Analysis Overview
SHA256
d0c09d6aeb8c991479bc825f9b45a04d9ba75fedf09dc57237e21467af3f31a3
Threat Level: Known bad
The file Optimize_MasterPack (1).zip was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
Modifies security service
Modifies boot configuration data using bcdedit
Event Triggered Execution: Image File Execution Options Injection
Command and Scripting Interpreter: PowerShell
Disables taskbar notifications via registry modification
Server Software Component: Terminal Services DLL
Blocklisted process makes network request
Modifies RDP port number used by Windows
Sets service image path in registry
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
Unexpected DNS network traffic destination
Checks BIOS information in registry
Event Triggered Execution: Component Object Model Hijacking
Drops desktop.ini file(s)
Remote Services: SMB/Windows Admin Shares
Enumerates connected drives
Maps connected drives based on registry
Legitimate hosting services abused for malware hosting/C2
Power Settings
Drops file in System32 directory
Launches sc.exe
Hide Artifacts: Ignore Process Interrupts
Drops file in Windows directory
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
System Time Discovery
System Location Discovery: System Language Discovery
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Delays execution with timeout.exe
Checks processor information in registry
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Kills process with taskkill
Runs ping.exe
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies data under HKEY_USERS
Gathers network information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 03:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 03:00
Reported
2024-10-16 03:37
Platform
win10v2004-20241007-en
Max time kernel
2214s
Max time network
2215s
Command Line
Signatures
Modifies security service
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start = "3" | N/A | N/A |
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Disables taskbar notifications via registry modification
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSVC.exe\PerfOptions | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSVC.exe\PerfOptions\IoPriority = "3" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSVC.exe\PerfOptions\PagePriority = "5" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\IoPriority = "3" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSVC.exe | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSVC.exe\PerfOptions\CpuPriorityClass = "3" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions\CpuPriorityClass = "4" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | N/A | N/A |
Modifies RDP port number used by Windows
Server Software Component: Terminal Services DLL
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServiceDll = "%SystemRoot%\\System32\\dnsrslvr.dll" | N/A | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\ImagePath = "System32\\drivers\\tcpip.sys" | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Windows\system32\reg.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\888F0B91-C58F-40AB-9238-16C194221F87\dismhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\FilterKeysSetter.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\speedtest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A11D255A-5413-44DC-8C3C-4DA29B5DA466\dismhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28285E45-C057-4E08-A0F3-97D9B76085C7\dismhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\B9D02E18-26EC-470D-8EED-D11C48DAFE94\dismhost.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
| Destination IP | 1.1.1.2 | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\OneDrive\desktop.ini | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\cleanmgr.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\NextInstance | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Windows\system32\reg.exe | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Remote Services: SMB/Windows Admin Shares
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\NullSessionPipes | C:\Windows\system32\reg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setupact.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setuperr.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagerr.xml | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagwrn.xml | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setupact.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\setuperr.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagerr.xml | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\system32\LogFiles\setupcln\diagwrn.xml | C:\Windows\System32\cleanmgr.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\888F0B91-C58F-40AB-9238-16C194221F87\dismhost.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\B9D02E18-26EC-470D-8EED-D11C48DAFE94\dismhost.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\system32\Dism.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\System32\cleanmgr.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | N/A | N/A |
Hide Artifacts: Ignore Process Interrupts
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\FilterKeysSetter.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport\PowerCycleCount | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015 | C:\Windows\System32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Address | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\Attributes | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\System32\cleanmgr.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | N/A | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\System32\cleanmgr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID | N/A | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\cleanmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Windows\System32\cleanmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\DefaultRequestFlags | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LocationInformation | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | N/A | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information | C:\Windows\system32\reg.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000\ | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus | C:\Windows\system32\reg.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Capabilities | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Windows\system32\reg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Component Information | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 | C:\Windows\system32\reg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral | C:\Windows\system32\reg.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | N/A | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold1 = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer = "16" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server = "16" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | N/A | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Keyboard\KeyboardDelay = "0" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\Keyboard | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\Mouse | N/A | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseThreshold2 = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "46" | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Control Panel\Keyboard | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Keyboard\KeyboardSpeed = "31" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Control Panel\Mouse\MouseSpeed = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VERSIONINDEPENDENTPROGID | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9} | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{02C98E2C-6C9F-49F8-9B57-3A6E1AA09A67}\PROXYSTUBCLSID32 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{0776AE27-5AB9-4E18-9063-1836DA63117A}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{A7126D4C-F492-4EB9-8A2A-F673DBDD3334}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{1B7AED4F-FCAF-4DA4-8795-C03E635D8EDC}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\OOBEREQUESTHANDLER.OOBEREQUESTHANDLER\CURVER | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202020202 | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{DA82E55E-FA2F-45B3-AEC3-E7294106EF52}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\TYPELIB | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.tif | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\SYNCENGINEFILEINFOPROVIDER.SYNCENGINEFILEINFOPROVIDER\CLSID | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\21\Shell\SniffedFolderType = "Documents" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{5D65DD0D-81BF-4FF4-AEEA-6EFFB445CB3F}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Interface\{fac14b75-7862-4ceb-be41-f53945a61c17} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{466F31F7-9892-477E-B189-FA5C59DE3603}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\SYNCENGINECOMSERVER.SYNCENGINECOMSERVER\CURVER | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\odopen\shell\open | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\SHELLFOLDER | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\System.IsPinnedToNameSpaceTree = "1" | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{C1439245-96B4-47FC-B391-679386C5D40F}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\OOBERequestHandler.OOBERequestHandler | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\BANNERNOTIFICATIONHANDLER.BANNERNOTIFICATIONHANDLER\CLSID | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{EA23A664-A558-4548-A8FE-A6B94D37C3CF}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{869BDA08-7ACF-42B8-91AE-4D8D597C0B33}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\INPROCSERVER32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\0 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\IE.AssocFile.URL\shellex\ContextMenuHandlers\ FileSyncEx | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LOCALSERVER32 | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.bitmap\ = "PhotoViewer.FileAssoc.Tiff" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{F0440F4E-4884-4A8F-8A45-BA89C00F96F2}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{9E1CD0DF-72E7-4284-9598-342C0A46F96B}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\0 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\WOW6432NODE\INTERFACE\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TYPELIB | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{DA82E55E-FA2F-45B3-AEC3-E7294106EF52}\PROXYSTUBCLSID32 | N/A | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_CLASSES\INTERFACE\{C2FE84F5-E036-4A07-950C-9BFD3EAB983A}\PROXYSTUBCLSID32 | N/A | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\System32\cleanmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Optimize_MasterPack (1).zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe"
C:\Users\Admin\AppData\Local\Temp\888F0B91-C58F-40AB-9238-16C194221F87\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\888F0B91-C58F-40AB-9238-16C194221F87\dismhost.exe {6FD136C9-53BE-4908-B155-6A51A8862483}
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\Controller overclock\Tutorial.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\READ.txt
C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\FilterKeysSetter.exe
"C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\FilterKeysSetter.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\Batch_HyperTweaks.bat"
C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
C:\Windows\system32\timeout.exe
TIMEOUT -T 3 /nobreak
C:\Windows\system32\reg.exe
reg export HKLM HKLM_BK.reg
C:\Windows\system32\reg.exe
reg export HKCU HKCU_BK.reg
C:\Windows\system32\timeout.exe
TIMEOUT -T 3 /nobreak
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Set-ExecutionPolicy Unrestricted -force"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\power_settings_mod_31072021.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\Keyboard.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\Disable_Cortana.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\Administrator_CMD.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\mouse.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\Enable_Photo_viewer.reg"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\reg.exe
