set debug No
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set integrityservices disable
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set quietboot yes
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set tpmbootentropy ForceDisable
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set integrityservices disable
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set quietboot yes
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /timeout 3
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set {globalsettings} custom:16000067 true
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set {globalsettings} custom:16000069 true
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set tpmbootentropy ForceDisable
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set {globalsettings} custom:16000068 true
C:\Windows\system32\bcdedit.exe
bcdedit.exe /timeout 3
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set {globalsettings} custom:16000067 true
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set {globalsettings} custom:16000069 true
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set {globalsettings} custom:16000068 true
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disable8dot3 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disable8dot3 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disablelastaccess 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior query memoryusage >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior query memoryusage
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set memoryusage 2 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set memoryusage 2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set mftzone 4 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set mftzone 4
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disablelastaccess 1 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disablelastaccess 1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set disabledeletenotify 0 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set disabledeletenotify 0
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C fsutil behavior set encryptpagingfile 0 >NUL 2>&1
C:\Windows\SysWOW64\fsutil.exe
fsutil behavior set encryptpagingfile 0
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f > NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\StorageSense" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v "ProtectionMode" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v MoveImages /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettings /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C echo y | reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y "
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "LargeSystemCache" /t REG_DWORD /d "1"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v "DisablePagingExecutive" /t REG_DWORD /d "1" /f
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C FOR /F %%a in ('WMIC PATH Win32_USBHub GET DeviceID^| FINDSTR /L "VID_"') DO ( REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "EnhancedPowerManagementEnabled" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "AllowIdleIrpInD3" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D1Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D2Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "fid_D3Latency" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "DeviceSelectiveSuspended" /T REG_DWORD /d 0 >NUL 2>&1 REG ADD "HKLM\SYSTEM\CurrentControlSet\Enum\%%a\Device Parameters" /F /V "SelectiveSuspendEnabled" /T REG_DWORD /d 0 >NUL 2>&1 ECHO Disabling USB idling for %%a )
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C FOR /F "tokens=*" %%a in ('REG QUERY "HKLM\SYSTEM\CurrentControlSet\Enum" /S /F "StorPort"^| FINDSTR /E "StorPort"') DO ( REG ADD "%%a" /F /V "EnableIdlePowerManagement" /T REG_DWORD /d 0 >NUL 2>&1 FOR /F "tokens=*" %%z IN ("%%a") DO ( SET STR=%%z SET STR=!STR:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\=! SET STR=!STR:\Device Parameters\StorPort=! ECHO Disabling StorPort Idling for !STR! ) )
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set hypervisorlaunchtype off
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubDelay" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubInterval" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubPower" /t REG_DWORD /d "18" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubThreshold" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubType" /t REG_DWORD /d "2" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValue" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueMaximum" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueMinimum" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueStep" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDefault" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueCurrent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValuePrevious" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueNext" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueLast" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueFirst" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueIndex" /t REG_DWORD /d "42" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueName" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDescription" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueEnabled" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDisabled" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueVisible" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueHidden" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueReadOnly" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueReadnv11" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValuenv11Only" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueExecute" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueNoExecute" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueSystem" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueUser" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubPower" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDisabled" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubPower" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueCustom" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueAuto" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueManual" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueAutomatic" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDisabledByDefault" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueEnabledByDefault" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDefaultEnabled" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDefaultDisabled" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDefaultAuto" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleScrubValueDefaultManual" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableLLTDIO /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnDomain /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowLLTDIOOnPublicNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitLLTDIOOnPrivateNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v EnableRspndr /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnDomain /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v AllowRspndrOnPublicNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f >NUL 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\LLTD" /v ProhibitRspndrOnPrivateNet /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t REG_DWORD /d "2" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "AllowPepPerfStates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" /v "fDisablePowerManagement" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\Default\VetoPolicy" /v "EA:EnergySaverEngaged" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\28\VetoPolicy" /v "EA:PowerStateDischarging" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Misc" /v "DeviceIdlePolicy" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPCONCURRENCY" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "ProccesorThrottlingEnabled" /t REG_DWORD /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdleThreshold" /t REG_DWORD /d "1" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuIdle" /t REG_DWORD /d "0" /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuLatencyTimer" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuSlowdown" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "DedicatedSegmentSize" /t REG_DWORD /d "1298" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "Threshold" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "CpuDebuggingEnabled" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\ControlSet001\Control\Processor" /v "ProccesorLatencyThrottlingEnabled" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print" /v "PortThreadPriority" /t REG_DWORD /d "00000001" /f >nul 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print" /v "PortThreadPriority" /t REG_DWORD /d "00000001" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print" /v "PriorityClass" /t REG_DWORD /d "00000001" /f >nul 2>&1
C:\Windows\SysWOW64\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print" /v "PriorityClass" /t REG_DWORD /d "00000001" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit -set disabledynamictick yes
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit -set useplatformtick yes
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C chcp 437 > nul
C:\Windows\SysWOW64\chcp.com
chcp 437
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C PowerShell "ForEach($v in (Get-Command -Name 'Set-ProcessMitigation').Parameters['Disable'].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString() -ErrorAction SilentlyContinue}"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PowerShell "ForEach($v in (Get-Command -Name 'Set-ProcessMitigation').Parameters['Disable'].Attributes.ValidValues){Set-ProcessMitigation -System -Disable $v.ToString() -ErrorAction SilentlyContinue}"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t REG_DWORD /d "2" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\943c8cb6-6f93-4227-ad87-e9a3feec08d1" /v "Attributes" /t REG_DWORD /d "2" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\2a737441-1930-4402-8d77-b2bebba308a3\d4e98f31-5ffe-4ce1-be31-1b38b384c009\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e" /v "DCSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\3b04d4fd-1cc7-4f23-ab1c-d1337819c4bb\DefaultPowerSchemeValues\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c" /v "ACSettingIndex" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "AllowPepPerfStates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "AllowPepPerfStates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "Class1InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "InitialUnparkCount" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" /v "fDisablePowerManagement" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy" /v "fDisablePowerManagement" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\Default\VetoPolicy" /v "EA:EnergySaverEngaged" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\Default\VetoPolicy" /v "EA:EnergySaverEngaged" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\28\VetoPolicy" /v "EA:PowerStateDischarging" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PDC\Activators\28\VetoPolicy" /v "EA:PowerStateDischarging" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Misc" /v "DeviceIdlePolicy" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Misc" /v "DeviceIdlePolicy" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "PerfEnergyPreference" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMinCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPMaxCores1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CpLatencyHintUnpark" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance1" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "MaxPerformance" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPDistribution1" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKCU\Control Panel\PowerCfg\GlobalPowerPolicy" /v "Policies" /t REG_BINARY /d "01000000020000000100000000000000020000000000000000000000000000002c0100003232030304000000040000000000000000000000840300002c01000000000000840300000001646464640000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Cstates" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Processor" /v "Capabilities" /t REG_DWORD /d "516198" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "HighestPerformance" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MinimumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumThrottlePercent" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power" /v "MaximumPerformancePercent" /t REG_DWORD /d "100" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling" /v "PowerThrottlingOff" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPHEADROOM" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPCONCURRENCY" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SYSTEM\CurrentControlSet\Control\Power\Policy\Settings\Processor" /v "CPCONCURRENCY" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "10" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "10" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Background Only" /t REG_SZ /d "True" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Background Only" /t REG_SZ /d "True" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Priority" /t REG_DWORD /d "6" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Priority" /t REG_DWORD /d "6" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Scheduling Category" /t REG_SZ /d "Medium" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Scheduling Category" /t REG_SZ /d "Medium" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Background Only" /t REG_SZ /d "True" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Background Only" /t REG_SZ /d "True" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Priority" /t REG_DWORD /d "5" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Priority" /t REG_DWORD /d "5" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Scheduling Category" /t REG_SZ /d "Medium" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Scheduling Category" /t REG_SZ /d "Medium" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Background Only" /t REG_SZ /d "True" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Background Only" /t REG_SZ /d "True" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "BackgroundPriority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "BackgroundPriority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Scheduling Category" /t REG_SZ /d "High" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Scheduling Category" /t REG_SZ /d "High" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Background Only" /t REG_SZ /d "True" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Background Only" /t REG_SZ /d "True" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority" /t REG_DWORD /d "4" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Scheduling Category" /t REG_SZ /d "Medium" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Scheduling Category" /t REG_SZ /d "Medium" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Background Only" /t REG_SZ /d "False" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Background Only" /t REG_SZ /d "False" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "BackgroundPriority" /t REG_DWORD /d "4" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "BackgroundPriority" /t REG_DWORD /d "4" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Priority" /t REG_DWORD /d "3" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Priority" /t REG_DWORD /d "3" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Scheduling Category" /t REG_SZ /d "Medium" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Scheduling Category" /t REG_SZ /d "Medium" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Background Only" /t REG_SZ /d "False" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Background Only" /t REG_SZ /d "False" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Priority" /t REG_DWORD /d "1" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Priority" /t REG_DWORD /d "1" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Background Only" /t REG_SZ /d "True" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Background Only" /t REG_SZ /d "True" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Priority" /t REG_DWORD /d "5" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Priority" /t REG_DWORD /d "5" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Scheduling Category" /t REG_SZ /d "Medium" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "Scheduling Category" /t REG_SZ /d "Medium" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "SFIO Priority" /t REG_SZ /d "Normal" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Window Manager" /v "SFIO Priority" /t REG_SZ /d "Normal" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Affinity" /t REG_DWORD /d "0" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Affinity" /t REG_DWORD /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Background Only" /t REG_SZ /d "False" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Background Only" /t REG_SZ /d "False" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Clock Rate" /t REG_DWORD /d "10000" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Clock Rate" /t REG_DWORD /d "10000" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "GPU Priority" /t REG_DWORD /d "8" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "GPU Priority" /t REG_DWORD /d "8" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Priority" /t REG_DWORD /d "6" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Priority" /t REG_DWORD /d "6" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Scheduling Category" /t REG_SZ /d "High" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Scheduling Category" /t REG_SZ /d "High" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "SFIO Priority" /t REG_SZ /d "High" /f > nul 2>&1
C:\Windows\SysWOW64\reg.exe
Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "SFIO Priority" /t REG_SZ /d "High" /f
C:\Windows\system32\cmd.exe
"C:\Windows\Sysnative\cmd.exe" /c bcdedit.exe /set bootux disabled
C:\Windows\system32\bcdedit.exe
bcdedit.exe /set bootux disabled
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwm.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwm.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WmiPrvSE.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WmiPrvSE.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogon.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\reg.exe
reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe" /v "MitigationOptions" /t REG_BINARY /d "22222222222222222222222222222222" /f
C:\Windows\SysWOW64\powercfg.exe
"C:\Windows\System32\powercfg.exe" -setacvalueindex scheme_current sub_processor THROTTLING 0
C:\Users\Admin\AppData\Roaming\zion\nvidiaProfileInspector.exe
"C:\Users\Admin\AppData\Roaming\zion\nvidiaProfileInspector.exe" "C:\Users\Admin\AppData\Roaming\zion\zion.nip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa096ecc40,0x7ffa096ecc4c,0x7ffa096ecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3364,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4344,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4636 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4648,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4308 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5088,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4640,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5184,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5228 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4812,i,15339287377433887752,9542456540979846259,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5240 /prefetch:1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Active Setup\Installed Components\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56CA197F-543C-40DC-953C-B9C6196C92A5}" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0948A341-8E1E-479F-A667-6169E4D5CB2A}" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0948A341-8E1E-479F-A667-6169E4D5CB2A}" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56CA197F-543C-40DC-953C-B9C6196C92A5}" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineCore" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\System32\reg.exe" delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BraveSoftwareUpdateTaskMachineUA" /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.3DBuilder | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.AppConnector | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingTranslator | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.GetHelp | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Microsoft3DViewer | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MicrosoftSolitaireCollection | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.NetworkSpeedTest | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.News | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Office.Lens | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.People | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Windows.PeopleExperienceHost | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.StorePurchaseApp | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Wallet | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Whiteboard | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsAlarms | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage microsoft.windowscommunicationsapps | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsFeedbackHub | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsSoundRecorder | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Advertising.Xaml_10.1712.5.0_x64__8wekyb3d8bbwe | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MixedReality.Portal | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.3DViewer | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingFoodAndDrink | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingHealthAndFitness | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingTravel | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.DesktopAppInstaller | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.GetHelp | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.GetOffice | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Microsoft3DViewer | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MicrosoftSolitaireCollection | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MSPaint | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.People | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.Print3D | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.ScreenSketch | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsCalculator | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.WindowsCamera | Remove-AppxPackage
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-AppxPackage Microsoft.MicrosoftEdge | Remove-AppxPackage -AllUsers
C:\Windows\SysWOW64\Dism.exe
"C:\Windows\System32\Dism.exe" /online /enable-feature /featurename:DesktopExperience /all /norestart
C:\Windows\SysWOW64\Dism.exe
"C:\Windows\System32\Dism.exe" /online /enable-feature /featurename:LegacyComponents /all /norestart
C:\Windows\SysWOW64\Dism.exe
"C:\Windows\System32\Dism.exe" /online /enable-feature /featurename:DirectPlay /all /norestart
C:\Windows\SysWOW64\Dism.exe
"C:\Windows\System32\Dism.exe" /online /enable-feature /featurename:NetFx4-AdvSrvs /all /norestart
C:\Windows\SysWOW64\Dism.exe
"C:\Windows\System32\Dism.exe" /online /enable-feature /featurename:NetFx3 /all /norestart
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\dismhost.exe {CD39317C-792E-4154-9EB0-0953C03F4FEF}
C:\Users\Admin\AppData\Local\Temp\FFF1CC39-FBB2-4C01-B2F1-B13B9C26288D\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\FFF1CC39-FBB2-4C01-B2F1-B13B9C26288D\dismhost.exe {023D705A-0CE7-44D0-BB67-FC30DE726D3F}
C:\Users\Admin\AppData\Local\Temp\FD6B7694-DBA1-475A-831E-78D058D597C3\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\FD6B7694-DBA1-475A-831E-78D058D597C3\dismhost.exe {67788500-A372-4B1A-B87E-39A610CE37DB}
C:\Users\Admin\AppData\Local\Temp\B18DEBBD-6608-4A18-A7CB-4ABDDD4CE33B\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\B18DEBBD-6608-4A18-A7CB-4ABDDD4CE33B\dismhost.exe {71BFA1AC-5BE6-4E12-A73F-8835319C2529}
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\dismhost.exe {CE29BAE5-DD61-4462-9E95-4FBCF6E78DC4}
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C takeown /F %WINDIR%\System32\mobsync.exe /A & icacls %WINDIR%\System32\mobsync.exe /grant Administrators:(F)
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\takeown.exe
takeown /F C:\Windows\System32\mobsync.exe /A
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\System32\mobsync.exe /grant Administrators:(F)
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C REN %WINDIR%\System32\mobsync.exe mobsync.old
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\helpPane.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\backgroundtaskhost.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\EaseOfAccessDialog.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\RuntimeBroker.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\magnify.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\narrator.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\System32\smartscreen.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\backgroundtaskhost.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\EaseOfAccessDialog.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\magnify.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\mobsync.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\flashPlayerCPLApp.cpl"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C DEL /Q "C:\Windows\SysWOW64\flashPlayerApp.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command " $sysWOW64Path = 'C:\Windows\SysWOW64\OneDriveSetup.exe' $system32Path = 'C:\Windows\System32\OneDriveSetup.exe' if (Test-Path -Path $sysWOW64Path) { & $sysWOW64Path /uninstall } if (Test-Path -Path $system32Path) { & $system32Path /uninstall } Start-Sleep -Seconds 5 # Aguarde um tempo para garantir que o OneDrive seja desinstalado # Remove leftover OneDrive files $paths = @( [System.IO.Path]::Combine($env:LOCALAPPDATA, 'Microsoft\OneDrive'), [System.IO.Path]::Combine($env:ProgramData, 'Microsoft OneDrive'), [System.IO.Path]::Combine($env:USERPROFILE, 'OneDrive'), [System.IO.Path]::Combine($env:USERPROFILE, 'AppData\Local\Microsoft\OneDrive') ) foreach ($path in $paths) { if (Test-Path -Path $path) { Remove-Item -Path $path -Recurse -Force -ErrorAction SilentlyContinue } } # Remove OneDrive from registry $registryPaths = @( 'HKCU:\Software\Microsoft\OneDrive\UserFolder', 'HKCU:\Software\Microsoft\OneDrive\UserConsent' ) foreach ($regPath in $registryPaths) { if (Test-Path -Path $regPath) { Remove-ItemProperty -Path $regPath -Name * -ErrorAction SilentlyContinue } } # Disable OneDrive service Set-Service -Name OneSyncSvc -StartupType Disabled "