REG IMPORT "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\AccentColor.reg"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name MTU -PropertyType dword -Value 1492 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\AFD\Parameters"|New-ItemProperty -Name FastSendDatagramThreshold -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft' -Name 'MSMQ' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\MSMQ' -Name 'Parameters' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\MSMQ\Parameters' -Name MTU -PropertyType dword -Value 1492 -force
C:\Windows\system32\netsh.exe
netsh winsock set autotuning on
C:\Windows\system32\netsh.exe
netsh int tcp set global fastopen=enabled ecncapability=disabled rss=enabled dca=enabled
C:\Windows\system32\netsh.exe
netsh int tcp set global nonsackrttresiliency=enabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetTCPSetting -MemoryPressureProtection Enabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetTCPSetting -Timestamps Enable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetTCPSetting -SettingName InternetCustom -MaxSynRetransmissions 3
C:\Windows\system32\netsh.exe
netsh int tcp set supplemental template=internet congestionprovider=CUBIC
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetTCPSetting -SettingName "InternetCustom" -CongestionProvider CUBIC
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetOffloadGlobalSetting -Chimney Disabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetOffloadGlobalSetting -PacketCoalescingFilter enabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetTCPSetting -SettingName InternetCustom -ScalingHeuristics Disabled
C:\Windows\system32\netsh.exe
netsh int tcp set global autotuninglevel=Restricted
C:\Windows\system32\netsh.exe
netsh int tcp set global netdma=enabled
C:\Windows\system32\netsh.exe
netsh int tcp set global rss = enabled
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetAdapterRss -Name * -Enabled $True -IncludeHidden
C:\Windows\system32\netsh.exe
netsh int tcp set global rsc = disable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Disable-NetAdapterRsc -Name * -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetAdapterRsc -Name * -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-NetAdapterRss -Name * -Profile NUMAStatic -BaseProcessorNumber 2 -MaxProcessorNumber 2 -MaxProcessors 2 -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Enable-NetAdapterChecksumOffload -Name * -TcpIPv6 -UdpIPv6 -TcpIPv4 -UdpIPv4 -IpIPv4 -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Enable-NetAdapterLso -Name * -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Enable-NetAdapterRdma -Name * -IncludeHidden
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name MTU -PropertyType dword -Value 1492 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name MTU -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\AFD\Parameters"|New-ItemProperty -Name FastSendDatagramThreshold -PropertyType dword -Value 1492 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft' -Name 'MSMQ' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\MSMQ' -Name 'Parameters' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\MSMQ\Parameters' -Name MTU -PropertyType dword -Value 1492 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\NUMA' -Name 'SplitLargeNodes' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name 'Psched' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Psched' -Name 'NonBestEffortLimit' -PropertyType dword -Value 5 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Psched' -Name 'MaxOutstandingSends' -PropertyType dword -Value 196605 -force
C:\Windows\system32\netsh.exe
netsh int ipv4 set dynamicport tcp start=1024 num=64512
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name EnableTCPA -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe new-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name DefaultTTL -PropertyType dword -Value 60 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name DefaultTTL -PropertyType dword -Value 60 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name DefaultTTL -PropertyType dword -Value 60 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name DefaultTTL -PropertyType dword -Value 60 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe new-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name 'SackOpts' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe new-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name Tcp1323Opts -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name DisableTaskOffload -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name EnablePMTUBHDetect -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name EnableDeadGWDetect -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name DisableLargeMTU -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name TcpMaxConnectRetransmissions -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name TCPMaxDataRetransmissions -PropertyType dword -Value 3 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name SynAttackProtect -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name EnableConnectionRateLimiting -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name EnableDca -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\System\CurrentControlSet\Services\Tcpip' -Name 'QoS' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\Tcpip\QoS' -Name 'Do not use NLA' -PropertyType string -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters' -Name 'IRPStackSize' -PropertyType dword -Value 33 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters' -Name 'MinFreeConnections' -PropertyType dword -Value 256 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters' -Name 'RequireSecuritySignature' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'IRPStackSize' -PropertyType dword -Value 33 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'MinFreeConnections' -PropertyType dword -Value 256 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'RequireSecuritySignature' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name TcpTimedWaitDelay -PropertyType dword -Value 28 -force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo YES"
C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\speedtest.exe
dir\speedtest.exe --accept-license --accept-gdpr
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name InterfaceMetric -PropertyType dword -Value -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name InterfaceMetric -PropertyType dword -Value -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name InterfaceMetric -PropertyType dword -Value -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -Name 'TcpNumConnections' -PropertyType dword -Value 65534 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters' -Name MaxFreeTcbs -PropertyType dword -Value 46811 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider -Name Class -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider -Name LocalPriority -PropertyType dword -Value 4 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider -Name DnsPriority -PropertyType dword -Value 5 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider -Name HostsPriority -PropertyType dword -Value 6 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider -Name NetbtPriority -PropertyType dword -Value 7 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\NDIS\Parameters -Name RssBaseCpu -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\NDIS\Parameters -Name MaxNumRssCpus -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\NDIS\Parameters -Name AllowFlowControlUnderDebugger -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\NDIS\Parameters -Name ProcessorAffinityMask -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile' -Name NetworkThrottlingIndex -PropertyType dword -Value 4294967295 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile' -Name SystemResponsiveness -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name Affinity -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'Background Only' -PropertyType string -Value False -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name Priority -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'Scheduling Category' -PropertyType string -Value High -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'SFIO Priority' -PropertyType string -Value High -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'Latency Sensitive' -PropertyType string -Value True -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name NetworkThrottling -PropertyType dword -Value 4294967295 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'Clock Rate' -PropertyType dword -Value 10000 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games' -Name 'GPU Priority' -PropertyType dword -Value 8 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks' -Name 'Low Latency' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name Affinity -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'Background Only' -PropertyType string -Value False -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'Priority' -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'Scheduling Category' -PropertyType string -Value High -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'SFIO Priority' -PropertyType string -Value Normal -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'Latency Sensitive' -PropertyType string -Value True -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name NetworkThrottling -PropertyType dword -Value 4294967295 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'Clock Rate' -PropertyType dword -Value 10000 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency' -Name 'GPU Priority' -PropertyType dword -Value 8 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name Affinity -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'Background Only' -PropertyType string -Value False -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name Priority -PropertyType dword -Value 5 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'Scheduling Category' -PropertyType string -Value medium -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'SFIO Priority' -PropertyType string -Value Normal -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'Latency Sensitive' -PropertyType string -Value True -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name NetworkThrottling -PropertyType dword -Value 4294967295 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'Clock Rate' -PropertyType dword -Value 10000 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio' -Name 'GPU Priority' -PropertyType dword -Value 8 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name Affinity -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'Background Only' -PropertyType string -Value False -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name Priority -PropertyType dword -Value 6 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'Scheduling Category' -PropertyType string -Value medium -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'SFIO Priority' -PropertyType string -Value Normal -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'Latency Sensitive' -PropertyType string -Value True -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name NetworkThrottling -PropertyType dword -Value 4294967295 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'Clock Rate' -PropertyType dword -Value 10000 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio' -Name 'GPU Priority' -PropertyType dword -Value 8 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'PP_ThermalAutoThrottlingEnable' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'DalAllowDirectMemoryAccessTrig' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'DedicatedSegmentSize' -PropertyType dword -Value 6144 