C:\Windows\SysWOW64\OneDriveSetup.exe
"C:\Windows\SysWOW64\OneDriveSetup.exe" /uninstall
C:\Windows\SysWOW64\OneDriveSetup.exe
"C:\Windows\System32\OneDriveSetup.exe" /uninstall
C:\Windows\SysWOW64\OneDriveSetup.exe
"C:\Windows\SysWOW64\OneDriveSetup.exe" C:\Windows\SysWOW64\OneDriveSetup.exe /uninstall /permachine /childprocess /silent /enableOMCTelemetry /enableExtractCabV2 /cusid:S-1-5-21-656926755-4116854191-210765258-1000
C:\Windows\SysWOW64\OneDriveSetup.exe
C:\Windows\SysWOW64\OneDriveSetup.exe /uninstall /peruser /childprocess /enableOMCTelemetry /enableExtractCabV2
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\SysWOW64\OneDriveSetup.exe
"C:\Windows\SysWOW64\OneDriveSetup.exe" C:\Windows\SysWOW64\OneDriveSetup.exe /uninstall /permachine /childprocess /silent /enableOMCTelemetry /enableExtractCabV2 /cusid:S-1-5-21-656926755-4116854191-210765258-1000
C:\Windows\SysWOW64\OneDriveSetup.exe
C:\Windows\SysWOW64\OneDriveSetup.exe /uninstall /peruser /childprocess /enableOMCTelemetry /enableExtractCabV2
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\048e2077529d440e82a500184aafd998 /t 2000 /p 1300
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | uc9c3d1557e9bbfe5113f2aaee8a.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc9c3d1557e9bbfe5113f2aaee8a.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uc45d5262506686554ad20368c96.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | uc45d5262506686554ad20368c96.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| NL | 142.250.179.174:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.174:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.google.com | udp |
| NL | 142.251.36.46:443 | chromewebstore.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 216.58.208.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.251.36.14:443 | apis.google.com | tcp |
| NL | 142.250.179.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 142.251.39.97:443 | lh3.googleusercontent.com | udp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | scone-pa.clients6.google.com | udp |
| NL | 142.250.179.138:443 | scone-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| NL | 142.251.36.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | scone-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 92.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_4752_OOJJZEYDRDPYNETF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 445e9cab3d3cf0d31a63aaea9c7c41d8 |
| SHA1 | fa43c3a842081f64cb2bbe895fb5603ee52b5ccc |
| SHA256 | 5f26c31d13f44f6837ded61798118ab4825619ab2e6dbb5662ce8b03b71ac06c |
| SHA512 | ae71e962a3dc7171c7de3686ec62d53c704b8b9b11bb6a09a1c68baa7cf6b3d9ea684ce05730c11a7b139beb82ea10ba7a2b719133326f39c462e83b2b7d1c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Unconfirmed 668298.crdownload
| MD5 | bb9e693d2df3edaeceb9d8b6cb2fa1df |
| SHA1 | 0a66c6bca9c11cd5375e7c54897ffc36baab5c27 |
| SHA256 | 201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90 |
| SHA512 | a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5c480383d4c9162ce67ee1103457919e |
| SHA1 | 0e1d4cf10b5d2303e1d9617fa0f3057dfe484141 |
| SHA256 | 3b3d027d1a568863cf90211b1307859eb9c0da7a1e213c64f43ec7841af5101d |
| SHA512 | b4358e460e45d33db3ad5947f54f86ae4561d7bd44444badf8074b344be994b551cfaf514749e045557442fabb4f7145b46574d5034e4e4265609ab383a7594b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cd3dea0c4e9371c6891a55a1c3deb12 |
| SHA1 | a8f8d96631b9609b95340ab37fb70ba10796e347 |
| SHA256 | f448a757ef2bd54830a2855343a970c3e11e8ec4fa6e4c1dd38b94f754b39b96 |
| SHA512 | eee610eaa1601e189454b59b8a0731fed840e2426321cdbea81cadd8fa12c8572017af92c475273b64fa5898520cc3a08f0edef6d208b6c2a541063e3a44dea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
memory/1300-153-0x0000000000D70000-0x0000000001136000-memory.dmp
memory/1300-154-0x0000000006270000-0x0000000006814000-memory.dmp
memory/1300-155-0x0000000005B60000-0x0000000005BF2000-memory.dmp
memory/1300-156-0x0000000005DC0000-0x00000000061C6000-memory.dmp
memory/1300-157-0x0000000005C60000-0x0000000005C6A000-memory.dmp
memory/3208-158-0x0000000004CA0000-0x0000000004CD6000-memory.dmp
memory/3208-159-0x0000000005310000-0x0000000005938000-memory.dmp
memory/3208-160-0x0000000005A70000-0x0000000005A92000-memory.dmp
memory/3208-166-0x0000000005B10000-0x0000000005B76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pk1yeh2m.zqd.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3208-167-0x0000000005BF0000-0x0000000005C56000-memory.dmp
memory/3208-172-0x0000000005DB0000-0x0000000006104000-memory.dmp
memory/3208-173-0x0000000006200000-0x000000000621E000-memory.dmp
memory/3208-174-0x0000000006230000-0x000000000627C000-memory.dmp
memory/3208-175-0x00000000071E0000-0x0000000007212000-memory.dmp
memory/3208-176-0x000000006E5A0000-0x000000006E5EC000-memory.dmp
memory/3208-186-0x00000000067D0000-0x00000000067EE000-memory.dmp
memory/3208-187-0x00000000074D0000-0x0000000007573000-memory.dmp
memory/3208-188-0x0000000007C00000-0x000000000827A000-memory.dmp
memory/3208-189-0x0000000007280000-0x000000000729A000-memory.dmp
memory/3208-190-0x00000000075C0000-0x00000000075CA000-memory.dmp
memory/3208-191-0x00000000077F0000-0x0000000007886000-memory.dmp
memory/3208-192-0x0000000007750000-0x0000000007761000-memory.dmp
memory/3208-193-0x0000000007780000-0x000000000778E000-memory.dmp
memory/3208-194-0x0000000007790000-0x00000000077A4000-memory.dmp
memory/3208-195-0x00000000077D0000-0x00000000077EA000-memory.dmp
memory/3208-196-0x00000000077C0000-0x00000000077C8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Zion\nvidiaProfileInspector.exe
| MD5 | ff5f39370b67a274cb58ba7e2039d2e2 |
| SHA1 | 3020bb33e563e9efe59ea22aa4588bed5f1b2897 |
| SHA256 | 1233487ea4db928ee062f12b00a6eda01445d001ab55566107234dea4dc65872 |
| SHA512 | 7decec37c80d1d5ad6296d737d5d16c4fc92353a3ae4bd083c4a7b267bb6073a53d9f6152b20f9b5e62ba6c93f76d08f813812a83ce164db4c91107d7ad5a95f |
memory/4652-211-0x00000146E7470000-0x00000146E74FC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 4e640affc7b2fb8eed6d2ec46aefc558 |
| SHA1 | e58beb4ca5a2673be9cb0b9d7c1bb9f69897caaa |
| SHA256 | c8f254b953927897857b75b024c0cbfdcae988e8b8f052b22b8d099cdee7baa3 |
| SHA512 | 711d252970cf44574392e5e7d08c73828aebdbdae3b06893bee2456003ffc80bf2eb1a4a51c001819e889a8d6b32d8738c37d8dd10e8f7c4fcbbd357e363b5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0c4f0aba564c7342d9b5482c2525875d |
| SHA1 | e03ed2a73dfc011f57522289fa199cab5015c970 |
| SHA256 | 1837428fb04d3fc68e3dca21a6934f8b7edb853e3456c913404d62f3e9cda7b1 |
| SHA512 | 51f7aa0c3368a2b3b20fcdd5d0a6af8e65fde42b1c2f2f351b858fb70b46ddd7810ede98f2b2a19a0f88274301e9a8e11b6ea1241f091d7f45e23e62c8243b4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 763103ab19f1bc648074e79eeff56655 |
| SHA1 | e17a648ddb129c45bd666f6abd1e9b0191bd62a7 |
| SHA256 | bb16fc27d0104d7f64044c3da26c90ebe16aaefa33cd8031436b33f8db66c525 |
| SHA512 | 50b4a5a6374e91ad07738e622a17b88a17ebd0044da396e52122c207454219327e1298912d502dfb9bae0a9cacb269b1e1b39b19eb92fb13934e6d58375e870e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56fab01ab4579e1734ac96101453b654 |
| SHA1 | b87fd6c88e6ddef59acd0796d46cbe3ce2a2fa07 |
| SHA256 | 85a872180b7bd6f9c904945f2d71a06653d4a1c3469d5e3c8a39778d8aad5f22 |
| SHA512 | d706bd08e1776847f5c41779adddfe8d6852681bb5d81032fdd83367b52dab23385d35bfee241435c13d05e5ed577f5e931dcb5d0ae9f0b8194b4f2bd8c23edc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2336a728-4f5f-46f6-a882-6cabd6c0a86e.tmp
| MD5 | f11299f7919a2fa1ba5499af645f4401 |
| SHA1 | b9225c563b6998ccf418812f3f41ce66213e1e6b |
| SHA256 | 261e5b42fd0ccf82d788ff2362f01dc6078717464b6588ba634d08352789e043 |
| SHA512 | ff1a204035597852c8826b80a0d4d3a6d316e1c9567bac1b4ca5e27c32569a84a54e625ba6161473bd0c79c829224f126f7d05fa907dcb47f0f5a598b21f049e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 10e7d2d2d47f9b94b1e29cf3a137db09 |
| SHA1 | c3075b2e8cae1c7e388262ffd5c4da3af457fbdf |
| SHA256 | 66bae82737ac6d6505a0363f4a938a61f448bfb644d8ff1edf7ca2edb180478a |
| SHA512 | a2b8f9c4a531ced8481cb5d152f5951c13a537b92404f33a56d9b4cc52f586b7a8b8f98f3baf4a228c2089f148c281089763127582306f05c14783552a4fd9c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53202b1d9a06b31c42e85c80ed38651e |
| SHA1 | 63e891060a1e812d14e8b4824d35e2b04be1a919 |
| SHA256 | 63a879a94a8177b9c606b9685d2c724cf9a41f73a633e0ae051f11185e5ab04f |
| SHA512 | 49285065cfb11c4c02c8aa1fe87026fa65bd5b2f14470fce204e2c21a9905df35c67767b4b244d06505e88bee49d6d79ba49aba6713c33036070761444693f30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e2d846b05bde243fad9527093457e04 |
| SHA1 | 91d5758ca1c2ac880fb34bf4d6de504f3398d853 |
| SHA256 | 4042ff18f47039e487b0796867ad99d8b7a32455ad57b0cd511b5424cdc3a400 |
| SHA512 | ede8fa9328ff7ddd160aaab9990b37fc4cafe109e8f1092759d5761d0505c7f13427a3c4e51db1a38c394dfacf864dce851f92137053f6ccc2f9b8e0bf34a006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0068c070ae373bcb20815f417089f607 |
| SHA1 | b1034909d90fb00b0a8c286d01b88f3cecb0013b |
| SHA256 | af1f31d5efb85b4124c74082fb1e1478db133142845313d519e1fa4c55364f83 |
| SHA512 | f524aed5c218857def9591d1c4f2d74b9baa3c9f235a323abd60d33c0717981322be0f16c87892179d38486b75060ad606a1b65691a26027ef26337b2059b252 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9f3a2f07a4dbc14ecaceeb7df989c1ce |
| SHA1 | 39db7540984a6aac716db7549359e7aca53fc2ee |
| SHA256 | a2ae83421583dbfc3f30188776213c25cbec29fd1adbceb03befbca59c75d1aa |
| SHA512 | 59187b299565feee49c75fb4b436133712f8fa6dc9ed74c9ddab27edfbd5439b40fa63e6a3055bd86ca23f9fbad66fa7c6aacf9c6ee7c114a9ba189312e2aefd |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 3d086a433708053f9bf9523e1d87a4e8 |
| SHA1 | b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28 |
| SHA256 | 6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69 |
| SHA512 | 931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd |
memory/3512-546-0x0000000005DD0000-0x0000000006124000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ea2ffdd3b6f7a96686b10d02aff259ae |
| SHA1 | 3614fac118129c18f0737c7394f60ace6df83d87 |
| SHA256 | fd383c78e98459ecb747386b4bcb3327e453158173b438fbfff326e25e087b0d |
| SHA512 | c6446d975e44efb89ee5fcc5bcb39df0d0f2d83d8a9369205d7f5f603e3b3b19c9c0050e4967435d04b5bd3893fb17bb884deea16f634fa4128510793c21f80f |
memory/3512-656-0x0000000006620000-0x000000000666C000-memory.dmp
memory/3512-757-0x0000000007690000-0x0000000007733000-memory.dmp
memory/3512-747-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/376-803-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/2128-813-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5024-852-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/3512-841-0x00000000079E0000-0x00000000079F6000-memory.dmp
memory/3744-842-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/3512-880-0x0000000006890000-0x000000000689A000-memory.dmp
memory/2892-891-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/3512-881-0x0000000007A10000-0x0000000007A36000-memory.dmp
memory/2324-925-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/948-915-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5b7653916fef4732b9a75a27550e3c86 |
| SHA1 | d1936e18900f9c26876bcd11b8cfd4823b374984 |
| SHA256 | afb0eff2604f710265663c5bae41e35904f421423d0661fc34db20e20964e193 |
| SHA512 | db7d76fcb165ffa42b24caba0100427518f418e0ed4b3692136428cf98a09524095f63eac0a5891f42600c129c93894bce709b6e483d8966f3f7dfd773efeacb |
memory/3156-977-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d2853ffddb2c69a662bf12163e658516 |
| SHA1 | 48e630c55ebc2536d6d4d6f7cabb7cfc526e58cb |
| SHA256 | 37c05636dc7ff2ad1fc7d8dd114fb2bbe444624be40a87e004976e3ab00cf463 |
| SHA512 | 43e2b9b3067a51590dc7c53175a62ba8d23e297f54502e934b8ffa544fe015e00a8be912ab3ce00d2c28cf19f641f821f8fc215aa32fc0482216625237292d4d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e78d7184c7a019faaa71b00622aeae97 |
| SHA1 | 73588a7de5b0eee627fd458adc74f26a30e3eab7 |
| SHA256 | 72d14f4cda9d47756de2a83868c3a7b5103800527d7c569ae6de26991b14680c |
| SHA512 | b4e3626b24fc64307b23bb7485b4b442775ccc0b80aa04c8e619be9f43eab0d205a89090bfbabfe30f8e17f5ee0f65c42f2694d3832f9de418aea5e0b6c1deac |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b3eb1e04c403ac58c168b76bc67f25c5 |
| SHA1 | dd9ad30e79b43c5c0b08f0a25bfdfa6f37db96bb |
| SHA256 | a0330234507de2af588a6e00efee65ec81c06a29a9146cbdc21b18b1acb3f8e0 |
| SHA512 | 40fd79a71c8486545adcd5bdbfe64fdb03cde94f316112b4c6bc401734f6b446309fd99832d567698ada8b1aa859c18bd67c461578c057dc932589ff96dd2955 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 12d2132a5f46b0163bf6940bac905072 |
| SHA1 | 4a8d1d01e0fdb708b086bc164f304fa27722bb7f |
| SHA256 | 555fd03beb7d6a6aae886ecb98cd442b6ee61da97430cf6f16d3ed19d2a5e932 |
| SHA512 | 1fb1d120392e12afa5463e39b0eb6c0565331dfb8f4d78ee6853cf0664adf703ad875d68310106aa98dde51df031e5503675be3ee9a87438e1c23513811e3a1a |