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'DalAllowDirectMemoryAccessTrig' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'PruningMode' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'MultiFunctionSupported' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'AllowSubscription' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'KMD_DeLagEnabled' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'VgaCompatible' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Video\*\*' 'MosquitoNoiseRemoval_NA' -PropertyType string -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name 'TcpDelAckTicks' -PropertyType dword -Value 0 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPAckFrequency' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPNoDelay' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name 'TcpDelAckTicks' -PropertyType dword -Value 0 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPAckFrequency' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPNoDelay' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name 'TcpDelAckTicks' -PropertyType dword -Value 0 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPAckFrequency' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name 'TCPNoDelay' -PropertyType dword -Value 1 -force"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\*"|New-ItemProperty -Name 'NameServer' -PropertyType String -Value '1.1.1.2,1.0.0.2' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\*"|New-ItemProperty -Name 'NameServer' -PropertyType String -Value '2606:4700:4700::1112,2606:4700:4700::1002' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\*"|New-ItemProperty -Name 'NameServer' -PropertyType String -Value '1.1.1.2,1.0.0.2' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel' -Name MaximumDpcQueueDepth -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name FeatureSettingsOverride -PropertyType dword -Value 1024 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name FeatureSettingsOverrideMask -PropertyType dword -Value 1024 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters' -Name 'EnablePrefetcher' -PropertyType dword -Value 0 -force
C:\Windows\system32\fsutil.exe
fsutil behavior set DisableDeleteNotify 0
C:\Windows\system32\fsutil.exe
fsutil behavior set DisableDeleteNotify NTFS 0
C:\Windows\system32\fsutil.exe
fsutil behavior set DisableDeleteNotify ReFS 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'NtfsDisableLastAccessUpdate' -PropertyType dword -Value 2147483651 -force
C:\Windows\system32\netsh.exe
netsh int tcp set security mpp=enable
C:\Windows\system32\netsh.exe
netsh int tcp set security profiles=enable
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\StorageManagement\SpacesSMP\ConnectedSubsystems\*' -Name 'CacheEnabled' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'ThirdLevelDataCache' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'PagedPoolSize' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'SystemPages' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching' -Name 'SearchOrderConfig' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Power' -Name 'HiberBootEnabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Power' -Name 'PowerThrottling' -force -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Power\PowerThrottling' -Name 'PowerThrottlingOff' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR' -Name 'Value' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\intelppm' -Name 'Start' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\intelpmax' -Name 'Start' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Power' -Name 'CsEnabled' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'NtfsMemoryUsage' -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Power' -Name 'Class1InitialUnparkCount' -PropertyType dword -Value 46 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems' -Name 'SharedSection' -PropertyType string -Value '2048,2048,2048' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\PriorityControl' -Name 'Win32PrioritySeparation' -PropertyType dword -Value 38 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\GraphicsDrivers' -Name 'HwSchMode' -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'ContentDeliveryAllowed' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'SubscribedContent-310093Enabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'SubscribedContent-338388Enabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'SubscribedContent-338389Enabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'SubscribedContent-88000326Enabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager' -Name 'SystemPaneSuggestionsEnabled' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\CrashControl' -Name 'AutoReboot' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device' -Name 'Education' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Education' -Name 'EnableEduThemes' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device' -Name 'Stickers' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\Stickers' -Name 'EnableStickers' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'DisableHologramCompositor' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'EnableAeroPeek' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'ColorPrevalence' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'EnableWindowColorization' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'ForceEffectMode' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'MaxD3DFeatureLevel' -PropertyType dword -Value 64 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\Dwm' -Name 'OneCoreNoDWMRawGameController' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize' -Name 'AppsUseLightTheme' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize' -Name 'SystemUsesLightTheme' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize' -Name 'ColorPrevalence' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize' -Name 'EnableTransparency' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Themes\History' -Name 'AutoColor' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\Control Panel\Desktop' -Name 'JPEGImportQuality' -PropertyType dword -Value 100 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\KernelVelocity' -Name 'DisableFGBoostDecay' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile' -Name 'NoLazyMode' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name 'NvCache' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\NvCache' -Name 'EnableNvCache' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\NvCache' -Name 'EnableSolidStateMode' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft' -Name 'MicrosoftEdge' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\MicrosoftEdge' -Name 'BrowserEmulation' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation' -Name 'MSCompatibilityMode' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\MicrosoftEdge' -Name 'Main' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\MicrosoftEdge\Main' -Name 'AllowPrelaunch' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Google\Chrome' -Name 'Main' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Google\Chrome\Main' -Name 'AllowPrelaunch' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Google\Chrome' -Name 'BrowserEmulation' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Google\Chrome\BrowserEmulation' -Name 'MSCompatibilityMode' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name 'App Management' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\App Management' -Name 'COMClassStore' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters' -Name 'EnableWsd' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy' -Name 'fMinimizeConnections' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows' -Name 'Wireless' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\Software\Policies\Microsoft\Windows\Wireless' -Name 'NetCost' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Wireless\NetCost' -Name 'Cost' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\Software\Policies\Microsoft\Windows\Network Connections' -Name 'Cost' -PropertyType dword -Value 1 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EMDMgmt' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt' -Name '*' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\*' -Name 'DeviceStatus' -PropertyType dword -Value 2 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\*' -Name 'WriteSpeedKBs' -PropertyType dword -Value 2048 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt\*' -Name 'SpeedReadKBs' -PropertyType dword -Value 2048 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows' -Name 'WindowsUpdate' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate' -Name 'ExcludeWUDriversInQualityUpdate' -PropertyType dword -Value 0 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Microsoft\Dfrg' -Name 'BootOptimizeFunction' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction' -Name 'Enable' -PropertyType string -Value N -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\Ndu' -Name 'Start' -PropertyType dword -Value 4 -force
C:\Windows\system32\powercfg.exe
powercfg -duplicatescheme e9a42b02-d5df-448d-aa00-03f14749eb61
C:\Windows\system32\powercfg.exe
powercfg -s e9a42b02-d5df-448d-aa00-03f14749eb61
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management' -Name 'IoPageLockLimit' -PropertyType dword -Value 11264 -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'TaskbarAnimations' -PropertyType dword -Value '1' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects' -Name 'VisualFXSetting' -PropertyType dword -Value '1' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -PropertyType dword -Value '0' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\GameBar' -Name 'AllowAutoGameMode' -PropertyType dword -Value '1' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\GameBar' -Name 'AutoGameModeEnabled' -PropertyType dword -Value '1' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows' -Name 'AppPrivacy' -ErrorAction SilentlyContinue
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy' -Name 'LetAppsRunInBackground' -PropertyType dword -Value '2' -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced' -Name 'HideFileExt' -PropertyType dword -Value '0' -force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo R"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -File "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\1.ps1"
C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /sagerun:99
C:\Users\Admin\AppData\Local\Temp\A11D255A-5413-44DC-8C3C-4DA29B5DA466\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\A11D255A-5413-44DC-8C3C-4DA29B5DA466\dismhost.exe {64220CCE-5FC3-4FCE-9E2E-54371DA629ED}
C:\Users\Admin\AppData\Local\Temp\28285E45-C057-4E08-A0F3-97D9B76085C7\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\28285E45-C057-4E08-A0F3-97D9B76085C7\dismhost.exe {30195DC9-27C6-4554-8030-DBAF367EE163}
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Windows\system32\lpksetup.exe
/s /r /u de-DE es-ES fr-FR it-IT ja-JP uk-UA de-DE es-ES fr-FR it-IT ja-JP uk-UA de-DE es-ES fr-FR it-IT ja-JP uk-UA
C:\Windows\system32\lpksetup.exe
"C:\Windows\system32\lpksetup.exe" -Embedding
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\Batch_HyperTweaks.bat
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe
"C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\Nsudo.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\1. Best Power Plan.bat"
C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest "https://cdn.discordapp.com/attachments/911089630051454977/911089843298271292/Main_Power_Plan.pow" -OutFile "C:\Users\Admin\AppData\Local\Temp\Main_Power_Plan.pow"
C:\Windows\system32\powercfg.exe
powercfg /d 44444444-4444-4444-4444-444444444448
C:\Windows\system32\powercfg.exe
powercfg -import "C:\Users\Admin\AppData\Local\Temp\Main_Power_Plan.pow" 44444444-4444-4444-4444-444444444448
C:\Windows\system32\powercfg.exe
powercfg -SETACTIVE "44444444-4444-4444-4444-444444444448"
C:\Windows\system32\powercfg.exe
powercfg /changename 44444444-4444-4444-4444-444444444448 "Full Power Plan" "Decrease Delay + FPS Stability"
C:\Windows\system32\powercfg.exe
powercfg /d 381b4222-f694-41f0-9685-ff5bb260df2e
C:\Windows\system32\powercfg.exe
powercfg /d 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
C:\Windows\system32\powercfg.exe