memory/712-1069-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/4556-1157-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9cf37a6f447a8a1ecca5e5aeaee78922 |
| SHA1 | d3f2af00507b996cf26af5c8066d9d1ef86a7db7 |
| SHA256 | e9ff29e04f66902c64d742a806fb04cfe69296e589c83e64936e1f970459e2df |
| SHA512 | c1457484b7c7a42a921da13db61a6c825764f297c6b2047889e552ce9343e83d1649b2e0845dcdf1c0b5c7263e4a1e3f6fa5ccd6506d22973f3f3027c46ef157 |
memory/3052-1107-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/216-1138-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 518147af71632b7e3990551f42057160 |
| SHA1 | 732ce17f5f8d86710e3d6a33c431916dc426d186 |
| SHA256 | b2d07fb2332e2576e2951ab8325b415c177a0b497bb8aabae9e6a6ed9efa7244 |
| SHA512 | c6f5f2dbd39a40940440d22855e7d76ca98309e086c17bf5c488feb14a54334bf545f1d9a14fca9f92788a807b54378e844d87883f640b1e338b37f3972c16d2 |
memory/4260-1169-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/4436-1191-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/4048-1179-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/1868-1208-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/8548-1240-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/1188-1241-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a2b2b656a18e8d893aa48fedaa5de2e5 |
| SHA1 | 42ef408ab12405c882039e8aff4fc808aba96fbd |
| SHA256 | 84b0af55fdabd119013c83a3591d1f886993a21cdfe6b33e4062e51bb938239e |
| SHA512 | 06309e7370faf4c833dcf4c8141101cf5a0f09f3ea92964fcdb5fa08b8d1335fdd810ab7b04eb08c80fa0711fb610e3c750826fa84031eb472547b73b8df1c0b |
memory/2160-1254-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/400-1347-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/8548-1239-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1238-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1237-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1236-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1235-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1234-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1230-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1229-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
memory/8548-1228-0x000001D8CA770000-0x000001D8CA771000-memory.dmp
C:\Windows\Logs\DISM\dism.log
| MD5 | 28a4ea780bfe7768887698d9af02cce3 |
| SHA1 | 738aaea70d1ba95946269f6e22913178b3777479 |
| SHA256 | c9d676ce156df776f226ca591d1b019ac31c08bed51a7fcee5d037807b2fd5e1 |
| SHA512 | 06a6789766784a54fa4e2f9cb06cc1f51c870414d236fe7bcf66fafd364d7abeb8fcfb6bd26e63458af2efe73cec887c235f2656143c4ac60e342e4998b8afa2 |
C:\Windows\Logs\DISM\dism.log
| MD5 | 6841fd98439f3e717c29b37847047e69 |
| SHA1 | a3941a69f8419bc8ff2ee70664bbd4d722488321 |
| SHA256 | 53e00ff729e409485512c1e8685edd3363b36488770f74486378b6dcb92e162e |
| SHA512 | 05eac02042e35ae1621eba998cf3fcaa2c9b2e5ac73ffc7ecb76553b7f4a90356878ff2bbd9fb517915242768b06bf385bb85c10879047b76c1358a4515e3e7c |
memory/1692-1441-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Windows\Logs\DISM\dism.log
| MD5 | a55ece23aa078bd79735e4f0edc5866b |
| SHA1 | c7ee58e0b8aed7f9f53fef3275dcab3ba5c417cf |
| SHA256 | 66e92fe9635441e0601ed5214b0acbadfe72a0be0097a08509561b1ddfec1196 |
| SHA512 | a82034ad63443fbab96c982e78abe304059262edd6dfc7d1ef7a2d1a79ee8a55e36e834464a8b5db2753cc65fd5597295af96e700dbc91fcbf5a2462d7a452d6 |
C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\DismHost.exe
| MD5 | e5d5e9c1f65b8ec7aa5b7f1b1acdd731 |
| SHA1 | dbb14dcda6502ab1d23a7c77d405dafbcbeb439e |
| SHA256 | e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80 |
| SHA512 | 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc |
C:\Windows\Logs\DISM\dism.log
| MD5 | 23176c7feb69f255ee4da7552a82295b |
| SHA1 | afc120b76d332a16eb09f6553831ee91484c6da1 |
| SHA256 | 64613a27f69fa793d83986583f8ae8504a99d690fa7bcb629b704a8cd0b1deb4 |
| SHA512 | 4d5b2b31ce1af6743467ddd6abf2411a442b7ab0fb8c8fb9c9b9bdc10f5bc92c0a0400be5ec5bcf9af64df16df31387dbc875c637bdb67a2abd7652555f026b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e3dd3435a7b438c4e8339ba51a91eeb2 |
| SHA1 | a740bf5f3af2173eeaef3d86a963d9e50bc7b31a |
| SHA256 | 1d768f4d7fe89ea1618f973076b384df51d4dd911cdfd0f4b31a7cd6d8f558f0 |
| SHA512 | 23ef3bd23574cc4a9905a07cef6d7f4b3aef84b99818ee6fd20993db753a7bb50671769a21b7b71272c32a71e8aad4877096de8903c59c903b5bec8c36423391 |
C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\DismCorePS.dll
| MD5 | a033f16836d6f8acbe3b27b614b51453 |
| SHA1 | 716297072897aea3ec985640793d2cdcbf996cf9 |
| SHA256 | e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e |
| SHA512 | ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 96e35b44f449b5965a70a967e60549b6 |
| SHA1 | 3281ea48951328fe4682a953dc21f80a5bc2c2b6 |
| SHA256 | dc65a3ab4de2c49fcd9220790be3aea9393b99246a8890bf2f8672308cfaa1c4 |
| SHA512 | 4757364772454d660c5367e573f106c5a401881bbdc66059155af34d2dad7dd1473fe57013f525b23377b2f84ec16b3f28e2018de62e99e168d61e81adc5d896 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\AppxProvider.dll
| MD5 | a7927846f2bd5e6ab6159fbe762990b1 |
| SHA1 | 8e3b40c0783cc88765bbc02ccc781960e4592f3f |
| SHA256 | 913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f |
| SHA512 | 1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f |
C:\Users\Admin\AppData\Local\Temp\9C2D5DF8-5A89-42E2-8BAF-8265C75D6060\DismProv.dll
| MD5 | 490be3119ea17fa29329e77b7e416e80 |
| SHA1 | c71191c3415c98b7d9c9bbcf1005ce6a813221da |
| SHA256 | ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a |
| SHA512 | 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\WimProvider.dll
| MD5 | 229df404d67e69e57f9e284a66f2adeb |
| SHA1 | 7f4f703dbe8c274f5104d4d104dafcadf0c3857b |
| SHA256 | 8b7821a1fb9170c6aa1ec25eea378f43661812eba25064bb95999156b472c377 |
| SHA512 | 917912cdfcf1d46f691cadc6e7aaae1a302a66721beec0e9b22e394592b290605caf410221045f2ce89896e5d9602ee4946202f2de9390e92c8aaa5a609b3a54 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\VhdProvider.dll
| MD5 | c6488a9b3569230669c72f3239cbc108 |
| SHA1 | 87b9b2ab5de52f246c1936480463bd402ad519b9 |
| SHA256 | 4ed23b46188dae12523f96a2755434c0574cd27584f9921133b0b4c1017b8a36 |
| SHA512 | 47ae886893032306e9b69b2d1c736ce23061b5be7552d2ed1d680b91e45fe0225b5acb12b83f6d572ef0b270dbaa47af3320516f4bfadb0a2889a9ffed45a66f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\UnattendProvider.dll
| MD5 | f7bd21c4170b1397eb098fa18ef45d4b |
| SHA1 | 05d36abc4853eda468eab68d289337962c76195f |
| SHA256 | 05da5af89fafe492adf5255a7dbf16468be6d130ee8a9d713ab2182c72346db0 |
| SHA512 | 8a804bfe27f25b9d7c87cfb6951e1f1254e984ff9eada0b1547c30352397438d2c9e2f1c3b42c2db43f693b08224e0c7b7a17cd0b21ced893e12c330b91355ff |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\TransmogProvider.dll
| MD5 | 84ae9659e8d28c2bd19d45dbe32b6736 |
| SHA1 | 2a47058eafab4135a55575a359fbd22390788e93 |
| SHA256 | 943ea79ccbbb9790723f411720777af386acc03efab709ac2cbfeb7bd040a3e4 |
| SHA512 | d108a4a8699cd98576a5de9ce2f925697ece546fb441a76db6a922564ea70c54449cb1e8ac049a203979331c2c0ee7790d090ae5bb72d8d5e02786ef1cca530d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\SysprepProvider.dll
| MD5 | 8bd67d87dbdcf881fb9c1f4f6bf83f46 |
| SHA1 | 10bd2e541b6a125c29f05958f496edf31ff9abb1 |
| SHA256 | f9b4d0afe87f434e8319556961b292ddc7d3a8c6fc06b8a08a50b5a96e28a204 |
| SHA512 | 258a4075a3149669ccd6ff602f71a721b195c9d15dea22d994d4d3e35cdf27beb0b8b8f5da8f52914f769642f89edbb1d9d857087778be713a874571a2ec6f89 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\SmiProvider.dll
| MD5 | ad7bbb62335f6dc36214d8c9fe1aaca0 |
| SHA1 | f03cb2db64c361d47a1c21f6d714e090d695b776 |
| SHA256 | ac1e7407317859981d253fd9d977e246a4d0da24572c45efe0ade1745376bffb |
| SHA512 | 4ad7132f0ad5a7228ec116c28d23ee9acfdbf4adf535b0b9995f2e7eec8776e652a0a18539c02b6f4b3e0c8fa2f75d5181577dec16993fa55cb971d7e82faac5 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\SetupPlatformProvider.dll
| MD5 | 1ae66f4524911b2728201fff6776903c |
| SHA1 | 68bea62eb0f616af0729dbcbb80dc27de5816a83 |
| SHA256 | 367e73f97318b6663018a83a11019147e67b62ab83988730ebbda93984664dd3 |
| SHA512 | 7abf07d1338e08dc8b65b4f987eaff96d99aa46c892b5d2d79684ca7cf5f139d2634d9b990e5f6730f7f8a647e4fbb3d5905f9f2a5680250852671599f15ee69 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ProvProvider.dll
| MD5 | 70c34975e700a9d7e120aaecf9d8f14b |
| SHA1 | e24d47f025c0ec0f60ec187bfc664e9347dc2c9c |
| SHA256 | a3e652c0bbe2082f2e0290da73485fb2c6e35c33ac60daa51a65f8c782dbd7a7 |
| SHA512 | 7f6a24345f5724d710e0b6c23b3b251e96d656fac58ea67b2b84d7d9a38d7723eae2c278e6e218e7f69f79d1cce240d91a8b0fd0d99960cacc65d82eb614a260 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\OSProvider.dll
| MD5 | db4c3a07a1d3a45af53a4cf44ed550ad |
| SHA1 | 5dea737faadf0422c94f8f50e9588033d53d13b3 |
| SHA256 | 2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758 |
| SHA512 | 5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\OfflineSetupProvider.dll
| MD5 | 9cd7292cca75d278387d2bdfb940003c |
| SHA1 | bab579889ed3ac9cb0f124842c3e495cb2ec92ac |
| SHA256 | b38d322af8e614cc54299effd2164247c75bd7e68e0eb1a428376fcedaca9a6f |
| SHA512 | ebf96839e47bef9e240836b1d02065c703547a2424e05074467fe70f83c1ebf3db6cb71bf0d38848ec25e2e81b4cbb506ced7973b85e2ab2d8e4273de720779d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\MsiProvider.dll
| MD5 | 9a760ddc9fdca758501faf7e6d9ec368 |
| SHA1 | 5d395ad119ceb41b776690f9085f508eaaddb263 |
| SHA256 | 7ff3939e1ef015da8c9577af4edfdd46f0029a2cfe4e3dac574d3175516e095f |
| SHA512 | 59d095246b62a7777e7d2d50c2474f4b633a1ae96056e4a4cb5265ccf7432fed0ea5df9b350f44d70b55a726241da10f228d8b5cbee9b0890c0b9dc9e810b139 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\LogProvider.dll
| MD5 | 815a4e7a7342224a239232f2c788d7c0 |
| SHA1 | 430b7526d864cfbd727b75738197230d148de21a |
| SHA256 | a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2 |
| SHA512 | 0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\WimProvider.dll.mui
| MD5 | 2a8e2a7037e5c1af91364a4b16a8a5f8 |
| SHA1 | 5c487429258ec1e7e50d48975070ec685cac1ed7 |
| SHA256 | ef96a9d1692b95abce3cf1ee0b5d69c6e1c89e24523dc1af966a6ad2129488fb |
| SHA512 | da5486fe1c5e3073ed4753d3d5306ec08438050e56c8196f21ac560a90dcd0cc312e96f6eb18a83649b460be1966ab5667328a0d5a08814f0df246c9f9767d4c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\VhdProvider.dll.mui
| MD5 | f2eb563cf97f341bb240b80b402a9238 |
| SHA1 | 2032061c6c5022b1671ee4798872dfc961000a96 |
| SHA256 | 9f25d99249430d51be68642fa8d17615583c7b0ccbb22facf3632601e4908203 |
| SHA512 | cec465a39d4eb1f7a5f382e0e532f9d031721b83722fdf2a111172b56e4af1ae21106a1f7429e6a580e9bb2d371de794372a9710313e0d5147be8d805229f1f9 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\UnattendProvider.dll.mui
| MD5 | 91518a87c297429aeb52dc30d84a131c |
| SHA1 | 10f347d82c1b04c746876ba94522280bf791d5a9 |
| SHA256 | 0d16a08e631499cbe13dc8ad3f00b6556f0a55c66477704e187933b1613c4ef6 |
| SHA512 | 822de4158fb82c865f0fc28a4fe522ac3e274e108733b1572a124e635e9828e8fc4019f25e490cce4e35b31da96ee56973af6aee88fe464a9169ccb0f9749c31 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\TransmogProvider.dll.mui
| MD5 | b84e4d6a853fac7d9b7e1092ab1e90c4 |
| SHA1 | 6755f298d78fa28e59ddf523b42b7df30325b878 |
| SHA256 | 1baded3205376914442a5c300a7602cca693720b5d97bff0fe891fe997fc3662 |
| SHA512 | 8eecbd372c42160fffa8c5c041ba4b8a2b50d9e0a2237ac181d3a3514ed70ad59984ad223ba928f1c9adb6253fb66a234c0a63c7d62ce79d2ab525d0ecdb993d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\SmiProvider.dll.mui
| MD5 | 936c9e7aa93c3aeacc9887a3ce014e42 |
| SHA1 | ba2ca3ecf6818b92f78ef7f618c8705bf4343232 |
| SHA256 | 6d899a83c00bb0cd13be07daa5bbb304eea5b22a82d117ba543f00b43239081d |
| SHA512 | f40ff420621678c7b3c63e1b69f83a22ccbb1f1bbc3a7b4437fabed19f93004c474aea4406de6b582f4d11aff49474dbeff4e3883dc6e73ee80a658a3af68ec0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\SetupPlatformProvider.dll.mui
| MD5 | ed8f61022b497021fa127d3c9967c23a |
| SHA1 | 375400076612a997b8def30e6c4ca5be57eec408 |
| SHA256 | 07c0ef2b375923dbac3623453075920d4ee1b3bcf85d40e1a57ab532d8c19524 |
| SHA512 | 63946e2d6204d325259de4e5fd3ea18772b18b954e9549e41fc05f28c63e6bb362c4a4c34e7195b8b8b9ea2645c105c89f83a9b679130e7917ec4e404fc6ac7f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\ProvProvider.dll.mui
| MD5 | 07ca052ae319d1a94b60131cb2aefea3 |
| SHA1 | 5a182fd3dafe34917a93cf461ceb28696def0fb2 |
| SHA256 | 28da3b15a8b2ccf8790fbd51d50c3987612f29ecc3a05ebbd25de1754bd35f94 |
| SHA512 | 30ac6549a71f7ed054c6cad99244ad552936bc3bf982c2564359c19145730a2af418bd564265252ca7cfe229026d9283d8d5d48165b25e000295c5e294fed711 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\OSProvider.dll.mui
| MD5 | db199a00be2aa8ac162375bc87ac8ac6 |
| SHA1 | 8300a26f851bcedd39d7b1d61fa3d076d8f303a1 |
| SHA256 | 8bcaffe6d9d2ed5ef57b79ad4de4cefe6431763347b6b1d091f224e021e391e0 |
| SHA512 | ba937d0c7e6d5a81ac1926d5de88703f2108dd69f3ddd55f0f9fc099d0e88362c0b2badb06adbb8713fff8b039ef07f652a504f4fb157e366dd0d728dfd1f084 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\OfflineSetupProvider.dll.mui
| MD5 | b11e3bcb26db8122f2f240657937f555 |
| SHA1 | 8e863f5f6c58dd8852e06e232288c540c73a4f4f |
| SHA256 | b749896c362801d82a54a4ce4e29906b24ef4b0e79850356032e7f6ac7d35174 |
| SHA512 | 130886619efbf115401123b28b084ededee8b0fcee4369c019f1cfa9c72695e78ad9ccb7e6611bd6b8227ad7b7f60b8022ce70d7b194154842cf02e1c2637943 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\MsiProvider.dll.mui