powercfg /d a1841308-3541-4fab-bc81-f71556f20b4a
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\2. Bloat Tracking.bat"
C:\Windows\system32\timeout.exe
timeout /t 2 /nobreak
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" /v "DiagnosticErrorText" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Strings" /v "DiagnosticErrorText" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Strings" /v "DiagnosticLinkText" /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\TabletPC" /v "PreventHandwritingDataSharing" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports" /v "PreventHandwritingErrorReports" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableInventory" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppCompat" /v "DisableUAR" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization" /v "NoLockScreenCamera" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AdvertisingInfo" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Input\TIPC" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\System" /v "AllowExperimentation" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Bluetooth" /v "AllowAdvertising" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Messaging" /v "AllowMessageSync" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{C1D23ACC-752B-43E5-8448-8D0E519CD6D6}" /v "Value" /t REG_SZ /d "Deny" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "Start_TrackProgs" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\ControlSet\Services\DiagTrack" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\ControlSet\Services\dmwappushservice" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\ControlSet\Control\WMI\Autologger\AutoLogger-Diagtrack-Listener" /v "Start" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\WMDRM" /v "DisableOnline" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\{A8804298-2D5F-42E3-9531-9C8C39EB29CE}" /v "Value" /t REG_SZ /d "Deny" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\DeviceAccess\Global\LooselyCoupled" /v "Value" /t REG_SZ /d "Deny" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CredUI" /v "DisablePasswordReveal" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Browser" /v "AllowAddressBarDropdown" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync" /v "SyncPolicy" /t REG_DWORD /d "5" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows" /v "Enabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowSearchToUseLocation" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "AllowCortana" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\Speech_OneCore\Preferences" /v "ModelDownloadAllowed" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\InputPersonalization\TrainedDataStore" /v "HarvestContacts" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\InputPersonalization" /v "RestrictImplicitTextCollection" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\InputPersonalization" /v "RestrictImplicitInkCollection" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Personalization\Settings" /v "AcceptedPrivacyPolicy" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableWindowsLocationProvider" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors" /v "DisableLocationScripting" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" /v "AllowTelemetry" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v "DODownloadMode" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization" /v "SystemSettingsDownloadMode" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Speech" /v "AllowSpeechModelUpdate" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DeferUpgrade" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DeferUpgradePeriod" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "DeferUpdatePeriod" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate" /v "AutoDownload" /t REG_DWORD /d "2" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v "NoAutoUpdate" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\ControlSet\Services\wuauserv" /v "Start" /t REG_DWORD /d "4" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\OneDrive" /v "PreventNetworkTrafficPreUserSignIn" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BingSearchEnabled" /t REG_DWORD /d "0" /f
C:\Windows\system32\timeout.exe
timeout /t 2 /nobreak
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\InputDelay files MASTER TWEAKS\3. Input Delay.bat"
C:\Windows\system32\timeout.exe
timeout /t 1 /nobreak
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Desktop" /v "MenuShowDelay" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "MouseSensitivity" /t REG_SZ /d "10" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "MouseSpeed" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "MouseThreshold1" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "MouseThreshold2" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "SmoothMouseXCurve" /t REG_BINARY /d "0000000000000000C0CC0C0000000000809919000000000040662600000000000033330000000000" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve" /t REG_BINARY /d "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdclass\Parameters" /v "KeyboardDataQueueSize" /t REG_DWORD /d "18" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\CurrentControlSet\Services\mouclass\Parameters" /v "MouseDataQueueSize" /t REG_DWORD /d "18" /f
C:\Windows\system32\reg.exe
Reg add "HKU\.DEFAULT\Control Panel\Keyboard" /v "KeyboardDelay" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKU\.DEFAULT\Control Panel\Keyboard" /v "KeyboardSpeed" /t REG_SZ /d "31" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl" /v "Win32PrioritySeparation" /t Reg_DWORD /d "40" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update" /v "ExcludeWUDriversInQualityUpdate" /t Reg_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update" /v "ExcludeWUDriversInQualityUpdate" /t Reg_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate" /v "value" /t Reg_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings" /v "ExcludeWUDriversInQualityUpdate" /t Reg_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "ExcludeWUDriversInQualityUpdate" /t Reg_DWORD /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "ColorPrevalence" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ControlAnimations" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows" /v "DefaultApplied" /t REG_SZ /d "1" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMAeroPeekEnabled" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DWMSaveThumbnailEnabled" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing" /v "DefaultApplied" /t REG_SZ /d "2" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ThumbnailsOrIcon" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\reg.exe
Reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation" /v "DefaultApplied" /t REG_SZ /d "0" /f
C:\Windows\system32\timeout.exe
timeout /t 3 /nobreak
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\HoneCtrl (2).bat"
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\reg.exe
reg add HKLM /F
C:\Windows\system32\reg.exe
reg add "HKLM\System\CurrentControlSet\Control\CrashControl" /v "DisplayParameters" /t REG_DWORD /d "1" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
C:\Windows\system32\reg.exe
reg add HKCU\CONSOLE /v VirtualTerminalLevel /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "Disclaimer"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Hone" /v "Disclaimer" /f
C:\Windows\system32\curl.exe
curl -g -L -# -o "C:\Users\Admin\AppData\Local\Temp\Updater.bat" "https://raw.githubusercontent.com/auraside/HoneCtrl/main/Files/HoneCtrlVer"
C:\Windows\system32\Dism.exe
dism /online /enable-feature /featurename:MicrosoftWindowsWMICore /NoRestart
C:\Users\Admin\AppData\Local\Temp\B9D02E18-26EC-470D-8EED-D11C48DAFE94\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\B9D02E18-26EC-470D-8EED-D11C48DAFE94\dismhost.exe {995D34A0-1230-4E84-9D0B-390EA59092AE}
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "SystemRestorePointCreationFrequency" /t REG_DWORD /d 0 /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Unrestricted -NoProfile Enable-ComputerRestore -Drive 'C:\', 'D:\', 'E:\', 'F:\', 'G:\'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -ExecutionPolicy Unrestricted -NoProfile Checkpoint-Computer -Description 'Hone Restore Point'
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c date /t
C:\Windows\system32\reg.exe
reg export HKCU C:\Hone\HoneRevert\10.16.2024\HKLM.reg /y
C:\Windows\system32\reg.exe
reg export HKCU C:\Hone\HoneRevert\10.16.2024\HKCU.reg /y
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\System32\choice.exe
C:\Windows\System32\choice.exe /c:1234567XD /n /m " Select a corresponding number to the options above > "
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe Update /Queue /Delay
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo [91mOFF "
C:\Windows\system32\find.exe
find "N/A"
C:\Windows\system32\curl.exe
curl -g -k -L -# -o "C:\Hone\Resources\HoneV2.pow" "https://github.com/auraside/HoneCtrl/raw/main/Files/HoneV2.pow"
C:\Windows\system32\powercfg.exe
powercfg /d 44444444-4444-4444-4444-444444444449
C:\Windows\system32\powercfg.exe
powercfg -import "C:\Hone\Resources\HoneV2.pow" 44444444-4444-4444-4444-444444444449
C:\Windows\system32\powercfg.exe
powercfg /changename 44444444-4444-4444-4444-444444444449 "Hone Ultimate Power Plan V2" "The Ultimate Power Plan to increase FPS, improve latency and reduce input lag."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get numberOfCores /value
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get numberOfCores /value
C:\Windows\system32\powercfg.exe
powercfg -setacvalueindex 44444444-4444-4444-4444-444444444449 sub_processor IDLEDISABLE 0
C:\Windows\system32\powercfg.exe
powercfg -setacvalueindex 44444444-4444-4444-4444-444444444449 sub_processor IDLEDISABLE 0
C:\Windows\system32\powercfg.exe
powercfg -setactive "44444444-4444-4444-4444-444444444449"
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB" /t REG_DWORD /d 5217772 /f
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo [91mOFF "
C:\Windows\system32\find.exe
find "N/A"
C:\Windows\system32\curl.exe
curl -g -k -L -# -o "C:\Hone\Resources\HoneV2.pow" "https://github.com/auraside/HoneCtrl/raw/main/Files/HoneV2.pow"
C:\Windows\system32\powercfg.exe
powercfg /d 44444444-4444-4444-4444-444444444449
C:\Windows\system32\powercfg.exe
powercfg -import "C:\Hone\Resources\HoneV2.pow" 44444444-4444-4444-4444-444444444449
C:\Windows\system32\powercfg.exe
powercfg /changename 44444444-4444-4444-4444-444444444449 "Hone Ultimate Power Plan V2" "The Ultimate Power Plan to increase FPS, improve latency and reduce input lag."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic cpu get numberOfCores /value
C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get numberOfCores /value
C:\Windows\system32\powercfg.exe
powercfg -setacvalueindex 44444444-4444-4444-4444-444444444449 sub_processor IDLEDISABLE 1
C:\Windows\system32\powercfg.exe
powercfg -setacvalueindex 44444444-4444-4444-4444-444444444449 sub_processor IDLEDISABLE 0
C:\Windows\system32\powercfg.exe
powercfg -setactive "44444444-4444-4444-4444-444444444449"
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass /t Reg_DWORD /d "4" /f
C:\Windows\system32\reg.exe
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority /t Reg_DWORD /d "3" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "NoLazyMode" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "AlwaysOn" /t REG_DWORD /d "1" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "NetworkThrottlingIndex" /t REG_DWORD /d "10" /f
C:\Windows\system32\reg.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "0" /f
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo [93mN/A "
C:\Windows\system32\find.exe
find "N/A"
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\sc.exe
sc config "STR" start= auto
C:\Windows\system32\net.exe
net start STR
C:\Windows\system32\curl.exe
curl -g -L -# -o "C:\Hone\Resources\SetTimerResolutionService.exe" "https://github.com/auraside/HoneCtrl/raw/main/Files/SetTimerResolutionService.exe"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start STR
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /i SetTimerResolutionService.exe
C:\Windows\system32\sc.exe
sc config "STR" start=auto
C:\Windows\system32\net.exe
net start STR
C:\Windows\system32\bcdedit.exe
bcdedit /set disabledynamictick yes
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 start STR
C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue useplatformclock
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic OS get buildnumber /value
C:\Windows\System32\Wbem\WMIC.exe
wmic OS get buildnumber /value
C:\Windows\system32\bcdedit.exe
bcdedit /set useplatformtick yes
C:\Windows\system32\mode.com
Mode 130,45
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic os get TotalVisibleMemorySize /value
C:\Windows\System32\Wbem\WMIC.exe
wmic os get TotalVisibleMemorySize /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control" /v "SvcHostSplitThresholdInKB"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NVTTweaks"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA" | findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}" /t REG_SZ /s /e /f "NVIDIA"
C:\Windows\system32\findstr.exe
findstr "HKEY"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableCudaContextPreemption"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "EnableCEPreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisablePreemptionOnS3S4"
C:\Windows\system32\find.exe
find "0x1"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "ComputePreemption"
C:\Windows\system32\find.exe
find "0x0"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v CpuPriorityClass
C:\Windows\system32\find.exe
find "0x4"
C:\Windows\system32\reg.exe
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csrss.exe\PerfOptions" /v IoPriority
C:\Windows\system32\find.exe
find "0x3"
C:\Windows\system32\powercfg.exe
powercfg /GetActiveScheme
C:\Windows\system32\find.exe
find "Hone"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AllGPUTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NpiTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "TCPIP"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "NvidiaTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MemoryTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "InternetTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "ServicesTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "DebloatTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "MitigationsTweaks"
C:\Windows\system32\reg.exe
reg query "HKCU\Software\Hone" /v "AffinityTweaks"
C:\Windows\system32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm" /v "DisableWriteCombining"
C:\Windows\system32\reg.exe
reg query "HKCU\Control Panel\Mouse" /v "SmoothMouseYCurve"
C:\Windows\system32\find.exe
find "0000000000000000000038000000000000007000000000000000A800000000000000E00000000000"
C:\Windows\system32\reg.exe
reg query "HKLM\SOFTWARE\Intel\GMM" /v "DedicatedSegmentSize"
C:\Windows\system32\find.exe
find "0x400"
C:\Windows\system32\sc.exe
sc query STR
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\system32\sc.exe
sc query HoneAudio
C:\Windows\system32\find.exe
find "RUNNING"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_Battery Get BatteryStatus
C:\Windows\system32\find.exe
find "1"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_VideoController get VideoProcessor /value
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GeForce"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "NVIDIA"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "RTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "GTX"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "AMD"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Ryzen"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "Intel"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo SeaBIOS VBE(C) 2011 "
C:\Windows\system32\find.exe
find "UHD"
C:\Windows\system32\reg.exe
reg add "HKCU\Software\Hone" /v "MSIModeTweaks" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported" /t REG_DWORD /d "1" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path win32_VideoController get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg delete "HKLM\System\CurrentControlSet\Enum\PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08\Device Parameters\Interrupt Management\Affinity Policy" /v "DevicePriority" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
C:\Windows\System32\Wbem\WMIC.exe
wmic path Win32_NetworkAdapter get PNPDeviceID
C:\Windows\system32\findstr.exe
findstr /L "VEN_"
C:\Windows\system32\reg.exe
reg add "HKLM\SYSTEM\CurrentControlSet\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18\Device Parameters\Interrupt Management\MessageSignaledInterruptProperties" /v "MSISupported" /t REG_DWORD /d "1" /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic path Win32_NetworkAdapter get PNPDeviceID | findstr /L "VEN_"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.speedtest.net | udp |
| US | 8.8.8.8:53 | cli.speedtest.net | udp |
| US | 104.17.107.111:443 | cli.speedtest.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk | udp |
| US | 8.8.8.8:53 | st-us.urfibre.co.uk | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com | udp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net | udp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net | tcp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk | tcp |
| GB | 45.92.46.45:8080 | speedtest-1.london.network.youfibre.com | tcp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk | udp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| US | 8.8.8.8:53 | speedtest.london.macarne.com | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net | tcp |
| GB | 45.92.46.45:8080 | speedtest-1.london.network.youfibre.com | tcp |
| US | 8.8.8.8:53 | speedtest-lon.retn.net | udp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk | tcp |
| US | 8.8.8.8:53 | st-1.fibrenest.net | udp |
| GB | 185.225.24.21:8080 | speedtest.london.macarne.com | tcp |
| GB | 185.82.8.1:8080 | speedtest-lon.retn.net | tcp |
| GB | 185.241.227.127:8080 | st-1.fibrenest.net | tcp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk | tcp |
| GB | 185.225.24.21:8080 | speedtest.london.macarne.com | tcp |
| GB | 185.241.227.127:8080 | st-1.fibrenest.net | tcp |
| GB | 185.82.8.1:8080 | speedtest-lon.retn.net | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | udp |
| US | 8.8.8.8:53 | 111.107.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.172.5.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.101.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.37.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.26.113.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.46.92.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.82.148.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.24.225.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.227.241.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.8.82.185.in-addr.arpa | udp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| GB | 185.5.172.99:8080 | st-us.urfibre.co.uk | tcp |
| US | 8.8.8.8:53 | results.speedtest.net | udp |
| US | 151.101.66.219:443 | results.speedtest.net | tcp |
| US | 8.8.8.8:53 | 219.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| AU | 1.1.1.2:53 | go.microsoft.com | udp |
| AU | 1.1.1.2:53 | 2.1.1.1.in-addr.arpa | udp |
| AU | 1.1.1.2:53 | 213.33.115.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:56266 | tcp | |
| N/A | 127.0.0.1:56304 | tcp | |
| AU | 1.1.1.2:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| AU | 1.1.1.2:53 | 233.134.159.162.in-addr.arpa | udp |
| AU | 1.1.1.2:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| AU | 1.1.1.2:53 | 133.110.199.185.in-addr.arpa | udp |
| AU | 1.1.1.2:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| AU | 1.1.1.2:53 | 215.156.26.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| AU | 1.1.1.2:53 | 23.149.64.172.in-addr.arpa | udp |
| AU | 1.1.1.2:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| AU | 1.1.1.2:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| AU | 1.1.1.2:53 | google.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| AU | 1.1.1.2:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| AU | 1.1.1.2:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| AU | 1.1.1.2:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| AU | 1.1.1.2:53 | google.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\{6F7889E3-6B84-4C9F-9360-845422673FC2}
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log
| MD5 | 5ee9b5ddf06bd1df9d98fbd25c2a3067 |
| SHA1 | 15c8df0898c1a58ecaef015428b4f9beb4469078 |
| SHA256 | 105f765aedf2cd40acbfa9a496b09f5821d4a611ae5b3f051c34da0a69f0863d |
| SHA512 | af99e7e8d8130636dfe1b233d3695e8c7761728c58dbf187195556bfb0b3c915c6a673ffaa7464e7f23d4445d4d0ce1b87e9af08a676eb6ba90c18a089edcbc4 |
C:\Users\Admin\AppData\Local\Temp\aria-debug-4060.log
| MD5 | 38732a41c3f4d615767aebf796db4f0f |
| SHA1 | db999ecd1ec00436a2019912a9fd6e8371c98724 |
| SHA256 | 4b9680b89a0d8b0f3d845bf46ca07a6acfbd956bf0158536437dc2b94df60c47 |
| SHA512 | 95f3305169f0a8449b1e1aa2828793191489675397b5d4dae9ee4c658b0bfc045006ea86e66f710e3e84a9c4cee93b92f0b29012d1b68b0b9f921a8224eeb9f4 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI33C5.txt
| MD5 | d09b1492c3fe562f3b7af66f5997005c |
| SHA1 | 889206472eae64f9dcc155228e0300fda11aaa3a |
| SHA256 | daa0b086aa5d5c3b170ffad331d8415ce2f4f569ebd006c63e4716cf2692d716 |
| SHA512 | 99d408bd4a5c464096aa6a781c3b29628991ee862936c811bc561a10a4fcde76d28afa50a218f375f0667440e1c2e8d06bf079e660642b6de5147df7781b2d7f |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI33A2.txt
| MD5 | 5df3e9633114539281686aa2ca08a9ad |
| SHA1 | 7c2a94d0accc285b2db35e35372f06b213807376 |
| SHA256 | 7d5045a57d8ad5a38846f377e6ed2c74040c50f44179995b36bd20fe59d4e4cd |
| SHA512 | 4f69a8932006c48feed8a3944e52cf64c11f1e338e2c1b6419a754eca6eaee625b7b42f806b2b8453df4acf6aa03d44a49fa480c80cc4135afc548d903f5bc76 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI33C5.txt
| MD5 | 3cf3cc7e008d33316e3da1710ec07e6c |
| SHA1 | d4e349d95cec3bf45a60b9a26ef9ed1b133bbdd1 |
| SHA256 | f3ffe69bd7cb444e25ed4fdd8a3dbe31ba00b1379b618144cc145f79edd2be1e |
| SHA512 | 3d07add65c5a82f924ad444f29187e32c973bda56aed628b8c1661f17f86e2c64f44786fb7950fb74f42d6639ef74bd8ea6a0a9d4a1cb2ad9ac0c939283d6474 |
C:\Users\Admin\AppData\Local\Temp\jawshtml.html
| MD5 | b2a4bc176e9f29b0c439ef9a53a62a1a |
| SHA1 | 1ae520cbbf7e14af867232784194366b3d1c3f34 |
| SHA256 | 7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73 |
| SHA512 | e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f |
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20241007_091130781.html
| MD5 | 1201c1382aacbd4ee63cfedd3533556d |
| SHA1 | 361943f8566e28d8016e70dbba356210e6f10f59 |
| SHA256 | 1db08bf34f330e68269272edf9effd4afdfe4f368cb2e3e74df699e204d1b9cb |
| SHA512 | 0685a24f8157aa82ab381390b61229222779856a7ec3a06fa65723a8955f47697fbcf64a5de9916638d2ebf798856c73194ffa0902bf781f0e2ddba0f9267057 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_002_dotnet_host_7.0.16_win_x64.msi.log
| MD5 | 744a395db6f792d43e420eb94eb68c6b |
| SHA1 | b3e40430e2f2bc42b48282e45987dd1b18b95c98 |
| SHA256 | 69f4152784be09607e78e19afc4bb0884f7ed5171189dfda101e6e1ab954cd54 |
| SHA512 | e0f15a09b40af1efd7b5ecd2f9291870bccda61afb4df374b8478f457f97c1e386bae69588d371754a32f33ac72e9824927a9237249f975ad269847751e17574 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_001_dotnet_hostfxr_7.0.16_win_x64.msi.log
| MD5 | 6be73104f84a8212e4bdbb0d8ee85232 |
| SHA1 | 941db52fca59de13df9a9104445b1832d35995c0 |
| SHA256 | 773558745ad737e44d5eb5a78eb9ebbbc8770f1694ba1f2c464d361cf2affb1d |
| SHA512 | 2cf35452018a839eebeed075344069506c79674d1052ff654f5ace171a3dc35f48078175a0cc8728e7beec6606721ef30c996824be6503e78ddac67f1a4c9274 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_000_dotnet_runtime_7.0.16_win_x64.msi.log
| MD5 | 57204580b3aa0f920d6e1379cc54fa6e |
| SHA1 | c7c7e1914bc9b6b1b65ccbc7ea8479934e905a23 |
| SHA256 | 32848344151f2356f8bef6aa9072e1f3958f7022ee510a1e391f926da701eb75 |
| SHA512 | ba79a716d5628cc171d3249bfccd19398d4e806e358db9c4766b83860256f864307e7a09ce3abb254f9aa9e90349ee53a17ba51ef35a87466286fcc8b979216b |
C:\Users\Admin\AppData\Local\Temp\OZMCVSQS-20241007-0916.log
| MD5 | 287c5dd73bda9d7890154432109b4dbf |