| MD5 | d69cbc0e263ad9584c8c23f043a03c9d |
| SHA1 | 17279ca4ac8e63c6bbec95eac3a0254d6938f0fd |
| SHA256 | 7cba031d76404d1dbbedb48d9bac4d240c8ede0a427229a84e8208a38988ab63 |
| SHA512 | 5931fd16721444dff986b9196f7a9a931d0733f0aa89301bd617c78be022008d1ae61e7760fa1f95f859192dce0040e3720587f1dd42a0bcf053dd514fe842c0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\LogProvider.dll.mui
| MD5 | 1f400064e806002b0043ec3ccb33b12a |
| SHA1 | a15903406575b0752f4a7a085cb8938731aa0134 |
| SHA256 | ca8b20a1fb15714910e0c137ae81e0ff82e0a5a8c49c732d5c510adc9ae54dd7 |
| SHA512 | 8a46f3990a659f28673c666b0018d80692e39a8d61642bcf69e025cd4ab4afb4c64c8946a7dd3e4460aa972edb40bec002c090d0ad4ed41ef37992eef3bd3713 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\IntlProvider.dll.mui
| MD5 | d0a5b5cb5793bb504dac1822cb684372 |
| SHA1 | 6a59b1849f5212a3ee6c25eebfb083c39ad63edc |
| SHA256 | ab45816c291db1dca40e4132900e0b961e56415cc37aa96fab144aa206b1be89 |
| SHA512 | 7d7f5586c612ae77624f371adc37f07e061436d2c7ffc725386be6212816dda656db1199984ea66a19501826e07f57ae69d0196ba1959f80e2eab37701b174ff |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\ImagingProvider.dll.mui
| MD5 | db635b4eca851068ece6086c2d492dde |
| SHA1 | 8b29132d97ac6dd7d70f03d8de70282499b919cf |
| SHA256 | e51b54ad8eb5fb7a9236d990f2966d0f827e73cbd490d67d3b7bfdd2191db931 |
| SHA512 | b194c292e6b69c545f8accff62ccf28f8bf2f2dd7c623c701129cb39e7367edd9bfe7394cef47a26c7f1aab83b7e568ef3eb25f24d8c4ea6600fb769076883c5 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\GenericProvider.dll.mui
| MD5 | efe9082a7f4c66fb7cbddb7bccf4beae |
| SHA1 | 48380a0162fe35da48f90ee8721233753b198c0d |
| SHA256 | a9016e66c6ece5113f4786e40546e1bbdd5500db9e6778622256abd2131ae966 |
| SHA512 | 49cb7825cd74ae991e546e808603e840f4a9fa921eaeb7bc8e79c016fa0fc48e8fb2c4ada86b4d8d918402c793e532c9e0b17efd1c96611b7732d22bc66f515c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\FolderProvider.dll.mui
| MD5 | d9e6efc1ea5a0f16754f6f7fb0362fb1 |
| SHA1 | 30b03a8610f891bda9527440e5b045d6c26949a3 |
| SHA256 | c32d4ab97caf8a9e568f0d69433ae5905d6e01f486d4c01103bad3d90174cfcc |
| SHA512 | bf92ca7e77439bb9a9fd5b603dc4f881563801116520c4d758d1dceed199fcf45deda42af250d5d86e7d8e53b1dc008be2ff131eb3e1d8044897969f34c8f6c8 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\FfuProvider.dll.mui
| MD5 | 595648e525f1d9889bcc241ed9babaf2 |
| SHA1 | a925ab13b1df8b46ab8baf7eae4b9840b45aa038 |
| SHA256 | fe117ec4ef1deff67da7e5650cdf33de74b25c01bf42b63faf9c70ac4b1d2144 |
| SHA512 | c8d737c1a2bbb7714daa992f35f81e9f6805fece7426a376c165a09107c539ea7c24b44f3304f13fe15e113f5201e44209f32c36ed1a8ccefa971f015ac6d22d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\DmiProvider.dll.mui
| MD5 | 4848ea901705815f997f79fb293a5aca |
| SHA1 | 2ec7d10e0c95432f233a2f995d0b4f24a90f73b7 |
| SHA256 | 8ea40581e4d55ce5bd1290f73bad7ccb99633095c28df3529c3882554a3a9b63 |
| SHA512 | d441060b18403cddda63d90d63253edfa7573acfd5afc5f910773a51976809d94f49ee9658e6600d9575efe8a6439e923852d091a87a1a60e0c2c0e3451f14d0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\DismProv.dll.mui
| MD5 | ac24c87ccf2c81cf8f9c8d825d641563 |
| SHA1 | 7ec6cefdfc375053e27bf21a301e5bd952c247b6 |
| SHA256 | 4a01b7d5d6ac1626423f00debafe452555c93a92164b944dbccd2027b7119edf |
| SHA512 | 0b707702bc19f4b8141e96590e835b34220411b6d8a52f1482b350043d3e796d351dfa58e8e3414d05a63f651274692eb96a1485ac89e924c31aa6796f20dd9f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\DismCore.dll.mui
| MD5 | b13922c43c5f5cc1a832e2c2e3c8ad4b |
| SHA1 | d2f7e192837b53ed43d8d8e44e0d7ca533159725 |
| SHA256 | b1c48ea18d50d27d86dc07c3530605ef5fca0b3dcc27cc5acce8bb9edfc4a254 |
| SHA512 | fdc6690654d67db50e17377b2f744b6ad3f16de7e1ec8bc90a97643dcd1e5a03cdf71dc39c9db8c92be921af9a120a5832d78313cbacf2f79405a589b1be86c2 |
memory/5180-2171-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5248-2181-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\CbsProvider.dll.mui
| MD5 | a2bf5378a8346ddc90d2731827c8e55d |
| SHA1 | 6e63711063977db8e6e48b4315e5a3f5d3620a02 |
| SHA256 | 7ea948c5fbfa231253b263b464c682da315b7264ec32cb7fcbb507e32440a065 |
| SHA512 | f946e2373c4a34e41eeea9ec59fe0ffffc4be2d61492ed4170d214ccca24de61401ff11338f11c4abe8bec34b84cafdebf2e4a954749ad3a7fde16e5b5f75a9b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\AssocProvider.dll.mui
| MD5 | fff347e0c489304e30564cef7faccc30 |
| SHA1 | e9f8a46da580bf4b710bcd4604dfce85d7d65b12 |
| SHA256 | 2527e7e7e58e9eaf17f41410e23f8f51ecf7c22a2f8853c175ddfd1c0c192f13 |
| SHA512 | d491bf2777743f062da6927db2fdca128272e3040846176f76ce8fc6057e65e3f83c9f7dc5924ee6503a2a5c6e4bc5adc871cbb1169e792dcb7bed04caeec580 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ja-JP\AppxProvider.dll.mui
| MD5 | e76079779fb26fd42788c06fa9ee43e8 |
| SHA1 | f8042c80afd9600e9181c32e5aa7dc3f985da59e |
| SHA256 | cfc8ebe044a5fb8d2065ccb064c43c71b5574aeaf92f113e25a36c58dccfa406 |
| SHA512 | 3bab4ab3012772253a51aa708018c38ecabad8ee70343fb18556213e5c8adf99a300360fc2bc1cb1928c4b7afe7168b5889fc58add1c8dd6be4773a2d9575219 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\WimProvider.dll.mui
| MD5 | 84ef0cde36b5c8073d4ab7ee2d55d5ce |
| SHA1 | 3802a7da41170976de01af537f44eabb1217d807 |
| SHA256 | 34cffaf476ce3ffc41aa6d43818bd541d65eb4b8a7760d0d085049961da303b8 |
| SHA512 | 3d69fa4a00f548fc4a2962870db17382fb66fcc0ad59023977587e18cf5495b63e09a5735f24f6073bb2b24e41e6261e4253df9dc5ef5730bcd8540bce29e286 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\VhdProvider.dll.mui
| MD5 | cbdcb943ab6ca6c3d52e99a1a2cddddd |
| SHA1 | a08440ffebc85b123427e11b6892ce7c49a73d37 |
| SHA256 | 8e024654cf1869d28cc7b0ae5e170ad2ca815e5ea67823c79dd383faf0231171 |
| SHA512 | 63535d89d28d1b1a34ba6afd3f6c4c31e49d4dce20e212220efa88128f15e36ef4d28ca3ed7ee02d7ed01650bb890bf614cbe18d9a93348fb278cda19c4e4c80 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\UnattendProvider.dll.mui
| MD5 | 74ef7fe50beca88b126dc4fc16b39876 |
| SHA1 | d740740bd0e9fe889e5d88d6733261966f880c34 |
| SHA256 | bdeebe8e6233c79e8e951325ee86ea56921dffce60d6198ac506428b1c303d80 |
| SHA512 | 9d7bb5cdb52b344e8a2700f5321cda483c77cf8949720a1968f678c85bfc23a1b1392643bc6b825ba454ea06d6fbd2fba22cde4bff799fd4269d4a80aa803773 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\TransmogProvider.dll.mui
| MD5 | 604a38894edcbf4a5e5a80ffc1152867 |
| SHA1 | baa59863ba8394035d81cea801af73ad03c5ab05 |
| SHA256 | 8f35db3053ba5c4fd7d6cffcd250fb483c0796754b2d70de6410314e86fb23d7 |
| SHA512 | 0061d8b7c699b7b132e81e29aefe646067e7383c9d86e408bee1979c2d4068dbf6833d305e6ee749be73aa9d27553cbb3b454aa6c7df1f934871c65d5ea3daef |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\SmiProvider.dll.mui
| MD5 | 3c544db581cd2b12c2e1243f146ae7f4 |
| SHA1 | e4160b0837f701a8ee886774396cdcc5564b961f |
| SHA256 | 523cb94c141e426b66e9b3be4ee07a6ff9212d77cb968c18f36927252abcf63e |
| SHA512 | f8515d62e6093983d631d38ff011fb2a7d2ce0f6893de4df0ff9acc980b5786288744c80a922148d0fbf82c08933202f56d68c679d1aea2837c5f4c92bfbcc3a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\SetupPlatformProvider.dll.mui
| MD5 | 4de5ad5431eb5aa8b8598edcad003479 |
| SHA1 | 933f68c3facd43eed511711fa4b684328b9350fa |
| SHA256 | 69aa27c46af765eff41bb9d3d89b8103e088cf2d675ca7f8f75b2863685293c4 |
| SHA512 | b643c984dcdfd43928a3d48d8bccf22c90fc9ec368216cd79b697f6b9f857ab09d522220a878c20d8a32d2defb4a94fc483f2e403169ceed7edd920a8346ad05 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\ProvProvider.dll.mui
| MD5 | 3a9147271851e3cf031227e616c7d710 |
| SHA1 | 33f789539bf7cd1ec71532a361b858e96aecd450 |
| SHA256 | dd3129c091c6a6606f5ed2155cf08b3fc8145de346afb0d1cf61c9ce41c94784 |
| SHA512 | 19587e2dc95f8be9158e3b8a723dd2a9ae31024267ee8939fbdad81ae962a9f2a4329df2b9ed9aba7edb97c52553de3f78410903d37aa76f7c6a81e92a7aee35 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\OSProvider.dll.mui
| MD5 | 107de92a12daac69d7d35db6383f3288 |
| SHA1 | 1ac50d3531ba1fe26db66a80dc5bab328584f3a8 |
| SHA256 | 1593b71998aea17dbe2d79dcb724c8e322cf2b42f1085287aecc4846c6110fc7 |
| SHA512 | 4b63c5889e9fa68570459cc9d6b365443e2efee6a962a356c53749c0d873ce5766cf98e4de6dd4f0653073055241679a26c74df789791dd9f216fb5cd90a5ba2 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\OfflineSetupProvider.dll.mui
| MD5 | f3c9a0354a32371faa1ef99d5f95e4ab |
| SHA1 | ac20b37ff15cfdf11b9bcbe327335a474a1b3ffd |
| SHA256 | 7786258c88638cef31b2f012dcc6982ddb504575b4197b2d35004531d644c676 |
| SHA512 | 53f9e8dae08aa8cb4297721ba5e47d4855ef6b35066ce727a416468d2ccfa574b0caf432e9bf2411490a06dc0fe00529e5ba7652f78423c1a320625d8b50b81c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\MsiProvider.dll.mui
| MD5 | a675898b9ba9d64864c18c74f1c412c5 |
| SHA1 | d774dd3d6266d36901176644440f2d04ec5d8b61 |
| SHA256 | 6759d936ceb9e1568c6f8c2b536aa665528666a4bb1bc36a4e7cc1418584d3d8 |
| SHA512 | e5de32652f7b3d3c56df9d1aa2a7f99046d235d58e088bf8a918a1b3fe273801142b09672bdf17b54d067e765936f469a050992fcb10f56c6d23d378079be4ae |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\LogProvider.dll.mui
| MD5 | 11e473163495717bd22c340353a9f0ea |
| SHA1 | a162c63c1f5b15676b5898480061f47e131277cd |
| SHA256 | 9c96c8b812c0603525985f6b6f83df016064d513cdbd321db6982750f39bad07 |
| SHA512 | 3e23c991353ee843b464977e10b6f56a2977d93b7cf666ad92724a029bfd8c6a51d3c74d99a614756d5f675cccae23c3e5f5d1cd936ab57f3a3d940fd8c7b19c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\IntlProvider.dll.mui
| MD5 | 4906d8cf79603c4b485440c04a832e7c |
| SHA1 | 0ccc3ddb7a4a0c425271537094b0a5670bb27993 |
| SHA256 | b7bef046cf104c8eaf0697007ea35261d0c8a5500d584fb707cfad9f9055fd78 |
| SHA512 | 7c2ab03cbcf25e2bf4883c4a8410ef86be78cdd75dafe1b115bf6ea01d1272d4b36e90ae688673fc34a483c930663a1bfd518524a8de30bed54d8bbef6651106 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\ImagingProvider.dll.mui
| MD5 | 95e04f99f554382c19c632b5856ff54d |
| SHA1 | d4292e03c213f92b43e965be2a6e506807d0f374 |
| SHA256 | e29c8a3872a4c2e7d9f98c38fe90d40d471a46219b20fd0916708f55b9ae8a32 |
| SHA512 | a86c047020316dd575c96f5aeb78162ca199b04c3d7b44a680326b87fdfe2b9e1b6adf1ce54631fa1a5d9d8cf4dfe904192a5082f061484fd444265e0dd8e248 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\GenericProvider.dll.mui
| MD5 | 9c1cd51ae8e1b13f88aef5d06c724e13 |
| SHA1 | 15b5b2150832e32aed0bd4e6f6750cf8fde92ac2 |
| SHA256 | 81e744ae77bdfdfa7602b808b97e5c9f7066b8994e79630d155d87fc6eecc5e9 |
| SHA512 | ba17a831a77110a3a6ae592e97191663b0bbc8dd15f8b597c5cd1634625e696f47b1195265194f23a576aec02ae80b6c595e524409e25a5be5abaa4579288628 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\FolderProvider.dll.mui
| MD5 | 8e8f3a993636d31c04c4454b94b3cee8 |
| SHA1 | 76ac076a72cf98ee8c118bb97f7a83861a9a2ca0 |
| SHA256 | 996fe201d45099fd72b7ef93495fb11c875cffea770d6b41e90f815e64090174 |
| SHA512 | 12dad2ac3cb3e6d5de4a4ce3a20d7c6bc8c4d1a36dd2726e279fa25232c585693ee8540ed35078633bd2ee0fd41f09747e91defab60da71fc0a6e790b12ae65f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\FfuProvider.dll.mui
| MD5 | c6f85c85f5e5bcd13003dbb6ffaf0b94 |
| SHA1 | 693007ff47a374dedfd408abd858f6a55adee82a |
| SHA256 | dbcbb5218ad6363845f4f7615d2d3c775fef1e421f7a0f1918c4ac54288e06f9 |
| SHA512 | 607a4f990e36da572d980d24599769518c235653d3d0cf9c12287770eebd3962d7538eb112899bc0b6b8dbbff9c1ec0fad220e25ed39344264a5a4e321e47bc1 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\DmiProvider.dll.mui
| MD5 | e008f678d3e0f7263ef4af05a8e86c6c |
| SHA1 | 6367a747b8a3c3cca488cba17e5cc4d1f9fd2d0d |
| SHA256 | 0b08fe0aa971ad3fda569c129b1f6e4605bf025c264b107828d3abdfcdebc58e |
| SHA512 | 89d720b44e35d53ff6899e8eb6aae99482a55895190c9dc20575930c44c343231caa5e7f9ed212b02e2d2ee294d6c3db06a29a60de1d1c8c6e13a18248ece8a1 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\DismProv.dll.mui
| MD5 | 1f7ff9949dabba4ad3cdbf4d0759b033 |
| SHA1 | 9b12cd640830ec801427155d77c693d68091c326 |
| SHA256 | 5feb00e3b46a7097453b6b4d4c133a8cfcba60a677e5e349634224746717db21 |
| SHA512 | edb16133a8deec5a8f19eee31a301766338bcb2c7631d171962b4142c698d08e32c4d38febc95adefabf089bcb190eb9b42d3f944a3aa4594347681fbed48a69 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\DismCore.dll.mui
| MD5 | 0e4351e98c2720e0dbe098746aac8de8 |
| SHA1 | 77171dddee21dd1f8801cd3ab421ed59a1bd6735 |
| SHA256 | aecec5cfbfabb1c8646b7efd4c2cee17ba3ad056c4dae44c420da736ecb61365 |
| SHA512 | a4f26a0b4f153eb4aff21434a3c06cd00369c006d1b706b22c7e24fc315d4db13d34f233e78dac3f3f37c32acdc4df64877c0d6728a0865f075cec34b0fcab57 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\CbsProvider.dll.mui
| MD5 | 94ff160e9844b094a59a6ade787a1fb8 |
| SHA1 | 8d8e5d3bad491325f8701767908c5c8db902aa3a |
| SHA256 | 41d2932082117e8a0495524255a5b384862413e471083aba58f05c0805a403e2 |
| SHA512 | a8f8ace61f53989174b7211312ebd35c868d079a575e93ffd95a7abc193075527ea686e7d7142412c1e3f8bdc8b37bf8cd1d07f601eb1e79f152754d97307447 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\AssocProvider.dll.mui
| MD5 | 5b467c45cdd1f5df351c88e2aba85a11 |
| SHA1 | 6d6732a51199b1a90c0fbea2b4f555bd36231ced |
| SHA256 | 2239cbeb285351230632a7dfd39feeee1fca91cee314676121a7cb71bd31d6bc |
| SHA512 | 6bb3854c22ead036d38c9ae6b968eca3f573d7f17d69a5c2e9fc5e9d79f392240f3b010f67a2fb272aedd65c2d752fc70a8b4e5fd0188aad0108e24c97ba676a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\it-IT\AppxProvider.dll.mui
| MD5 | beaa6c9c4e67cc2e6a18775dc7b6da19 |
| SHA1 | e30f58a2a6d9b634be80c965f23aac9fc2d0c3c4 |
| SHA256 | cbb34cf67dc87b2a060d4b75e3c94730f4565650210bd251a0b73e07588213d4 |
| SHA512 | ab24d242cb9129ae8f851fba689a5e868e03cf9b9342bb68c145436f2adec77b70f51c7c31d1b27acd210732f421828be645e21716a5a95a3d4cfac6614ef81b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\IntlProvider.dll
| MD5 | 510e132215cef8d09be40402f355879b |
| SHA1 | cae8659f2d3fd54eb321a8f690267ba93d56c6f1 |
| SHA256 | 1bb39f3389aa4258a923fa265afa2279688e6cdb14ff771f1621a56b03ddcf52 |
| SHA512 | 2f7b2ec0e94738838f755759cd35e20ab2138b8eca023ee6ef630ab83a3de1bc0792f12ea0d722abe9a6953626cbddf8ba55ea32fc794d2df677a0625e498ab0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\ImagingProvider.dll
| MD5 | 35e989a1df828378baa340f4e0b2dfcb |
| SHA1 | 59ecc73a0b3f55e43dace3b05ff339f24ec2c406 |
| SHA256 | 874137ee906f91285b9a018735683a0dd21bdeaf2e340cbc54296551ccf8be2d |
| SHA512 | c8d69e37c918881786a8fdab2a2c5d1632411b1f75082aeb3eb24a8ba5f93dcb39b3f4000e651f95452263525d98fd1d3cb834de93bed16fa6f92ef271c3a92a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\IBSProvider.dll
| MD5 | 120f0a2022f423fc9aadb630250f52c4 |
| SHA1 | 826df2b752c4f1bba60a77e2b2cf908dd01d3cf7 |
| SHA256 | 5425382aaa32ffc133adb6458ff516db0e2ad60fac52dd595d53c370f4ba6fa0 |
| SHA512 | 23e50735c06cef93d11873fc8e5e29fc63dcf3f01dc56822a17c11ca57bbfb10d46fac6351f84ba30050a16d6bd0744a08a4042a9743a6df87ac8a12e81e2764 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\GenericProvider.dll
| MD5 | ef7e2760c0a24453fc78359aea3d7869 |
| SHA1 | 0ea67f1fd29df2615da43e023e86046e8e46e2e1 |
| SHA256 | d39f38402a9309ddd1cba67be470ede348f2bc1bab2f8d565e8f15510761087a |
| SHA512 | be785ba6b564cc4e755b4044ae27f916c009b7d942fcd092aed2ae630b1704e8a2f8b4692648eed481a5eb5355fd2e1ef7f94f6fb519b7e1ff6fc3c5f1aaa06f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\WimProvider.dll.mui
| MD5 | c63ca7fc87f9e66e72499d1927d04b88 |
| SHA1 | b37e25ea852dd4a466bf2ab6bb14a7ee895a534e |
| SHA256 | ae0e8efe64b516f451d458b82d325fdc59cbace6bae7e621d055722901083e16 |
| SHA512 | e98bbd0717544df7119293f54cdf5d95d8b67bb5273f4f25373424dd367b0ce664bb1d56bff484cf506d929baf02ac873231ec737f1098fcde474785a871c7fc |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\VhdProvider.dll.mui
| MD5 | f385649363d810a8399ff819613e2603 |
| SHA1 | da1757aed8f37b8b716b5361c53122230a41af19 |
| SHA256 | 5a022bfcea4f9278c2153ee7b1c91a7f8dcf12f43075753f4eaf7371bb4bdf5e |
| SHA512 | 9c719312bd0af4df2f480bee8bf3881896570daa4197c0b62a1a546edb2d788938adcd5160df2d9ff9e3b5d3ed0e020cf857f7191650bbd687d2a8b9dfacbfe8 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\UnattendProvider.dll.mui
| MD5 | e799fc8e9f7d67f4b60352c7b3e72943 |
| SHA1 | 39f23199ad3c368d6216b24d31b52685a6ffab9d |
| SHA256 | 4628177f430b600d0bc7311bc13b4d5a96ebfbce8789ad9513188e0d881ca9fa |
| SHA512 | 663c21c646bb2de92afafc7f5519906f5af7b2ec439ee14e2e86720a898cd6176b1171746bb09c0218d3ba303910814ac495f9ba15724d8725fd9445ee821523 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\TransmogProvider.dll.mui
| MD5 | 4b712687a01cc1fe0745bf56a3c27b77 |
| SHA1 | f8855dca91c144db93c83a35b2ac9a84af9e50d9 |
| SHA256 | 1acd9c423337c986ea6632c064f2a98ef2423cd918cd7323c04a5ec38b41905d |
| SHA512 | af99a7b9ad2d81fa1bef8e7334f5b41e4c0612cb36940ce6210ce5d8bd83a026ade7cca33b965175b60c2533ee0558291dcb977a5a6c4096bb4c6fd89ede1518 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\SmiProvider.dll.mui
| MD5 | 154ee2f646cdea13189856e0aca4ff34 |
| SHA1 | 23726c33aff02ef6452701b5dd97160721ec49bd |
| SHA256 | 68dfc4501a394945da024e65832cc42bf500e0959ee82e8fefb3e55194c1d7f2 |
| SHA512 | 4cc690b7d48bc9bd4364da6b979143d9b50a40bbbe3138cbc7830dea0f7f57056de422dd1a19403522655bbfafcef02ea00a37eea4a7dc0aa2365f02cf3578c4 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\SetupPlatformProvider.dll.mui
| MD5 | 630c2bb0521139f26ba1e5906da18653 |
| SHA1 | 1ba4d9931aac9d9069eb2a44db4ae60401761ab7 |
| SHA256 | 96e2f86d6c31e543df2e36b791a4ff0f20ff26d5c6980d292f6038fdd868967e |
| SHA512 | 12c3a3bc8558c4392dc985fbf76c953649269678d2731f04ef88695aab5be5ae43f4c3a00964b2fcee4089cff2b6ea128a8a28f75de9915347911a137986a6e8 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\ProvProvider.dll.mui
| MD5 | d8effff8244fc2aef3444f1c601ba5f8 |
| SHA1 | 6b0e75773f8d1df1705e507d3c28f5e62d74034e |
| SHA256 | eb2111050a0da0dc74e5cbb6d818f00969e1b11d96b060f0e7a3ed1362f38525 |
| SHA512 | a87ad843904121db3cd650849475b3cbd9c34a5d793aa6a66b5aa5a80246f802599533afb972fc77711c92cc2554eb4f9d7ac2df32b0bc67103316b7fe06804d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\OSProvider.dll.mui
| MD5 | d4f685297e15dea6d61e1c02f5c55284 |
| SHA1 | 59e4899d92de5cffc9c4756b28a74c3ed1d4fa8a |
| SHA256 | d05ed84ab71c5e77c870f46c327943c5f9c36d25ccd65b14758c3e0eda58c3ef |
| SHA512 | e5b8227502c7113e6333061e4c6c28dea51fd3458a751fed14dbcc30f8a92be772d1d87359a69fd3a4634b041ea1693ae1b5ab75b996be85f8f3d71ac60338a0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\OfflineSetupProvider.dll.mui
| MD5 | 1bfd1893b356d1f873485eafbbd4ded7 |
| SHA1 | 7151a11102265ed68078acaefb2246fd26048150 |
| SHA256 | ddac20708f8522f780dfd1246242ff8394aa1390044189675b52a7daf6148a5a |
| SHA512 | 1fdc72d22934650e8530ed799eebb9d30a2ba53e3b4c35f96f1053368acb94fc319091ecb0f01b04548cca45242ebd778d939ee4a2c6a1145c8f819c8a857c22 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\MsiProvider.dll.mui
| MD5 | 2345537a4d053ec947fa9d7742e92193 |
| SHA1 | b6ab1b2295ddfad72e08343f0fa534d44433904e |
| SHA256 | 62b1b69560dd478e22b86661ac08b89e781ccef7dcd43fc117e48eb422c174b2 |
| SHA512 | 73ba6665044b083ba4682f064086e33d26c76e17a8a84e58fd3ff2b2ca61b76ee9c48e51b71e45464ba74e2cc004d906716aed35e338974e43b178f9dd9018c9 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\LogProvider.dll.mui
| MD5 | 60814859778baf89ea550c23e562e0b1 |
| SHA1 | fb2be079366fb419a5823b2a5b9da65c6c691d08 |
| SHA256 | 88b1498ec989dffc5e9a575ff6b94e19b8c7bae63f9552eebd4d92d45c41055f |
| SHA512 | 3fdce0b48878615c7dd41aa6de8da33dc8c7b2ae9100ecc56fe5b7f192fe996395538fdc11b737506ec3720db9bb6309d7bda99e7dd59610446dca0c42788784 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\IntlProvider.dll.mui
| MD5 | e40d406d5e17feef89dafb3c1b647177 |
| SHA1 | 1aaacc9cf5727471bf7a0c7d834052d948c8c12e |
| SHA256 | fdfc3f1c72c431a504edbcfaa7ad6ddb23715cf87ece4602623ac738988bd1aa |
| SHA512 | a72d81b3f0726da7d9cd3d67e44a242fde5844e707509a67d64df8a83db737ccf6d69103880d42221251b369efe8c84056fe8ab47f862c87e752217c8a67fbed |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\ImagingProvider.dll.mui
| MD5 | b7b141977bf68735fadc10829bcd6004 |
| SHA1 | 61defa25b89e7c4dd88c5c30f12befac754a8b6b |
| SHA256 | 0b8e427990dc58a5f9407f401b3045df82739235b6f0ef403a705f267ec0d518 |
| SHA512 | 0300f846dc381b2499c61e7d8685dcec015492a95ed01f2c71a5810d7f476c01b02b0b9e2e3b2eafd30e5d2c74e2c4c248becf0ff1d9bfdc28fe478ba4d2202d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\GenericProvider.dll.mui
| MD5 | 5c9453b61bec25ef560c33162dc4ea26 |
| SHA1 | 1dafa73f4c8a1b1aa75b598d0aafeb698a576791 |
| SHA256 | 199f15c865e74f2e5e599fff293c426b0cb9e2a970365a8a027ef422cc248533 |
| SHA512 | 9abdc5f9fbcb51e2ae53db3eeca8346113a1b76ab5a4e0bede4cb0e0e9d43be67a40ce42d3554cf09236772ec47684841658b624530aa762fee71471e75801c9 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\FolderProvider.dll.mui
| MD5 | a859ba4b521f42506f14043bf9455386 |
| SHA1 | 8ce68325bc57ff984e99c8ebaf688e91161196e8 |
| SHA256 | a45ad33b482e3b78f42b8454ab17c1cdc7df99a425d4abe6a9633446d555e4cc |
| SHA512 | 300b36dc9d65102a20219ead89c5cbbab2fca447ee6715b96e77c17956f5abd38bb9f8c120049b72a097844b7c638d2aae477556236c98a52f22814f565eddbe |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\FfuProvider.dll.mui
| MD5 | fba95fa26da2db4d74545053dfa8cf74 |
| SHA1 | c45151ccde9f151a59e9b533bbd176172c9547cc |
| SHA256 | 9306a28afc60ca27ddadff59474b0b1aa19c63bd7b6d34246f3996b59293a639 |
| SHA512 | cf0c4d36e036d44bc08a7185014890c7e3edf9b1ada22e777a2cd123fda6242e519d9f422d27113c794b9bd0369ac2e9d318ec04110271f438dff8b90b82e22f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\DmiProvider.dll.mui
| MD5 | f1d841f0c026d16c2ec95f5bad6fe9b1 |
| SHA1 | a4f09b8382b88e1d1bde579030201170c9d5d234 |
| SHA256 | a63191a3670b36a499e1326fa84937f70601e213f768c05763f9dfbd0f57ccc9 |
| SHA512 | 8df567bde90f18b1a19165962ecdfd4af839f3b51de1049bc30112069a84f32b32139ce11d144166af6ef19fdf871b14c7290fc84bb36d6fdea9c950423ba365 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\DismProv.dll.mui
| MD5 | 6b1ce8eca0d43b32f6e78472d469a3f9 |
| SHA1 | d4db763a34638e23caafe06026eb1d6e74cfae00 |
| SHA256 | 33e3841724f69bc0694eeee17e902379b67bab7941506353f0d85d1e2665dc27 |
| SHA512 | 64e0f3beb34fb0469677a991b50794f8e0a0301db4a9bb0366de235c4816a2f4e4ac25db4c3517e2b931cbbc43389b69b22f81310359bb10f6758d9503274817 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\DismCore.dll.mui
| MD5 | 9a27fcb82be619943135eddfeb4c13c0 |
| SHA1 | a76c0fbf51cc25491fcf4fe600d0a026682a5fba |
| SHA256 | 6ecad6a9fd347084d2d6c1fa5f079d4add05d4719b3b06280329cf84dad88025 |
| SHA512 | 0fa126f2f1fb6933603e7a3da9b3a17fa8b0b4f22102e4010d533b32f3aac8a5f7526236b43017dbdd787782707886f42a9167f920e764c61947064b386e5372 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\CbsProvider.dll.mui
| MD5 | 87f62a21bd015ec3f873021082063456 |
| SHA1 | 8869a96cf37a9fb0c8d9704913f6e735fb49afb6 |
| SHA256 | 17cd538edec822763227d6ee4bb0fb7963e931333b5c21baf50ea16a48e8b785 |
| SHA512 | afc2e31fb189fbdb8bfd301b33a3d79b05ef831a5fa0dfd152c0fbacfcd8a52a17192bd9373b2ee84c5c917e8250ff4d58d6fd24ff9f66b903a748379e6555a3 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\AssocProvider.dll.mui
| MD5 | 8fc0592e6bae1c2c0b6faf5abaae06bd |
| SHA1 | 3d2b07af39c682fd1aa7b7d17949752ca02462d3 |
| SHA256 | a4384de24af2c0ee9e5ebf233e718c8cf4c5277a72139caf96d6458365f765e1 |
| SHA512 | 854d9994ac9297b5f141bbbb80f4be1ef137b359bfa1483e930a9626a84998192ad3b94d0a54397f50bcc7077b9988e2bfbd35f667a04c8840e0299c506f9813 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\fr-FR\AppxProvider.dll.mui
| MD5 | 8f047a75723e8729a4c84fa2c08124b5 |
| SHA1 | 63db578e441068b91bad9c6844697e4e2ead45bc |
| SHA256 | 3427511dafbbbd40a7fe1d7ddd4702befe6f0e00a7f1c437a2ffd9cbcb5f53b8 |
| SHA512 | 6bec1487f66f5da86d4cc7dd48c684dd63335b87c77ca01d80482c72250609051cdc2a9b56af3423b45e8d14e39ead725cc9a9dbc15fe6ecea74615335edfde4 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\FolderProvider.dll
| MD5 | 4f3250ecb7a170a5eb18295aa768702d |
| SHA1 | 70eb14976ddab023f85bc778621ade1d4b5f4d9d |
| SHA256 | a235317ab7ed89e6530844a78b933d50f6f48ea5df481de158eb99dd8c4ba461 |
| SHA512 | e9ce6cced5029d931d82e78e7e609a892bfe239096b55062b78e8ff38cce34ce6dd4e91efb41c4cd6ecf6017d098e4c9b13d6cb4408d761051468ee7f74bc569 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\FfuProvider.dll
| MD5 | df785c5e4aacaee3bd16642d91492815 |
| SHA1 | 286330d2ab07512e1f636b90613afcd6529ada1e |
| SHA256 | 56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271 |
| SHA512 | 3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\WimProvider.dll.mui
| MD5 | 263b263e5fe8c078a3866eadf7b2bf79 |
| SHA1 | 9dad2d78e5f130b72a39c15fc548935dc9b96005 |
| SHA256 | 43bc4c6ed713d8f04d359151edd47d6d63eb64a87ec37fb95c0fc8f056c8c023 |
| SHA512 | d8ba69b15420aaa6c1afb1bded5d0afb821c73e1ef538f06dff0f4d87520622cf0a5a989a480755a3cb35b9949098575c6beb51bb747352c280916e87fbf68cf |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\VhdProvider.dll.mui
| MD5 | bc6b19d90559744702c1687b0e5b376f |
| SHA1 | a3752de9ad56f2256a5190b01c641f173b60bfed |
| SHA256 | 631d6c84c00fcf1e7260734e92bee36243b8c40e97b853be1723dcae277ffaef |
| SHA512 | 9be6cdcbfb665a57e132388a0045a5ce6560740cf2d2d0537acaa7331cf1db2c6d0e1b2200d7cb892c7b6be47b73073a38e1ed6296631b7550a474110ef10800 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\UnattendProvider.dll.mui
| MD5 | 7601ef496c3f171373605aca6299eb4b |
| SHA1 | 92c25a096a96c690cb405b2d5e2df35a06044104 |
| SHA256 | e2988f7e6ad35863b56534824069aaaf34fadd2d27524e5d030b706576fd359c |
| SHA512 | 0729514091ed0e0468a9466ba3d6b73bfd10eb0a60e1905671c443f66121d84fab57f511bf989580a715e4ea9ff9172aebfe2cc177674c8c14adce5b8a8de157 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\TransmogProvider.dll.mui
| MD5 | dd549e06e8b1a71eef97ebcd494fcc10 |
| SHA1 | b020953e0bb6dd6ae80f881f59591d067e75c63a |
| SHA256 | 1be0b61e8978639eb2f66956a1604f6f0a2d668f868a9ff48b5db33dea812901 |
| SHA512 | 0d3f4700bd676a03d39460a7af08780eb06bfba2c9bbb6827ff8a39f37d0dc946de057ec2fd70715ce8839f55927cbea57c7d8b85a859252b0dc8d9a23c7b540 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\SmiProvider.dll.mui
| MD5 | fe9a7502d09360933fec35a1dd9cb46e |
| SHA1 | 58721b66c428b32619d7f09568e86fa1a9339849 |
| SHA256 | ee5a25b54776a63bc5bdd9a5ac3c6cacc7bf2b7f3761d2b489ef0060e5ac031c |
| SHA512 | 9f8c752a19e8404c7c9497fc9b457404eeaed2d6a071aeb4927fea7c2d3fabb1547e479d8525547f4c190a56113a26a53575b4a7e4bb76c65ea656304b753a0a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\SetupPlatformProvider.dll.mui
| MD5 | 54e7735303befc4017c8f7f79c70ac7a |
| SHA1 | 0e165c98d94ccadb80aaa8bba7644f50dd16c119 |
| SHA256 | 79bd40a61064b856fa169d2ab92e0f41202f08fe78b5c749c9bfb96f471792fd |
| SHA512 | 125cff3faea70c3a7e0a3279022685d23bd0829ae7316ee2dc9afb568d03cdad4ce5d948776a736fecfc4f90d9dd655639ab4f2ab7610ad1ee41c48959ab71e0 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\ProvProvider.dll.mui
| MD5 | 465ff43b338a4059ee0308a8de105a98 |
| SHA1 | 0811614122cf0b8e23f805789b1910f788b20ffb |
| SHA256 | 49d4ef65391503ab867354dceeb241e7690c92383458fd3349a85c669b80bd49 |