| SHA1 | 91a0eda4071f22e666e04a587a14ce4d67d7f746 |
| SHA256 | 1c63d1f5bf8b7d18f5765b4cd612138b43f545fabd9d0ec673dcfe90c669d0ca |
| SHA512 | f71246ea1797d0a6cfedf5a95e26f7a2042a8ca110309486b218bc987c8704f872da27b7a0b7a3c42feb6fbd2b5839a508575ea127b31caeea583c3c7e7d0026 |
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log
| MD5 | b60ae3733804e7a4ce870ca0139bbf9d |
| SHA1 | 3a81e954b749bcdef465be956f3da6b48dbbff2c |
| SHA256 | c59be950f4b5b63e650db9e5d1a526f28bb63d6aeb777c466ab5f62e511165bf |
| SHA512 | 7b229340c8479d83c389cdd878107ec0d2c46621ebc23740c1f52a0c3a84ddc8ad83d71674ac3ad243ca1fa74103ae69821640dd138041a8d9bcabebd0b162e3 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_003_windowsdesktop_runtime_8.0.2_win_x64.msi.log
| MD5 | 13ee3257848c32360456e01c9db4a0f7 |
| SHA1 | 7750e6571ecfcf643e2a1730cfea3b47faf413fc |
| SHA256 | 9c79109704fbc3d2a53b098fcd5d2780b7be8e46b946f4d76224dcdee1c1221d |
| SHA512 | 59142e85b4ee0b751d6af2137050ec948a6836129879484c05ab583f3b0944419509b7bb4f981b6629566e09067b78c5100bee8db7f5000fd7b8976aceffbb5c |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_002_dotnet_host_8.0.2_win_x64.msi.log
| MD5 | 99efe5350d065aec57686ba29ffcac78 |
| SHA1 | dfd628ca686cd3ad9644bcc8979555f7fe267903 |
| SHA256 | 54a54950e536740a8fb09866c394e7b361904e1b7aa6d6752cc9a483e0af8f4b |
| SHA512 | 70b4a7bfe48c45421bca36d7c180a0b1f4f8874d268ade4498ddc1464b87937966097e4db1b2074ce079b0f5952c54b136a194c066915d45f02aa99fccbb6bb1 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_001_dotnet_hostfxr_8.0.2_win_x64.msi.log
| MD5 | baf20b0ec4bdc37fbe52b26f8413f48f |
| SHA1 | ae7f910d954d496f3792763b0625fee59fb0565b |
| SHA256 | 444115bba6b4234b0bf310349ff0e14b78169b7977ec30539b1587874a305ed0 |
| SHA512 | 668addedb896dbb597aba54f6f9e8481f8a9e07c6a5e3588f0d02b1d3600ec782ad1f20cee79f682d0deb6f806d19035a696d7784f2ee6685c7ed3cbd775550c |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315_000_dotnet_runtime_8.0.2_win_x64.msi.log
| MD5 | 3a55f3289385ad9b6908e4850c3bf5ab |
| SHA1 | c578218d05c93bea6cbe9e49e210913d4153e3ee |
| SHA256 | 459211eb7284e59a0805130b0674da8eab614c03af8d82e1652d2826e610166d |
| SHA512 | d0ec3d95d6df88369d75f5efc75c6130d98dcc0262cd07ef3da35864f46ee9a3fcd00743b8749060461e1fe0d568c448a9047620fc7c9879d4d3a36342200da4 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20241007091315.log
| MD5 | 7bff72ecf080445d4e9c89145c26cd01 |
| SHA1 | a222ed03fe115d562992f0a32f442f8e163a96b3 |
| SHA256 | 90bbfee80790a0e2315a13674219c98f13b00d5e1c9977d5ab41bfa98692f161 |
| SHA512 | c0ab40dbc7b8193656c73c63f614af383b8de8e949ffba0f5ffec01d7cb07f1dc0f3699396608b199b15b298dd91c8ffaeaa96a99d03fa904986d534e5c42c4a |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log
| MD5 | 55355b8d53439cdc9c25ccba97155336 |
| SHA1 | 2d3a96f70cceb244fb399ae166c1c4c18e9d7ee7 |
| SHA256 | 8c1d64bb2609496f0e38d1af6a87d600f132fd842fc14fe94cad6b020241dc41 |
| SHA512 | dd7e0b2cb5f03f05f1787a33ec5bbaccdc4330a592795cff3e26b9b39a497da0757761ded45c87d0b84b86625a3cbd66c1b1d8e588fbb7a173881447aff74e2d |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20241007091250.log
| MD5 | 84e37d7e3dffaf58b171868c098d37fe |
| SHA1 | 901e07aae490eb13c7b19f6e9a5bf584137265f8 |
| SHA256 | 957c2938d87f10370ca745a31d5eba110b9e91ac532118822ba2756e1ff144c7 |
| SHA512 | 872283c9f5765c1dbe26169070328f1eb2ce4e790d9cc56cf18ae3199edc1d620e912486593e5d2f60b05e70e002beaa319d73b690e7a46c83bdf2ee867b73ae |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_003_windowsdesktop_runtime_6.0.27_win_x64.msi.log
| MD5 | 4f2295faefdc8f9e4415360f980013c9 |
| SHA1 | 57ae30a1de806964db2e92f96ad4d922ce18c0dd |
| SHA256 | c30ccc813360c0c10d2c70e5db92dd1e5ea7d925ae6660b90b313e2787182b62 |
| SHA512 | 4358083c973d413d53a064d89ed5ab2655d6bbb9f26455e7c34decbb6c2851c4a2d0a6aa11dd0a6b0e656e6cd471f1ad2bc360350a50418f23216a07dc82e363 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_002_dotnet_host_6.0.27_win_x64.msi.log
| MD5 | a0d7204ab73b425affe68398dd81e8a0 |
| SHA1 | 803f27589dda92a2d7e4c76a5be4e137fb9045d4 |
| SHA256 | 8a6d754daa6288e5cf229a9f4a7cce63309127f05dfa181f1c49091e82543d7a |
| SHA512 | d5b8da8d10d879d649b4c9ec176ccb6b4a6adc0b2ca9423fb22ab7f7a1149a36a149f637b43996ed5f61a99615a3a38456ab1071a519d22eded904a73ae48892 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_001_dotnet_hostfxr_6.0.27_win_x64.msi.log
| MD5 | 95e9b5bf8e83327654976121a264b154 |
| SHA1 | bd029d9ced8e5db7b5fbb062aa20dd09bc3de2f5 |
| SHA256 | f70cb8da0206545e7babaf09ac2adb2d50ca211d14398e89cd5277857e71cce4 |
| SHA512 | a2160161b145c0033116b5439aaf612b595ea93a3c69c5f57ea6d043baa2e509239ef4540bfd6347fda9281eb5f73fcd32a609a45cc86e69a47ffea1136d0c16 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210_000_dotnet_runtime_6.0.27_win_x64.msi.log
| MD5 | f842f95dde3d59133bada8bcb621a414 |
| SHA1 | a4a5fd59ae7b114db4b7cdb64411ff53b20b2a7c |
| SHA256 | 3a7f3c7434f1057b0f23c841a4d099e23902c9a1dfe024f065fdb61527ca67d9 |
| SHA512 | a91c785d3d7ba0ba4e49e05b970839731adc6f34ddae512dea9efc7346bc6370fb46d88e256bc1e0a41128a0493b8e9236164d043703cce6e6f77c7f7c0e3a25 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20241007091210.log
| MD5 | ef4506c86855b62873c776fe435d1952 |
| SHA1 | c0efa8e0d64d41426adce2820773b9a04e38425b |
| SHA256 | ebb88c00cae2f06d2e4197cf50ff787c3d1db762799abd3c32f59c9e68b84ca5 |
| SHA512 | ec6ebb48c503e2a4c58e6d88aa03b0bf0d3dd6ea9703f87c4e4d6b4a5037564ccdcc5f50d0a50d00732a0cd1b7e15a96bea66567897621f289a530af84e0c7f4 |
C:\Users\Admin\AppData\Local\Temp\mapping.csv
| MD5 | d3186aada63877a1fe1c2ed4b2e2b77d |
| SHA1 | f66d9307be6cbbb22941c724d2cf6954b41d7bb0 |
| SHA256 | 2684d360ec473113d922a2738c5c6f6702975e6ac7ee4023258a12ed26c9fefe |
| SHA512 | c94e8aa368a44f1df9f0318ca266f5a6a9140945d55a579dee2fd10aff3d4704a72a216718b35e44429012d68c2bb30a92d5179fbc9fb4b222456a017d8981c0 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 521ef8aa8443058125963c0f4f3ed379 |
| SHA1 | 0baff68e773dc3fe8ed4d1e9ae3dbda93a379c8c |
| SHA256 | 52e778b97cf6ac986e563b5649752251ccff73b47811069e35fac7213e63fe69 |
| SHA512 | ac8e7c34a0a98c14334c12db40767d2e34d78410a9625169b80a601cb3bcc744d4a700885165baa4774f179a15de4655ae593c22941e98437f3721985b54f978 |
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log
| MD5 | e39c631e7947590af8a2e471cd34fbe3 |
| SHA1 | 20f9ad3ed13928df7a955bdf28421c365fbc66cf |
| SHA256 | 59713539e8061a03a339cd37a3f59423167e2a965025dcac01e1ed8f44afbb7a |
| SHA512 | 834e6522f2548c179310bfb9c7caf867e7829bb15fdf69f8f7979e5ec969d5b8c1d675eeb895fa0af3b5664b587437f8f6e1897f1516dcc19864a8cc77942b30 |
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI33A2.txt
| MD5 | 4c05fd5fa1f6a05f88ed91fea900dece |
| SHA1 | 6dd2b7a9584bf46033f7431926c48fd0582b22cf |
| SHA256 | 5edcee74663f1df3adb0aa1dcd0fb43678235c2232d195ff1af8360f2507d56f |
| SHA512 | 2048da8fc7256804756447a6f19724eb66f9dc1b6aca166806cb9d5fde611d0e2b038102a516d77006e1e2d4380144a67640501046680ac86c94757249e05875 |
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt
| MD5 | 5bca0bbafddd6451be71d63e9905dd40 |
| SHA1 | 9ff68bf6591297febd1466e9fdcaf2fe564532b7 |
| SHA256 | 83a6a57b1f871d6db13cc8b3b5bd3fb70470751c8db0e69a28c08573316b1a41 |
| SHA512 | 34fbedf47491fe241b5afa36115cd78badcd759acda7d57918dfedeb533841ec1df1a8f05cc12d37a2cca3b4092480f063acee78160d42e461c98ae871a14012 |
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 343f49cb23b8058f91b85a6efdbdc17e |
| SHA1 | a5c165a04af960c73ac716d42e86937e18ceabec |
| SHA256 | f571cc9a1d76ad164d569c9dfc8ef00f217b2f7abae2417dc182edc42d551526 |
| SHA512 | 3851dc525931b835d87dcfd86d324e90ca3c4bbbdca78c16de6fbe1876edb49d720b9c245f70eaeea7e508c3d4558d43f7c7eaf6d947bf41cb0cdbb6e6258f99 |
C:\Users\Admin\AppData\Local\Temp\OZMCVSQS-20241007-0917.log
| MD5 | 5100f38ebd8d268da16f8004de41b9c4 |
| SHA1 | 265fc79b124cb41cd90e4e29cc305d99638d5399 |
| SHA256 | 511aabb3623b7c295df9cbb8c961e64da1c6fd3cc9ebddebae25a8b9d6471d42 |
| SHA512 | 2700f07feadff1474f8c6541612bc8f2fb0f1be8cf36db01c3b63032e00645df74e3cda00e8155d77d8a9eaecd04c53e99e42af34b3ac52c79fd6188ce04e473 |
C:\Users\Admin\AppData\Local\Temp\wct1FE.tmp
| MD5 | e516a60bc980095e8d156b1a99ab5eee |
| SHA1 | 238e243ffc12d4e012fd020c9822703109b987f6 |
| SHA256 | 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7 |
| SHA512 | 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58 |
C:\Users\Admin\AppData\Local\Temp\wctCB2F.tmp
| MD5 | fb4aa59c92c9b3263eb07e07b91568b5 |
| SHA1 | 6071a3e3c4338b90d892a8416b6a92fbfe25bb67 |
| SHA256 | e70e80dbbc9baba7ddcee70eda1bb8d0e6612dfb1d93827fe7b594a59f3b48b9 |
| SHA512 | 60aabbe2fd24c04c33e7892eab64f24f8c335a0dd9822eb01adc5459e850769fc200078c5ccee96c1f2013173bc41f5a2023def3f5fe36e380963db034924ace |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 2ec296d4a17cec745ba7f70b985fbc66 |
| SHA1 | 1405969855042c7c68a41ef2d4900650621464c7 |
| SHA256 | 8a84185e45a2bd96b911873e441629169ba8614d56b8697d6e35d91fef6f5137 |
| SHA512 | 6bf238d63aa326cfc949c39802b7c7e25b3d2313eebf339d0a2d330a8bc8be44aae60eaae650094b3d1ba9e23b35d0b514286b7a75f8933644efa3b1ad2cf3b5 |
C:\Users\Admin\AppData\Local\Temp\Optimize_MasterPack (1).zip
| MD5 | 089656f2ef4c33055517f63e3b75457d |
| SHA1 | c112a5ce4c26150a010aa3d4f391f5176b18e673 |
| SHA256 | d0c09d6aeb8c991479bc825f9b45a04d9ba75fedf09dc57237e21467af3f31a3 |
| SHA512 | f898a22531bbe4e3d797fb522edb0c99f69395f480f781829b6648a56b700baabf00dd9d04208d277b48aff89b34b7ded440b49f58ce075484f055dde03a566c |
C:\Windows\Temp\amc5D23.tmp
| MD5 | 3f1b295419cec5ace20da66662f79441 |
| SHA1 | e469d60484a4b9d587cdb78b581b7d942b537231 |
| SHA256 | f25bfc11c8cffd5826575bf2021655900a2e4554640841a3dc2d0fa3938594f3 |
| SHA512 | b3d3aa00ea40151f5d90d3770f5b668738d7600980af62c8763ac81ac6ab51348a0c3aaf0a7f5f6749ba39f7b7a81b485629be062f5af6899976aca4d666846a |
C:\Windows\Temp\amc8C32.tmp
| MD5 | 2bdb71d590b6793f87ff451e36763f35 |
| SHA1 | 65151e9f92ac5160d2c7dd8edf0e57aa0a9117cd |
| SHA256 | 674ee078e21a65ecdf9274c2556e70c8ba9a71eeb5f196a92b692486c431faf1 |
| SHA512 | 8769080752c5c0b44fa11066670b492eae8e05d1c09ef288ac0be2658ff468ef5b6a25f91e163c0ad3f84e123b023c20fb3ee30b1a574f497a39f868a67de80c |
C:\Windows\Temp\ASPNETSetup_00000.log
| MD5 | 5a39a4bdda4d2dfc5ba6eb29a6494c86 |
| SHA1 | 018a648235a11ab8fa8ff464fb6918579d0e93f3 |
| SHA256 | 92d374da4e1eeaa5524b2f06f5f45a82c43cd31a8b4ec5545399efddf19d6659 |
| SHA512 | d1e8dde19cbf65da274b3cbc91aee68bef92e2b0f5264edbd56c49fb1903102f92783c7d1ff80c028fb5a90d83dd36ccc75550d9f5a377a1977dc78b5f145d7e |
C:\Windows\Temp\ASPNETSetup_00001.log
| MD5 | 01439d6fedd8e7e26ac865073ae96342 |
| SHA1 | 5825413d4998dd815a6b364a8fcbc273aeb8dd42 |
| SHA256 | c0e0ecb68c2a8876c2c1068c4e64e6afd16a06ad98b1364128225374b92c725a |
| SHA512 | f33a0e7f8628e330216e57d5daabd19a01a86f1dd02b428b4e10bcdbfc38d0fba8bc527a74bc1e78ae95910985a01a3b2aa4954bbb970deb19bdbf791a272f95 |
C:\Windows\Temp\msedge_installer.log
| MD5 | 5104f6fe16742cf165dd69bc46190a7a |
| SHA1 | 6cde4d21dbf927c81c1c58a661c0e55d105becc9 |
| SHA256 | 9b96fe40b4b4be6152c836d557073232defced1eaa5a7187365a78d877ef2264 |
| SHA512 | 400de55ed2b7c1981c80ecf000fe466e9d47b852d5536a47c772d1eb373b4127f7bdc55363fed499a43d9566cc1f56dd0587449527a60843ec1dac5d8cd6bf7d |
C:\Windows\Temp\OZMCVSQS-20241007-0917.log
| MD5 | d60459184738cf8c62d1cca1254d4635 |
| SHA1 | ad6a46198796fc2e46662e5ff33df540386c92b4 |
| SHA256 | bb0ecbb072833ff1ef9e677aa84d6c314b68e9a9d79d3e0f5cf0b396ca46245d |
| SHA512 | 0bfb3b3c8bb54b843dd3039e50485a8619a4e6830659b971f7ba6226c44c29d22a6995ae9d074d6bdbdad5af5b21f00005ae04fedaa7ea39e8139c2c64596320 |
C:\Windows\Temp\OZMCVSQS-20241007-0917a.log
| MD5 | fe095dbbca579bb25a15d1263576e74a |
| SHA1 | 26ec68464f240ec531c7c4f189d579513b148211 |
| SHA256 | 924df74d9ee3243754eb891f998b86292ae80422b521f4dfff7664556f22629b |
| SHA512 | ecc9938d684aaf726757fb4cc569eda87571eaf998c02e7eb3ead87056e662253e83fb894d60bcd07d66f2126cab8886bf56ce1f281247a0f0dfa8ad0e8ac68c |
C:\Windows\Logs\DISM\dism.log
| MD5 | 82f2e2303213ec5e81c7ebd737dcea59 |
| SHA1 | b5d9f4ea3d94e72521204731fb4889d81c95cf9d |
| SHA256 | 9e1ed449f059ae828ee681444596abb4e6150b4eb92228a1c7333b237221feff |
| SHA512 | 8491138acd9fd04f4c115ec96da44caa74da80d3f1500255a5d429b336415ffc9dd485156ceffa9087acc5b77be313821515c673fd2f828c934dfe4bcab6b21b |
C:\Users\Admin\AppData\Local\Temp\REG4D08.tmp
| MD5 | 44eae2e1ca82257148331b1c7de12776 |
| SHA1 | 4affa67de37a685dd8dd7e561ba488235db4a0db |
| SHA256 | 3cb2d291d01a1adc79e3b597b5f13d6cb902e25eb353495ab0035b5c813e82aa |
| SHA512 | 8ceef73710f0bd5bab730a925f7cffbfc8419592783e2c416040ebf45747a4e4e9811082f016ddd765281acc416791f9543975307a091fd6207fc416908f1544 |
memory/2724-532-0x000001D660900000-0x000001D660922000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kbwtqlfp.vx5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 421272b37c814e58cb34e84c4bf621f8 |
| SHA1 | 3b24c81d08fe0ebae60ee8d9fd7ab9421dc74057 |
| SHA256 | 376f1abfb8caf7f74363a99e71fa5be80a3b9cd2cd394eda98f12364f198a075 |
| SHA512 | 0d4a06a52fd46165d1296438550341bf25068cb9e58696096fe89f1adb70c52bb8752ea178453a82e963967215b50b22d6a8333e3074cb5cbf56ff6524df1f89 |
C:\Users\Admin\Desktop\HYPER TWEAKS MASTER PACK\GOD Windows tweaks\dir\speedtest.exe
| MD5 | 90e29c4098418f00a7e45202be3bedd6 |
| SHA1 | 38042feb636b72278f1a18468eb32dfac86eb7c2 |
| SHA256 | cddff2d790bb119ff2f2e5d3bfc0c01b766012906034fb1f6ac924f794e08ef8 |
| SHA512 | 7ce4d35802908dafa57eec4b5443a91c664a967124d9e93c18062f6441fcde2657c9c4404bfed099ff4a28392a9283cb746cc0b808fdf511a0ab0535a2ef68ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 5252f41d72d770eb05d3fdbff9ab014d |
| SHA1 | e4205a4bbd8118eb233db4b22bb950b7e77eef9a |
| SHA256 | 2a9a9f45270e7645d5707fea25d1ed10c1c951cd6c404c42103d3d7b9d748894 |
| SHA512 | bebcd4624c1bb59e485b503f33d9a19fa7476c5c742865817a14205fe9bcf4ba945b14aff6dd9582d831c5e13dc4c72338fdc557f190940cdf89f94e3f2a9d18 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ef8d68fd9a3434fd858731ec9962ad8b |
| SHA1 | 87d87e1dc093a735aa8a2039f4030aec4fc03f2b |
| SHA256 | 96c081de2cf2a981f2363bf842cfef5a2b7eb8a308a4583fa7e32683a97b633c |
| SHA512 | 7844e83f1bb9f25cce64ea9f08d35b76cf874dd0ecd09994ee1b6509b3e1713c54cdb23b895d1ab801e309fb8322de594ca09211c5b4ec15e65b36af4b878171 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 38f0f14cc7ca72ad51216866e66efb4e |
| SHA1 | 34ed0f47a4aaa95e786ca9f125b0341b38bfb9be |
| SHA256 | 668820fc659c9d229d32731ead41381eca0e5fb57232bbd3ef0118f5a21fc501 |
| SHA512 | 4a7d00c585784cf1aec6ed82d8c78542d2db3b9da30d8db20680a1ee9fd45b697207fbd459557336f2166d8b6ac17016f9e71c61ad351f2915bb163c8ed2b73a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b06c8d228bdff8efdc654f58eafe9bbc |
| SHA1 | b0c912e59212b91d23c9e9da2db607b7fcf33434 |
| SHA256 | 147267d143125c6a7c55dca67360071593b4e7a2bd560e0f141c67cdeacb7bfa |
| SHA512 | a857cd2253069fc13b969454e7fa8f6041cb519b0537c9562b66568151caaa6c7b98382d727ade1b6212457cc6bd1546b5964f9c129a8d284949408f44cd6bd2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4038d87c6db70816d023bb7f5bcc3b1f |
| SHA1 | 0229aeadca420634cb8ce3442ec736657448624b |
| SHA256 | fe8249cede9bc47f1adf9ed77b8b72253c838d8b829e14ed4ad91a5ba34000c0 |
| SHA512 | 7e0e76f4564d31837b04c10f63f3762f717d1fce46d365c93fb45916de08d12369cc722af410583c326e092b2a2e9a8c9cb6cc2ba3bf25b9fb27d86635c5b1b5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4f20d08b4d384a799006badf6f2e8955 |
| SHA1 | c6a2b0e3bc13119209391ba14712a127ce253c31 |
| SHA256 | 09308b44f3a0de5c80c32424f1eee2f2bafe0bdf9258632609bc3224facc582b |
| SHA512 | bfa9c8132ca12b6588a533bb1acca7a4bdefefeea9e1f15e65700ed92557c9b48bfe63d2671e09e8badbbd6fd1c8568007b79107b0128667c13fa56687897983 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e13ff48284eb3f92e53f2db66826b4d1 |
| SHA1 | c5907ae52e397939b6841e108b1ec828dd32d072 |
| SHA256 | c77c23ac5e4f7492762d18c1010a91b5511a99e315d0daa3f17a86971b743b0a |
| SHA512 | 54f7ad3ef32c0e6f3374d3047b08fb8daeb5922ee5f4cc6138f8152574cc4596e04001df93d37e83af28f7f387af1c47868be31b4227d6d5e3bb096317cfadc9 |
memory/4208-2655-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2654-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2653-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2660-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2665-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2664-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2663-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2662-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2661-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
memory/4208-2659-0x000001A4200E0000-0x000001A4200E1000-memory.dmp
C:\Windows\System32\LogFiles\setupcln\diagerr.xml
| MD5 | d78f5612d45dad81a6c7f58e77eaee79 |
| SHA1 | 451e2fd98616cf47fd573ada090d31c094d3edde |
| SHA256 | 7c27410fc5d014e10bdaddf4a2bbfe960e4567c33646e2b3a53bab592f766b3e |
| SHA512 | da0d0099c5fb7fe0d2e2a07a86fca8a64e6887bf87efce702703fc7b696f62d84fc5401b5ffd964da16b8b8a0f037fcb05537db0c3b84fe1d6703ae1510377c1 |
C:\Windows\System32\LogFiles\setupcln\setupact.log
| MD5 | 7cf4be309358017a0aa256ba5e04951c |
| SHA1 | 1750a9261c1df4168b40d155ec20d03170720bac |
| SHA256 | f85d5a0e634326a8483c93d4af8797f8445a24fa4aba353b66fd7a84dd82acee |
| SHA512 | aba99a66880312d1340ae8be36d0e99e79f7e7e7bbc9dc342bf55a60dd34e4b91eae53481cd872472e7e22b5e9574de13bf27d0feacf749a66e38c2311f023dc |
C:\Windows\System32\LogFiles\setupcln\diagwrn.xml
| MD5 | 692ca5ebc9e0cef0a8d0be4df7400cee |
| SHA1 | f63dada2e5f7a1d786c93bc3d757642d93b24b59 |
| SHA256 | a378a154cfbf27b8471462c657f28a11fee70fd33593ac09ee216c642b26b3aa |
| SHA512 | 429b2eba8b421f3bae504ebe94da0ea9e662e5256d16301f46a4590f915b381cbc67b86c2beba391600b5f512412f1dcd9bdefc363b4c63dc7136022fa0f45bb |
C:\Users\Admin\AppData\Local\Temp\A11D255A-5413-44DC-8C3C-4DA29B5DA466\DismHost.exe
| MD5 | e5d5e9c1f65b8ec7aa5b7f1b1acdd731 |
| SHA1 | dbb14dcda6502ab1d23a7c77d405dafbcbeb439e |
| SHA256 | e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80 |
| SHA512 | 7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc |
C:\Windows\System32\LogFiles\setupcln\setuperr.log
| MD5 | 45c0d4ca5fa80f950e03b78e694e7e0c |
| SHA1 | e927b44da28f1bb79173a4eebbf65f5091d07eb7 |
| SHA256 | e2ef13577130d13aeb8d57dcbc33689b40683c223d6155dcbc68de2fbe7aebea |
| SHA512 | f86f36497bdc3b5e69622f558de62d66d00e4e16aa084796a35c503effb203b7be6e983e54ce5c848fa2b39fa0dcd30be3ed96311825cac78498779fae023ffe |
memory/1500-3518-0x000001FD9F2C0000-0x000001FD9FA66000-memory.dmp
memory/1500-3521-0x000002059FA70000-0x00000205A01C7000-memory.dmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | 1ace3d10dc42b54e56bd5121d5bda4f8 |
| SHA1 | 925ab290eef1a671097ca98ad76d930ad1f9dc98 |
| SHA256 | c6d71278c07e6f5082e24ffe051d9e6b3b4beaec8a0cd2a798248120dbe1e19a |
| SHA512 | ae19736d752c5f5896ab8e971d87b5a61cdee9e6e3cc5afd8cc13af8782b9e7aa143b4afb608d30b16656967ace7b3058977743e74a8c2e79793e6fae6467c8d |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | 73706e515d7260c630cafa5bc4c3d015 |
| SHA1 | b46efc72197a10cae6208c812b3d07fb4a01d7dc |
| SHA256 | bf33abdc15c08147f1eded39730b3603fdd143670e5a5cb3067366d4018b7348 |
| SHA512 | 887424c77559f9ca7db4b7621dacd4bda3dcb95791b9ca9ed89aafe8d90bec0196cde28b56af86a933d48da87cb59ea0b405afda9ab59809a5ea2784b1f117da |
memory/3416-3770-0x0000000000B50000-0x0000000000B5C000-memory.dmp
memory/3416-3771-0x0000000001580000-0x000000000159A000-memory.dmp
C:\Hone\Resources\REAL.exe
| MD5 | 9163ae6ca02036f729ce2b9c9bc6f020 |
| SHA1 | 00bbdd73ba96bca976f030c21a3828d629bd34bb |
| SHA256 | 706e7f250a130fc8381d3a984928dac30e1a49186e63b3383694b8b6fc532025 |
| SHA512 | e60f5e56d9bf6761cb1a3dca69c968e37933846db28fde454bdbf26b968a42020e69e567e3db8ab17aac530e30e0a51ed881ec685d102abffabccaa5f01eb522 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\AppxProvider.dll
| MD5 | a7927846f2bd5e6ab6159fbe762990b1 |
| SHA1 | 8e3b40c0783cc88765bbc02ccc781960e4592f3f |
| SHA256 | 913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f |
| SHA512 | 1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\AssocProvider.dll
| MD5 | 94dc379aa020d365ea5a32c4fab7f6a3 |
| SHA1 | 7270573fd7df3f3c996a772f85915e5982ad30a1 |
| SHA256 | dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907 |
| SHA512 | 998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\DismCorePS.dll
| MD5 | a033f16836d6f8acbe3b27b614b51453 |
| SHA1 | 716297072897aea3ec985640793d2cdcbf996cf9 |
| SHA256 | e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e |
| SHA512 | ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\DismCore.dll
| MD5 | b1f793773dc727b4af1648d6d61f5602 |
| SHA1 | be7ed4e121c39989f2fb343558171ef8b5f7af68 |
| SHA256 | af7f342adf5b533ea6978b68064f39bfb1e4ad3b572ae1b7f2287f5533334d4e |
| SHA512 | 66a92bff5869a56a7931d7ed9881d79c22ba741c55fb42c11364f037e1ec99902db2679b67a7e60cbf760740d5b47dcf1a6dcfae5ad6711a0bd7f086cc054eed |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\CbsProvider.dll
| MD5 | 6ad0376a375e747e66f29fb7877da7d0 |
| SHA1 | a0de5966453ff2c899f00f165bbff50214b5ea39 |
| SHA256 | 4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f |
| SHA512 | 8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\DismProv.dll
| MD5 | 490be3119ea17fa29329e77b7e416e80 |
| SHA1 | c71191c3415c98b7d9c9bbcf1005ce6a813221da |
| SHA256 | ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a |
| SHA512 | 6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\DismProv.dll.mui
| MD5 | 7d06108999cc83eb3a23eadcebb547a5 |
| SHA1 | 200866d87a490d17f6f8b17b26225afeb6d39446 |
| SHA256 | cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311 |
| SHA512 | 9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\DismCore.dll.mui
| MD5 | 7a15f6e845f0679de593c5896fe171f9 |
| SHA1 | 0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4 |
| SHA256 | f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419 |
| SHA512 | 5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\CbsProvider.dll.mui
| MD5 | 6c51a3187d2464c48cc8550b141e25c5 |
| SHA1 | a42e5ae0a3090b5ab4376058e506b111405d5508 |
| SHA256 | d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199 |
| SHA512 | 87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\AssocProvider.dll.mui
| MD5 | 8833761572f0964bdc1bea6e1667f458 |
| SHA1 | 166260a12c3399a9aa298932862569756b4ecc45 |
| SHA256 | b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5 |
| SHA512 | 2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\AppxProvider.dll.mui
| MD5 | bd0dd9c5a602cb0ad7eabc16b3c1abfc |
| SHA1 | cede6e6a55d972c22da4bc9e0389759690e6b37f |
| SHA256 | 8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3 |
| SHA512 | 86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\DmiProvider.dll
| MD5 | ea8488990b95ce4ef6b4e210e0d963b2 |
| SHA1 | cd8bf723aa9690b8ca9a0215321e8148626a27d1 |
| SHA256 | 04f851b9d5e58ed002ad768bdcc475f22905fb1dab8341e9b3128df6eaa25b98 |
| SHA512 | 56562131cbe5f0ea5a2508f5bfed88f21413526f1539fe4864ece5b0e03a18513f3db33c07e7abd7b8aaffc34a7587952b96bb9990d9f4efa886f613d95a5b1b |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\MsiProvider.dll
| MD5 | 9a760ddc9fdca758501faf7e6d9ec368 |
| SHA1 | 5d395ad119ceb41b776690f9085f508eaaddb263 |
| SHA256 | 7ff3939e1ef015da8c9577af4edfdd46f0029a2cfe4e3dac574d3175516e095f |
| SHA512 | 59d095246b62a7777e7d2d50c2474f4b633a1ae96056e4a4cb5265ccf7432fed0ea5df9b350f44d70b55a726241da10f228d8b5cbee9b0890c0b9dc9e810b139 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\LogProvider.dll
| MD5 | 815a4e7a7342224a239232f2c788d7c0 |
| SHA1 | 430b7526d864cfbd727b75738197230d148de21a |
| SHA256 | a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2 |
| SHA512 | 0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\IntlProvider.dll
| MD5 | 510e132215cef8d09be40402f355879b |
| SHA1 | cae8659f2d3fd54eb321a8f690267ba93d56c6f1 |
| SHA256 | 1bb39f3389aa4258a923fa265afa2279688e6cdb14ff771f1621a56b03ddcf52 |
| SHA512 | 2f7b2ec0e94738838f755759cd35e20ab2138b8eca023ee6ef630ab83a3de1bc0792f12ea0d722abe9a6953626cbddf8ba55ea32fc794d2df677a0625e498ab0 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\ImagingProvider.dll
| MD5 | 35e989a1df828378baa340f4e0b2dfcb |
| SHA1 | 59ecc73a0b3f55e43dace3b05ff339f24ec2c406 |
| SHA256 | 874137ee906f91285b9a018735683a0dd21bdeaf2e340cbc54296551ccf8be2d |
| SHA512 | c8d69e37c918881786a8fdab2a2c5d1632411b1f75082aeb3eb24a8ba5f93dcb39b3f4000e651f95452263525d98fd1d3cb834de93bed16fa6f92ef271c3a92a |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\IBSProvider.dll
| MD5 | 120f0a2022f423fc9aadb630250f52c4 |
| SHA1 | 826df2b752c4f1bba60a77e2b2cf908dd01d3cf7 |
| SHA256 | 5425382aaa32ffc133adb6458ff516db0e2ad60fac52dd595d53c370f4ba6fa0 |