| SHA512 | 05ccaeea8e613ca50612b73b16175d77f68171a1e5af5111d382fccc88ecc41f83ae84f4c4d91885649197557e0b4c19bee3b23adfd13022b482cb8a92c3b728 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\OSProvider.dll.mui
| MD5 | d1f7a1ea380d32e97056793baba7cb6b |
| SHA1 | f5bae8cfdff3e45aaea570d0425b47833e2da197 |
| SHA256 | 344d70160791fa6d5e4b39afa0ebe996a4e6092672ce1e0750b4c640ca8e6a18 |
| SHA512 | 95def4c80bf43a8e9e7cf6dc272e4eb7e1847e5fa997c8a3f2ba53b9bb337289bacd8fd8a719b75818d44ae33ff817fdbf572296b258254543aaff98792a4649 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\OfflineSetupProvider.dll.mui
| MD5 | 19575370d599f89404fe876b132fd170 |
| SHA1 | 968fdaee7daed95a62cfa33cd03c42804dc96652 |
| SHA256 | 2ca9f61d307e874e29fbfcc90645a797c82a0891d9ecfd7c3aefa8ea759a2bc5 |
| SHA512 | d35a383e49e2614019fdfdf585b607caab3ecaee6e577793863b8a1b84df2bc76de09577c9474b098d026523539f6e7b7d63071dfdc601821b5aad73f060e00a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\MsiProvider.dll.mui
| MD5 | 8cf549ca23aa04d862ebf6e6e607cc54 |
| SHA1 | 6348fbe4f32a01460de297e472343b3c0b32e34b |
| SHA256 | 634ca4c93f54c358d1c541059a2e60fdc4a11f38ab676ed379a9e38a2fb3797d |
| SHA512 | 5cb719abbaac3498cdded40ea191158621255f1fb958835e01809ef7532e5e8b3ad03af1170f0464dc7bdcf49230457e86c8c58640716c629fe659e94112fce9 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\LogProvider.dll.mui
| MD5 | 49546b639236f0f120a4982ba840f563 |
| SHA1 | cc080e0ce4cfc5a5e1bcc02823875234c05759f6 |
| SHA256 | bf2d54f231f3e814a401b6598793dc3604e2d381c3b3d9b5479c9fea87dad2bb |
| SHA512 | 8e6f8cd409a601be098fb1e61e733e5ce7fc06e365442e7a2ec508dd44bad2b10bd45288419bb672be5a278501da965831c8e92da545af8a3070ba66a4b01a8a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\IntlProvider.dll.mui
| MD5 | 7a667def21a5d84e95c0153e463667e5 |
| SHA1 | f980aab6026c343c535441fd52283713183e128b |
| SHA256 | db2888717225eb457283c28424f1ce53397d0aa321b7619ebe0884cd10fe6c15 |
| SHA512 | dde58035cf1e53d4afe66aa69fee934ca31264fb4c12dff62c39a4bd47381e4c07a977b58dd4020d41f0c7bbc502d5ee6f3c43628d4fba8261a82662ea4c666a |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\ImagingProvider.dll.mui
| MD5 | cc4d83d9206a2352295b036204b1e1bb |
| SHA1 | 89647c71480550dbd8ed0fe5039d53996715be9f |
| SHA256 | 116a74db2b5024a38307080651aeeb98d15212b1c2547822421f38dd43699714 |
| SHA512 | 87285d309a6410e006eb5b3277de4219bc836f531211677e615e875ea903462a38ac8be66ed08dce804d7b782eb4f4c01f73de5c3a0f90a36859b87b56fa0c4b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\GenericProvider.dll.mui
| MD5 | 5699303a2d4970f89360068b6dde8674 |
| SHA1 | 371a7b79e71bad4d7da3fc5d79b0be08251fd7b6 |
| SHA256 | 26995bef958d5c2b5748f3f17d2767a9918ef8f2a82b98859913656b70e23358 |
| SHA512 | 8a8d07a4127510950a96701870aca16e315732c88a3d359133c08820a4f0fc4df8eb62364b80af1e7792da5a5bb4c453938c96acea208434f9e6995efc7002bf |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\FolderProvider.dll.mui
| MD5 | c514bf1f906c4505b159ac558b3192d2 |
| SHA1 | 0c97fa7adda3da788f6cdbec0aef00e68bc46402 |
| SHA256 | 09eb31cca48ab46aa3ffeb1efa50ee1a0bb58fef66328fa2f71e06e9f0ef5a2e |
| SHA512 | e9b6c78179f394d5c69718d9ce82bd6f6b278067b68a79e9138cf92d48554ffd65c47a722dc02b9031a89ed23065c5fffb529f2ff35856c20c41d5d849fbe915 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\FfuProvider.dll.mui
| MD5 | 4fe1ece3b234048791d5d97844fe3304 |
| SHA1 | dba744f5c41dd136e498acc442da8bd5e0455ba8 |
| SHA256 | a7a6297f75e30830ddde1f5dded0a9131a1e9d9dba0182ce7d9f5fb8fdb72726 |
| SHA512 | 74e74eb1c561be31edb1c944838170e9ffc554ed0484fd7a99381e4cd61bb559e4ce7aa6a785f294df991b0d76b4bec841032e1f9e4c23217051017c3fbf5feb |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\DmiProvider.dll.mui
| MD5 | f1414df5b1c4c9aa010b60fc0f49c28a |
| SHA1 | 75649556f45c3c0e4566307598472937f994b725 |
| SHA256 | 3717e900e1490eab331474a0cf20010a5f775d6c45bd6d3406cfda8e6241f864 |
| SHA512 | d0b33c06fbbaf9a721803e7ecf1130c91e2234fd3dcedff291fae1d828a6c486229f670d8d3fa0143bb2604bc7b370f71e9f618fd7aa609acdfdf1667d014fc1 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\DismProv.dll.mui
| MD5 | bc47aa123dc9506548cade2321707cc7 |
| SHA1 | dd401731adcb6623d37e35dcbe8bcdf6b6adee7e |
| SHA256 | b9c42d0a45fbdf2db979922d60e3f3dea41c2dbccae80de432674758fb23bc0f |
| SHA512 | 4d3cc7027323020c6c6bdaf6c52541ffbfe144d2285b549004ae6b724f24b9efddb7d3a7ca5053786d67e6181e1a3ff2acc9b231ba42e36113603dd6402204db |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\DismCore.dll.mui
| MD5 | f91875c04330d1f8cbb6bcfa1637be8c |
| SHA1 | abb88cf8347b02b9a3939d8eaa0a762f09520e9a |
| SHA256 | 4ca363ac6299a3eff6f099c6897ad45793fe0e2093f6f2782614b7a98bc40ff1 |
| SHA512 | c1439fb8c0ac0872247d64fb98ad49b158cb0d742f40d836e2086c97606b6bec0ad29b8c5fae6ea72c6695cf34efe2e3dacf87be5874fcadacd0439ca19d08f2 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\CbsProvider.dll.mui
| MD5 | e5fe9e638b4744b799579563e433aeaf |
| SHA1 | 380b3f0fb659fc43f5fadfbcccb4fee049a668c4 |
| SHA256 | b6517203d9dde04a3b8a715cf47f83825928e4316e09763fe3cf0f6e1b1d8cd3 |
| SHA512 | 5bc2100c11847c4744673e894d3c8722053271f3bf15788e4f25bcc2a14089cffb761784b260af593463abbf3a9efaf7988f946005f94be016743b8369e695b2 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\AssocProvider.dll.mui
| MD5 | 2168d71b7fd5330ab5fcfcb5ab1b1c07 |
| SHA1 | 2d8042e479875499aa2093c8bd245c2291739144 |
| SHA256 | f4b88cb87179472655041518d123149eb49f1f484fe581805e3a2e35c4b1e344 |
| SHA512 | 409ee809194bbc5bbfa5081a368f8834828f396e56d00436ac8f1c30bf7b0974bbae1b8790dfc08a1b6d83f771493ef7b0372cce4feb079533254f5ed665e360 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\es-ES\AppxProvider.dll.mui
| MD5 | 842ef8185050a821269f5e2ed5f0490a |
| SHA1 | b39d06f75aa4b9b46f342d07f26c84f64ba517d9 |
| SHA256 | 41c8b7200845f5ffd7466dcae1db7b8c25833f2f8118593f8c2770246a322a4d |
| SHA512 | 0ce48d990885e90a06f9829e626a73c3be7a8b214816d2792af75ff7c708ac55d047895d773052a2b67f80e3c61def222a0b78450ae3e48b5ad7c20faaeafc6e |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\WimProvider.dll.mui
| MD5 | da1c1b3e004b71b15638d091c0c82c56 |
| SHA1 | a1195ca1caa80e9f463c443737d97b4b966fae0f |
| SHA256 | a9eebcb85a0271061ac620ff9d2a6d22332721c782aeb06ab1ccf1149bff2aa4 |
| SHA512 | df373693e971a85397850107f233914a09478cbeee9b1e1903154f8693842b66fdb2ea0de4403aea7cdeca0c70d0723733c8a2938e90e07987d5eace6b481ef5 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\VhdProvider.dll.mui
| MD5 | 0656529f4d1b3ff2d4deffbaf18ce95b |
| SHA1 | ffcf4f53bf767bcd4f6044082b82c4f25598b5c6 |
| SHA256 | 2ba085379434b3f9fcb0c70c2bd02a7f4f0170e6160578a583eb42c8d333fab7 |
| SHA512 | f17b6c4087498af8951ea0f80f65923713e410458669f3e19624ab6e225222d1f2bb1e6779e5aae328aca88acec940dcf9c9447b83dd27dc6616625f005dec1c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\UnattendProvider.dll.mui
| MD5 | 8acee3337dfd444254bb8abdd3c29ada |
| SHA1 | 25d98d3426f32fa199c026b6eb829b469609b2e3 |
| SHA256 | 11f7957b8cc57dd7176f62b0612e658d6588b7caa8be4db3a337953b02b98c24 |
| SHA512 | 2849978060fa6e1fcfa37c870ae59ef22a67c0f8653468e07803422497fcc7275409ed0c36fe2d8e88026c13c82705abed771b4492761eead24cb5c32bdf2ea7 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\TransmogProvider.dll.mui
| MD5 | 2138fda89b1a5a18b32aed1d8762cde5 |
| SHA1 | a476f7dc86e62c7dc0edf27bb778174348cac566 |
| SHA256 | a75288f9e83cccf2a6a644ff78e6c26dadd5772a2626f80120b81975664e7dab |
| SHA512 | d7cbf569b5d57730c81fc121e92e1042a37e07922c02f36efac3769622f40234c70dafe9ed88a659d90c3855b5240f67f99b55ddecc46eea0e28e5b80ecc820b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\SysprepProvider.dll.mui
| MD5 | 93d076056dd01dfc64d95d4c552a2dff |
| SHA1 | a90fd06a62c6d63d87e00f5f7e9646b44d2c726a |
| SHA256 | 4389362a9dc662aa3c7a1d830498472bc586e00f0d269a8541975a34b03a1aa4 |
| SHA512 | b089574d4be0ccae205219c9e256de34c039081a547f05acfe4165d036b175de5d9676160effc3c19d87bbb41d0f415da598e507ed8f7b302cdbfdfb81f694ee |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\SmiProvider.dll.mui
| MD5 | f32e38247d0b21476bbfb49989478f7e |
| SHA1 | b950fd72ea2a6a94ee049454df562aed79ca1e35 |
| SHA256 | a1a302e940f6d6718700737b787af7a2053ef68b5ea2ec61497e7ae2444c5835 |
| SHA512 | f483807d790a4bc3e68d6d1f986bd4a57b4a67c91fb3dbef88220a4b510f11d1190cdd98a857eb1937e921e668dff2bcb5e4a7df640b1f3639ce6d2239ff8106 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\SetupPlatformProvider.dll.mui
| MD5 | 73e78fbbf6e6679fa643441c66628d37 |
| SHA1 | 57b70e6226c0cf3f8bc9a939f8b1ec411dedeff5 |
| SHA256 | 5d4dfc9bde18be1ec0b3834a65de6abab581e04c8c4f66ee14a62fb4b1b4cd06 |
| SHA512 | a045a6cdf9ca989b3ed9a50cda208affa17372f65b1d86e1bf4c10b5d5e3fee58c5d4b8ec0749a54e2e2156ed0e9776b59a8d3b78f062349873cb574ab3f77fa |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\ProvProvider.dll.mui
| MD5 | b8a8c6c4cd89eeda1e299c212dc9c198 |
| SHA1 | f88c8a563b20864e0fc6f3d63fadda507aa2e96e |
| SHA256 | 50ad19e21b6425d12aa57cd4656748877db1f147189ec44abb19ba90be8505ea |
| SHA512 | 4a6f0dac5b3b18e4942ce5f51b566ce3ba465baa43457384ee785d1c0e7c33f9b9396a143aac0398a34e4e2f7d704ba06d3cc68761fd3cb6f53f4043a906e475 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\OSProvider.dll.mui
| MD5 | 0633e0fccd477d9b22de4dd5a84abe53 |
| SHA1 | e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9 |
| SHA256 | b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706 |
| SHA512 | e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\OfflineSetupProvider.dll.mui
| MD5 | 015271d46ab128a854a4e9d214ab8a43 |
| SHA1 | 2569deff96fb5ad6db924cee2e08a998ddc80b2a |
| SHA256 | 692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec |
| SHA512 | 6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\MsiProvider.dll.mui
| MD5 | c5e60ee2d8534f57fddb81ffce297763 |
| SHA1 | 78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2 |
| SHA256 | 1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145 |
| SHA512 | ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\LogProvider.dll.mui
| MD5 | 8933c8d708e5acf5a458824b19fd97da |
| SHA1 | de55756ddbeebc5ad9d3ce950acba5d2fb312331 |
| SHA256 | 6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6 |
| SHA512 | ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\IntlProvider.dll.mui
| MD5 | 2eb303db5753eb7a6bb3ab773eeabdcb |
| SHA1 | 44c6c38e6ae5f9ce9d7ca9d45a3cc3020b1353e4 |
| SHA256 | aa43b64db4fdcd89e56ba5309f3ba2ffac2663ba30514e87c160687f4314221f |
| SHA512 | df1c8cefed4b5ef5a47f9bc0c42776611b3af709938a0900db79c6c9f4fae21acbbb6c4b1cad3c5a2051b622fe7e6e01486d34622742a981623fed933f1b1427 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\ImagingProvider.dll.mui
| MD5 | f2e2ba029f26341158420f3c4db9a68f |
| SHA1 | 1dee9d3dddb41460995ad8913ad701546be1e59d |
| SHA256 | 32d8c8fb9a746be209db5c3bdad14f361cf2bef8144c32e5af419c28efd35da3 |
| SHA512 | 3d45d7bcf21d5df56b516fc18f7dc1bf80e44258b0c810b199a7bc06047a547060956c9d79575b82d9b6992fb5fe64f5b0ef1e408363887ae81a64b6ff9fa03e |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\IBSProvider.dll.mui
| MD5 | d4b67a347900e29392613b5d86fe4ac2 |
| SHA1 | fb84756d11bfd638c4b49268b96d0007b26ba2fb |
| SHA256 | 4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5 |
| SHA512 | af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\GenericProvider.dll.mui
| MD5 | d6b02daf9583f640269b4d8b8496a5dd |
| SHA1 | e3bc2acd8e6a73b6530bc201902ab714e34b3182 |
| SHA256 | 9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0 |
| SHA512 | 189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50 |
memory/5748-2195-0x000000006E140000-0x000000006E18C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\FolderProvider.dll.mui
| MD5 | 22b4a3a1ec3b6d7aa3bc61d0812dc85f |
| SHA1 | 97ae3504a29eb555632d124022d8406fc5b6f662 |
| SHA256 | c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105 |
| SHA512 | 9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\FfuProvider.dll.mui
| MD5 | dc826a9cb121e2142b670d0b10022e22 |
| SHA1 | b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9 |
| SHA256 | ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a |
| SHA512 | 038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\DmiProvider.dll.mui
| MD5 | b7252234aa43b7295bb62336adc1b85c |
| SHA1 | b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f |
| SHA256 | 73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c |
| SHA512 | 88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\DismProv.dll.mui
| MD5 | 7d06108999cc83eb3a23eadcebb547a5 |
| SHA1 | 200866d87a490d17f6f8b17b26225afeb6d39446 |
| SHA256 | cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311 |
| SHA512 | 9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\DismCore.dll.mui
| MD5 | 7a15f6e845f0679de593c5896fe171f9 |
| SHA1 | 0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4 |
| SHA256 | f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419 |
| SHA512 | 5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\CbsProvider.dll.mui
| MD5 | 6c51a3187d2464c48cc8550b141e25c5 |
| SHA1 | a42e5ae0a3090b5ab4376058e506b111405d5508 |
| SHA256 | d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199 |
| SHA512 | 87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\AssocProvider.dll.mui
| MD5 | 8833761572f0964bdc1bea6e1667f458 |
| SHA1 | 166260a12c3399a9aa298932862569756b4ecc45 |
| SHA256 | b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5 |
| SHA512 | 2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\en-US\AppxProvider.dll.mui
| MD5 | bd0dd9c5a602cb0ad7eabc16b3c1abfc |
| SHA1 | cede6e6a55d972c22da4bc9e0389759690e6b37f |