| SHA512 | 23e50735c06cef93d11873fc8e5e29fc63dcf3f01dc56822a17c11ca57bbfb10d46fac6351f84ba30050a16d6bd0744a08a4042a9743a6df87ac8a12e81e2764 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\GenericProvider.dll
| MD5 | ef7e2760c0a24453fc78359aea3d7869 |
| SHA1 | 0ea67f1fd29df2615da43e023e86046e8e46e2e1 |
| SHA256 | d39f38402a9309ddd1cba67be470ede348f2bc1bab2f8d565e8f15510761087a |
| SHA512 | be785ba6b564cc4e755b4044ae27f916c009b7d942fcd092aed2ae630b1704e8a2f8b4692648eed481a5eb5355fd2e1ef7f94f6fb519b7e1ff6fc3c5f1aaa06f |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\FolderProvider.dll
| MD5 | 4f3250ecb7a170a5eb18295aa768702d |
| SHA1 | 70eb14976ddab023f85bc778621ade1d4b5f4d9d |
| SHA256 | a235317ab7ed89e6530844a78b933d50f6f48ea5df481de158eb99dd8c4ba461 |
| SHA512 | e9ce6cced5029d931d82e78e7e609a892bfe239096b55062b78e8ff38cce34ce6dd4e91efb41c4cd6ecf6017d098e4c9b13d6cb4408d761051468ee7f74bc569 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\FfuProvider.dll
| MD5 | df785c5e4aacaee3bd16642d91492815 |
| SHA1 | 286330d2ab07512e1f636b90613afcd6529ada1e |
| SHA256 | 56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271 |
| SHA512 | 3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\WimProvider.dll.mui
| MD5 | da1c1b3e004b71b15638d091c0c82c56 |
| SHA1 | a1195ca1caa80e9f463c443737d97b4b966fae0f |
| SHA256 | a9eebcb85a0271061ac620ff9d2a6d22332721c782aeb06ab1ccf1149bff2aa4 |
| SHA512 | df373693e971a85397850107f233914a09478cbeee9b1e1903154f8693842b66fdb2ea0de4403aea7cdeca0c70d0723733c8a2938e90e07987d5eace6b481ef5 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\VhdProvider.dll.mui
| MD5 | 0656529f4d1b3ff2d4deffbaf18ce95b |
| SHA1 | ffcf4f53bf767bcd4f6044082b82c4f25598b5c6 |
| SHA256 | 2ba085379434b3f9fcb0c70c2bd02a7f4f0170e6160578a583eb42c8d333fab7 |
| SHA512 | f17b6c4087498af8951ea0f80f65923713e410458669f3e19624ab6e225222d1f2bb1e6779e5aae328aca88acec940dcf9c9447b83dd27dc6616625f005dec1c |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\UnattendProvider.dll.mui
| MD5 | 8acee3337dfd444254bb8abdd3c29ada |
| SHA1 | 25d98d3426f32fa199c026b6eb829b469609b2e3 |
| SHA256 | 11f7957b8cc57dd7176f62b0612e658d6588b7caa8be4db3a337953b02b98c24 |
| SHA512 | 2849978060fa6e1fcfa37c870ae59ef22a67c0f8653468e07803422497fcc7275409ed0c36fe2d8e88026c13c82705abed771b4492761eead24cb5c32bdf2ea7 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\TransmogProvider.dll.mui
| MD5 | 2138fda89b1a5a18b32aed1d8762cde5 |
| SHA1 | a476f7dc86e62c7dc0edf27bb778174348cac566 |
| SHA256 | a75288f9e83cccf2a6a644ff78e6c26dadd5772a2626f80120b81975664e7dab |
| SHA512 | d7cbf569b5d57730c81fc121e92e1042a37e07922c02f36efac3769622f40234c70dafe9ed88a659d90c3855b5240f67f99b55ddecc46eea0e28e5b80ecc820b |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\SysprepProvider.dll.mui
| MD5 | 93d076056dd01dfc64d95d4c552a2dff |
| SHA1 | a90fd06a62c6d63d87e00f5f7e9646b44d2c726a |
| SHA256 | 4389362a9dc662aa3c7a1d830498472bc586e00f0d269a8541975a34b03a1aa4 |
| SHA512 | b089574d4be0ccae205219c9e256de34c039081a547f05acfe4165d036b175de5d9676160effc3c19d87bbb41d0f415da598e507ed8f7b302cdbfdfb81f694ee |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\SmiProvider.dll.mui
| MD5 | f32e38247d0b21476bbfb49989478f7e |
| SHA1 | b950fd72ea2a6a94ee049454df562aed79ca1e35 |
| SHA256 | a1a302e940f6d6718700737b787af7a2053ef68b5ea2ec61497e7ae2444c5835 |
| SHA512 | f483807d790a4bc3e68d6d1f986bd4a57b4a67c91fb3dbef88220a4b510f11d1190cdd98a857eb1937e921e668dff2bcb5e4a7df640b1f3639ce6d2239ff8106 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\SetupPlatformProvider.dll.mui
| MD5 | 73e78fbbf6e6679fa643441c66628d37 |
| SHA1 | 57b70e6226c0cf3f8bc9a939f8b1ec411dedeff5 |
| SHA256 | 5d4dfc9bde18be1ec0b3834a65de6abab581e04c8c4f66ee14a62fb4b1b4cd06 |
| SHA512 | a045a6cdf9ca989b3ed9a50cda208affa17372f65b1d86e1bf4c10b5d5e3fee58c5d4b8ec0749a54e2e2156ed0e9776b59a8d3b78f062349873cb574ab3f77fa |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\ProvProvider.dll.mui
| MD5 | b8a8c6c4cd89eeda1e299c212dc9c198 |
| SHA1 | f88c8a563b20864e0fc6f3d63fadda507aa2e96e |
| SHA256 | 50ad19e21b6425d12aa57cd4656748877db1f147189ec44abb19ba90be8505ea |
| SHA512 | 4a6f0dac5b3b18e4942ce5f51b566ce3ba465baa43457384ee785d1c0e7c33f9b9396a143aac0398a34e4e2f7d704ba06d3cc68761fd3cb6f53f4043a906e475 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\OSProvider.dll.mui
| MD5 | 0633e0fccd477d9b22de4dd5a84abe53 |
| SHA1 | e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9 |
| SHA256 | b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706 |
| SHA512 | e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\OfflineSetupProvider.dll.mui
| MD5 | 015271d46ab128a854a4e9d214ab8a43 |
| SHA1 | 2569deff96fb5ad6db924cee2e08a998ddc80b2a |
| SHA256 | 692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec |
| SHA512 | 6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\MsiProvider.dll.mui
| MD5 | c5e60ee2d8534f57fddb81ffce297763 |
| SHA1 | 78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2 |
| SHA256 | 1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145 |
| SHA512 | ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\LogProvider.dll.mui
| MD5 | 8933c8d708e5acf5a458824b19fd97da |
| SHA1 | de55756ddbeebc5ad9d3ce950acba5d2fb312331 |
| SHA256 | 6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6 |
| SHA512 | ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\IntlProvider.dll.mui
| MD5 | 2eb303db5753eb7a6bb3ab773eeabdcb |
| SHA1 | 44c6c38e6ae5f9ce9d7ca9d45a3cc3020b1353e4 |
| SHA256 | aa43b64db4fdcd89e56ba5309f3ba2ffac2663ba30514e87c160687f4314221f |
| SHA512 | df1c8cefed4b5ef5a47f9bc0c42776611b3af709938a0900db79c6c9f4fae21acbbb6c4b1cad3c5a2051b622fe7e6e01486d34622742a981623fed933f1b1427 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\ImagingProvider.dll.mui
| MD5 | f2e2ba029f26341158420f3c4db9a68f |
| SHA1 | 1dee9d3dddb41460995ad8913ad701546be1e59d |
| SHA256 | 32d8c8fb9a746be209db5c3bdad14f361cf2bef8144c32e5af419c28efd35da3 |
| SHA512 | 3d45d7bcf21d5df56b516fc18f7dc1bf80e44258b0c810b199a7bc06047a547060956c9d79575b82d9b6992fb5fe64f5b0ef1e408363887ae81a64b6ff9fa03e |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\IBSProvider.dll.mui
| MD5 | d4b67a347900e29392613b5d86fe4ac2 |
| SHA1 | fb84756d11bfd638c4b49268b96d0007b26ba2fb |
| SHA256 | 4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5 |
| SHA512 | af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\GenericProvider.dll.mui
| MD5 | d6b02daf9583f640269b4d8b8496a5dd |
| SHA1 | e3bc2acd8e6a73b6530bc201902ab714e34b3182 |
| SHA256 | 9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0 |
| SHA512 | 189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\FolderProvider.dll.mui
| MD5 | 22b4a3a1ec3b6d7aa3bc61d0812dc85f |
| SHA1 | 97ae3504a29eb555632d124022d8406fc5b6f662 |
| SHA256 | c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105 |
| SHA512 | 9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\FfuProvider.dll.mui
| MD5 | dc826a9cb121e2142b670d0b10022e22 |
| SHA1 | b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9 |
| SHA256 | ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a |
| SHA512 | 038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\en-US\DmiProvider.dll.mui
| MD5 | b7252234aa43b7295bb62336adc1b85c |
| SHA1 | b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f |
| SHA256 | 73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c |
| SHA512 | 88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\OfflineSetupProvider.dll
| MD5 | 9cd7292cca75d278387d2bdfb940003c |
| SHA1 | bab579889ed3ac9cb0f124842c3e495cb2ec92ac |
| SHA256 | b38d322af8e614cc54299effd2164247c75bd7e68e0eb1a428376fcedaca9a6f |
| SHA512 | ebf96839e47bef9e240836b1d02065c703547a2424e05074467fe70f83c1ebf3db6cb71bf0d38848ec25e2e81b4cbb506ced7973b85e2ab2d8e4273de720779d |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\TransmogProvider.dll
| MD5 | 84ae9659e8d28c2bd19d45dbe32b6736 |
| SHA1 | 2a47058eafab4135a55575a359fbd22390788e93 |
| SHA256 | 943ea79ccbbb9790723f411720777af386acc03efab709ac2cbfeb7bd040a3e4 |
| SHA512 | d108a4a8699cd98576a5de9ce2f925697ece546fb441a76db6a922564ea70c54449cb1e8ac049a203979331c2c0ee7790d090ae5bb72d8d5e02786ef1cca530d |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\UnattendProvider.dll
| MD5 | f7bd21c4170b1397eb098fa18ef45d4b |
| SHA1 | 05d36abc4853eda468eab68d289337962c76195f |
| SHA256 | 05da5af89fafe492adf5255a7dbf16468be6d130ee8a9d713ab2182c72346db0 |
| SHA512 | 8a804bfe27f25b9d7c87cfb6951e1f1254e984ff9eada0b1547c30352397438d2c9e2f1c3b42c2db43f693b08224e0c7b7a17cd0b21ced893e12c330b91355ff |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\SysprepProvider.dll
| MD5 | 8bd67d87dbdcf881fb9c1f4f6bf83f46 |
| SHA1 | 10bd2e541b6a125c29f05958f496edf31ff9abb1 |
| SHA256 | f9b4d0afe87f434e8319556961b292ddc7d3a8c6fc06b8a08a50b5a96e28a204 |
| SHA512 | 258a4075a3149669ccd6ff602f71a721b195c9d15dea22d994d4d3e35cdf27beb0b8b8f5da8f52914f769642f89edbb1d9d857087778be713a874571a2ec6f89 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\SmiProvider.dll
| MD5 | ad7bbb62335f6dc36214d8c9fe1aaca0 |
| SHA1 | f03cb2db64c361d47a1c21f6d714e090d695b776 |
| SHA256 | ac1e7407317859981d253fd9d977e246a4d0da24572c45efe0ade1745376bffb |
| SHA512 | 4ad7132f0ad5a7228ec116c28d23ee9acfdbf4adf535b0b9995f2e7eec8776e652a0a18539c02b6f4b3e0c8fa2f75d5181577dec16993fa55cb971d7e82faac5 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\SetupPlatformProvider.dll
| MD5 | 1ae66f4524911b2728201fff6776903c |
| SHA1 | 68bea62eb0f616af0729dbcbb80dc27de5816a83 |
| SHA256 | 367e73f97318b6663018a83a11019147e67b62ab83988730ebbda93984664dd3 |
| SHA512 | 7abf07d1338e08dc8b65b4f987eaff96d99aa46c892b5d2d79684ca7cf5f139d2634d9b990e5f6730f7f8a647e4fbb3d5905f9f2a5680250852671599f15ee69 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\ProvProvider.dll
| MD5 | 70c34975e700a9d7e120aaecf9d8f14b |
| SHA1 | e24d47f025c0ec0f60ec187bfc664e9347dc2c9c |
| SHA256 | a3e652c0bbe2082f2e0290da73485fb2c6e35c33ac60daa51a65f8c782dbd7a7 |
| SHA512 | 7f6a24345f5724d710e0b6c23b3b251e96d656fac58ea67b2b84d7d9a38d7723eae2c278e6e218e7f69f79d1cce240d91a8b0fd0d99960cacc65d82eb614a260 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\OSProvider.dll
| MD5 | db4c3a07a1d3a45af53a4cf44ed550ad |
| SHA1 | 5dea737faadf0422c94f8f50e9588033d53d13b3 |
| SHA256 | 2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758 |
| SHA512 | 5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\WimProvider.dll
| MD5 | 229df404d67e69e57f9e284a66f2adeb |
| SHA1 | 7f4f703dbe8c274f5104d4d104dafcadf0c3857b |
| SHA256 | 8b7821a1fb9170c6aa1ec25eea378f43661812eba25064bb95999156b472c377 |
| SHA512 | 917912cdfcf1d46f691cadc6e7aaae1a302a66721beec0e9b22e394592b290605caf410221045f2ce89896e5d9602ee4946202f2de9390e92c8aaa5a609b3a54 |
C:\Users\Admin\AppData\Local\Temp\D0857F4F-6247-4D1D-B596-16B9A1F8D24E\VhdProvider.dll
| MD5 | c6488a9b3569230669c72f3239cbc108 |
| SHA1 | 87b9b2ab5de52f246c1936480463bd402ad519b9 |
| SHA256 | 4ed23b46188dae12523f96a2755434c0574cd27584f9921133b0b4c1017b8a36 |
| SHA512 | 47ae886893032306e9b69b2d1c736ce23061b5be7552d2ed1d680b91e45fe0225b5acb12b83f6d572ef0b270dbaa47af3320516f4bfadb0a2889a9ffed45a66f |
memory/2928-4281-0x000001C741430000-0x000001C741446000-memory.dmp
memory/2928-4282-0x000001C741420000-0x000001C74142A000-memory.dmp
memory/2928-4283-0x000001C759A40000-0x000001C759A66000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3FAD.tmp
| MD5 | bd2866356868563bd9d92d902cf9cc5a |
| SHA1 | c677a0ad58ba694891ef33b54bb4f1fe4e7ce69b |
| SHA256 | 6676ba3d4bf3e5418865922b8ea8bddb31660f299dd3da8955f3f37961334ecb |
| SHA512 | 5eccf7be791fd76ee01aafc88300b2b1a0a0fb778f100cbc37504dfc2611d86bf3b4c5d663d2b87f17383ef09bd7710adbe4ece148ec12a8cfd2195542db6f27 |
memory/2568-4653-0x0000029D54400000-0x0000029D54B57000-memory.dmp
memory/3468-4665-0x0000026FFC1D0000-0x0000026FFC927000-memory.dmp
memory/1852-4686-0x000001EC67880000-0x000001EC678AA000-memory.dmp
memory/1852-4687-0x000001EC67880000-0x000001EC678A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\REGE524.tmp
| MD5 | 2d268b21d7ca7f404a577c018299ed6b |
| SHA1 | 54fd9584aad266d7fe064fb47db2918cd85b8fc2 |
| SHA256 | 978cb14b008769a5276e5173ffd3f7435fa64e8bf7faba831694251e5282e311 |
| SHA512 | a01fc7c8e460548868a18d97810300e8d7d033292686a5bb402e494cd7857afb4484373366fcdad20e0129f7417edd61289f2e5740eb225ccb693c7d6ebfd931 |