| SHA256 | 8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3 |
| SHA512 | 86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\DmiProvider.dll
| MD5 | ea8488990b95ce4ef6b4e210e0d963b2 |
| SHA1 | cd8bf723aa9690b8ca9a0215321e8148626a27d1 |
| SHA256 | 04f851b9d5e58ed002ad768bdcc475f22905fb1dab8341e9b3128df6eaa25b98 |
| SHA512 | 56562131cbe5f0ea5a2508f5bfed88f21413526f1539fe4864ece5b0e03a18513f3db33c07e7abd7b8aaffc34a7587952b96bb9990d9f4efa886f613d95a5b1b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\DismCore.dll
| MD5 | b1f793773dc727b4af1648d6d61f5602 |
| SHA1 | be7ed4e121c39989f2fb343558171ef8b5f7af68 |
| SHA256 | af7f342adf5b533ea6978b68064f39bfb1e4ad3b572ae1b7f2287f5533334d4e |
| SHA512 | 66a92bff5869a56a7931d7ed9881d79c22ba741c55fb42c11364f037e1ec99902db2679b67a7e60cbf760740d5b47dcf1a6dcfae5ad6711a0bd7f086cc054eed |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\WimProvider.dll.mui
| MD5 | 343f4a62507463d6735db2abc8aa56dc |
| SHA1 | e9d0042a4a42993763474265a0f717ab24f7b8cc |
| SHA256 | 3c6acb208af7429951c84269de19728cdaa8496a092dcc48fe322969145a1e65 |
| SHA512 | 67315ee7514f882ba41e29539d9e22b5b95cc51c6795394c8371d16341f250688a817aa43b5bb18ae9240070d27b81cddad7765f26809b396f03718ce66c0fab |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\VhdProvider.dll.mui
| MD5 | f8ccefd0f946e4de14c9cc3aa10b6cce |
| SHA1 | 8b4386cba281c9d9976cc275b8ae4251ef33b4ba |
| SHA256 | 81ba836c643fc05e892b6847b581ea6de4cd893d05a88c29f828f75c1934e834 |
| SHA512 | aa169db993e280da776e3b2fd0813b8e9ff72e7d5050f738459b651fc6039d574ecc159288a32ba9efe8a08a5b2e94ad858cdc6d2ee1f6422b0855a71fe59d08 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\UnattendProvider.dll.mui
| MD5 | c65d4b456f46c339e3995a25fd4cb6af |
| SHA1 | 35c524248ef5ce7240018c7c0dadd8507fab6e96 |
| SHA256 | eff8993acf5602ff526ceac5bb0964555fa41b9f62b9c26a32bb6ff7a077f357 |
| SHA512 | 28ac91810c06a28b18fa70b63ff0af74e9068b6bd08937edcfee9ce6285c07216399e7108eb8d6b8a3fc3129513f61ab4af3ec480e00f6fb704fd3cd78bb8ebb |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\TransmogProvider.dll.mui
| MD5 | a7c5cd3a8c35738f7be6637f9d74e739 |
| SHA1 | d55fc603d0b14c2b159c38915d992029dac04d94 |
| SHA256 | d8e33f28d9deb661feaca095c6a73c54679d00147bdf35bec774f4f481090477 |
| SHA512 | cbb3b9cde1840425fabd79663f43278b38a0ff21a704273e7c757797f76f7cfcd1bfab39298fbae465700ed62d40612c57712a309a52d6be0015a576cdde24f1 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\SmiProvider.dll.mui
| MD5 | a6d24ca7b0a14a3fd8a53e50ae511aa2 |
| SHA1 | 5b89222c5078172741088093a45aa630fbc65f5c |
| SHA256 | 3351ea8ebcc292ace596981fbfeadb13fab2132a3f4ca7a73389e203156ab272 |
| SHA512 | 07261d826b3b22bc84d1574a5089905c95a1ee9a2b92e8c7baac8558add8ed43e182234292793171d4fd6544c2f4cb77c89952fd53399d95648c7dda88285eee |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\SetupPlatformProvider.dll.mui
| MD5 | b7ea724078b33c1d66fd3b262ee84ce3 |
| SHA1 | f5cb0091b1796c2f38f91c728bda8a53005b229c |
| SHA256 | 3f607ebdf37ceafdbb57227bdb2f581ece3cbe82fecea2bf9c9e697883738271 |
| SHA512 | 3b0485ed8e07ef9dab7bd87b4a3d8190e7986259fe72da7b139c249dbbc3b76abbcee30e0d3fc7ba678b139dc50cb95533e146db49001151ea78ce509c10639f |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\ProvProvider.dll.mui
| MD5 | 8b06fdc5e1da9820ceb1ea9fc44ca999 |
| SHA1 | 48ef01c83bec84ea711652bceb214d0c86585cf0 |
| SHA256 | fe6f1404c1f4c8db52919f157e4b7c7bc2f7fb989aff66c9d93a08daad80923d |
| SHA512 | ee4eaabbd9e20c57326a75376ede7bde7aeefc1e9e183fcb66608ceff12256ef5dfa7c6b6ade3f02fe843223f4a609374cb9fef8f58c5a78aacfffb1405041bd |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\OSProvider.dll.mui
| MD5 | 5cfb24402d08d912795b5afd13e13363 |
| SHA1 | 6c3eab43d71bae4fc20a36308ac1369f1d8d3ea2 |
| SHA256 | 386c557aee0130efcbf08cd773c4409e3b191ef5671daddaa5212bd90f46e023 |
| SHA512 | 187111b9557967dfe7a9ef2c02df477d9f306beb32876a480c44216f59c7b3dfb2100916a877b7f6aa2e2f8e543bd78bec40741868ad2ab5af297a3fb38ecf64 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\OfflineSetupProvider.dll.mui
| MD5 | b6a9f328e947bd6af861e9a1ec486d87 |
| SHA1 | e81ba25d1b7a5df38ff6bc3ab963bd441e903fda |
| SHA256 | f33f03621a2d57ddac266af2af7b32f6dd1734b562a667465157e4961acd8a14 |
| SHA512 | 35cdbd81c5959886ad26866d280b1a2beeb1725991489426e9386c2240d2ddadcebaf4793733ac9f778e0b47ed8114f6a531721e9ac6c4da65d044f800eaa304 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\MsiProvider.dll.mui
| MD5 | 05ff17eb521d849cd7669ae3c0f987f1 |
| SHA1 | 10a05faac056172a526b4cd5aea76e42a5eacdd6 |
| SHA256 | 4ee8c55d8c83cffef3f00faa581c12f2c76c14b2b9a26fdcc512c45f5850e6ec |
| SHA512 | 8a94a0f83fa08e0738510f0bfac9ed2c4015d1f03b2045c2ad0c0f4ab432cbdf2d19d9d403dc86a112ad1ad9793fe1096578d52ea27da5fba5677ba951e7bbb6 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\LogProvider.dll.mui
| MD5 | 59e64d30a6474624a8f9fc4e08ed6404 |
| SHA1 | d9f033841af974249b7d239db1c0ad1e58fef813 |
| SHA256 | a4f2cf869d38a9a8416201b88dfcb1fa430f23d4e4666fe9e16fad4632507817 |
| SHA512 | 47984417cc55cb1d88394bca67399d3e9a45c912a236aec922b4dc3df11884c9fe78a201179c3ac81c970f032c88078639c0a85c81ba3e07ff30722af027d038 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\IntlProvider.dll.mui
| MD5 | 4ecda6437cfccc9757082807dc2452d7 |
| SHA1 | 82b4d4ee6770c95f81858e78679768114c448e6b |
| SHA256 | d44228a806821c3278d39984d025da79c8970649bce4183f70b8d666aa2abf46 |
| SHA512 | bad594522ab63f4a3d578ba617e5dde8a0e65a1d5edfe456dee34e0c0023b23c2858fefdb2dddef366498f92660aab83648fcc7d010706cb03e6592af53d269b |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\ImagingProvider.dll.mui
| MD5 | 20cb06e83e67d929510963f6571b9ae4 |
| SHA1 | f034408047576d34174ad38b21fc7c06dd04b663 |
| SHA256 | 4d3a30c1d716255488dfa53ffb71a2fe8f5eda48617a9991de69525fb40b9c34 |
| SHA512 | 7f9488aa59a12faaf9825ff3ef7d0540329162d35d9a7fc4d27d041c5c4050ceb8362ddb7e8c1a1ed924f54b5717ab14e796c6454fa9efd385f111f290450e62 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\GenericProvider.dll.mui
| MD5 | 9547095b7e78759943044a014ab80099 |
| SHA1 | 19f3517cf067be623c8cfb5f9e90241a21be3d94 |
| SHA256 | 9f18fdba0b24a584659da2997d7073ce657c060687f9036ed5c47c4db3d0b155 |
| SHA512 | ad499c7708e28fbcf90e3349b83eb029d50e876351749d78e240e12b8a32f7b2ef055a80c96d747585f10f1f4ce26e7ab61c0eddce731e1fe192153c225acf75 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\FolderProvider.dll.mui
| MD5 | 24b20f5fad20048fc14a7777d11d0350 |
| SHA1 | 116c017fa5fa6eb1d8a9db4be27aa55654d53c23 |
| SHA256 | 044382ce1f1d731a50861e19a3cbc7b40138392bd0f317fe8c9eaad305a5b3a7 |
| SHA512 | 8d70563874b7755714e477f1212dd30fa5e51da81516defedc7f6936bf06d275e2b958c732eb1372dc0bf8928c2d9fc00fb2e2c6a2e68d340fa9a5d782a15479 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\FfuProvider.dll.mui
| MD5 | bc34cbf542427b8e6c85441d15aedbcb |
| SHA1 | 6bbacc62093646ca2ad993cffb4a15337ddec11c |
| SHA256 | d9cc3f6b08116296d921f3c56bc211d1f56f36f9a6b08392bf6f8f7515861bee |
| SHA512 | 21c99c423b3e49c9c90e4289b8066b7c7081d59c82cf5e6c2872159eadbcd56e65bf5b93a9392c5b0a935ff6a5dc19adf515c55710e9d77612cf14215e194975 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\DmiProvider.dll.mui
| MD5 | 9861832e96c289f4e834a2263549a355 |
| SHA1 | 684dce192f4522cac5c776511502981be1bae64b |
| SHA256 | 56f92229f79906dce5824f81c5c968ff233fc8127e72129a8552b98e332b987a |
| SHA512 | d525730dd85ff4b661305fa1ba64249668c36b8d2b440ae679bb0fce83b720dea4284c0357fbd0703b738ef374564ad1f0a5bcc83fbc7ac55bd2c8aabbabc6a2 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\DismProv.dll.mui
| MD5 | 90a53f35c435b710ead5f59a5f0a1eee |
| SHA1 | 9c3ce85a0d05973f0e516ad61f2150319212d764 |
| SHA256 | 774266655f7114036ba9054cb1edc73ef188168efa8762d096a8169f0d50bb58 |
| SHA512 | 9851673e2a9ac58417a9ea115e401a8b0e6eed0f5d9d75c4063d62afb45ef5e4e2706bed3ca56bd3ff521fefeb26ab6ea7cd513a60bab90553bd2fac2beb3fc9 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\DismCore.dll.mui
| MD5 | 5b56a6ddfed91aec68fa7b50a5fa2dfe |
| SHA1 | 70e0a4a04b4215e7457be47a6eb5d8cf13032c5c |
| SHA256 | 8b47478a4a01aed9e05d57f874e5171bbed36b5ab8d658053f8677ef9179e2b1 |
| SHA512 | c57ea23952b262c4cf01fe84c7c69014c6f1fec712343179e2bd565c35182421f6382e827f9badb6fedf3057a9a4cabe018193105c03997ecb3c769f4ea6714d |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\CbsProvider.dll.mui
| MD5 | 1773dec13e58de37ea1cd9f7e6aaaee3 |
| SHA1 | 9b1cf9e8c734bd6e23dbba3daabb8d9405cfccee |
| SHA256 | f3ece84f5b96a2bcd79dd09598aa3b8d7e562f420a4d004e4f9f28889d14a7b4 |
| SHA512 | 21083657e88f223ddfbad07aa7cdcf9052e6347a7de4ca9eab87bd0ff612fe9d81e6821e584e0595d181657fc6d78b61edb6a8f4ee01d260bab1083286a575da |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\AssocProvider.dll.mui
| MD5 | 69feb6843b1b243b7ee81dff3d30898a |
| SHA1 | 5b9fd290c0038d39a7cc8f3fdbaa8efb1e8579df |
| SHA256 | 682f5b62ec816f2e9c603d54100ca2a04f0ef53d293ab9fda4d88d5b954f574a |
| SHA512 | 97e20f0052ae3fa499aed6cfe3b905f2b4c9d817aa0e8d81ca8af2de5f2d62ecbc3250d243e5fa9f64fc371b97d7b7a3d19c767eba1b096949a2f62701951651 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\de-DE\AppxProvider.dll.mui
| MD5 | c0eeea45b07503cdf6033132cdd444c6 |
| SHA1 | 4b81514fad963e87e7e070fce9a8614d5cf23baa |
| SHA256 | 51776526d963bdd7f1b1becb7e2a6ab37922188fef7c444c0474946ec94032e5 |
| SHA512 | a72e5ca651b3a36e55f206fa3f6a27bc3535f2bc3486a0e1e28a5df72d59b7968d5442384bd1902f4466c20319bacd1db3c7adbfa3101f9471521892dcd8d8d4 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\CbsProvider.dll
| MD5 | 6ad0376a375e747e66f29fb7877da7d0 |
| SHA1 | a0de5966453ff2c899f00f165bbff50214b5ea39 |
| SHA256 | 4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f |
| SHA512 | 8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18 |
C:\Users\Admin\AppData\Local\Temp\39757F6F-43BB-4A0F-B320-C061E5945D9C\AssocProvider.dll
| MD5 | 94dc379aa020d365ea5a32c4fab7f6a3 |
| SHA1 | 7270573fd7df3f3c996a772f85915e5982ad30a1 |
| SHA256 | dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907 |
| SHA512 | 998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca |
memory/4768-2151-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5612-2211-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/2896-2221-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5480-2231-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5328-2241-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5664-2252-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5512-2262-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5496-2272-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/4748-2286-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5912-2297-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5952-2308-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6108-2319-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6324-2329-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5792-2351-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6448-2341-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6388-2375-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6472-2365-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6248-2396-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6568-2386-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6788-2416-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/5996-2406-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7208-2447-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7060-2428-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/4608-2427-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6276-2458-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6912-2478-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7476-2468-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6296-2489-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/6804-2502-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7732-2513-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7580-2643-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/8060-2655-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7896-2679-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/8112-2689-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/7536-2668-0x000000006E140000-0x000000006E18C000-memory.dmp
memory/9336-2719-0x0000000007160000-0x0000000007182000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp15F5.tmp
| MD5 | bd2866356868563bd9d92d902cf9cc5a |
| SHA1 | c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b |
| SHA256 | 6676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb |
| SHA512 | 5eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2024-08-11.2029.6524.1.aodl
| MD5 | 5e11447fd582594adbeb3b068ae880f5 |
| SHA1 | 1f13b081294279324fe364d51b8f494a574d7a2c |
| SHA256 | 1fdb724f60681b65e338457e662892f8de8f8e2f2e885fbba59154fc2e228b3d |
| SHA512 | 837044a198c249e8900c6b4e8245a25f932b27d1e0278e65eb58626624571002ad0c2a0d4a1388b81d55bfe0263c70947ef818dbb280c5664c12fbb267b42f4b |
memory/6748-3331-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3330-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3329-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3338-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3337-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3336-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3335-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3334-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp
memory/6748-3333-0x0000029CFF5D0000-0x0000029CFF5D1000-memory.dmp