Analysis
-
max time kernel
141s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
14-11-2024 10:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
-
Size
3.1MB
-
MD5
92ffd2386f0d90f07e12f74ed815d219
-
SHA1
161df5d3809b21bcee3c633c9b0cb35f7db046ab
-
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
-
SHA512
e245c920f563fb0a59da61ba4d9d50d62b6628b9f4307cc046cb17498b3883b607296649d97c1e74ec01b4a4a3196f78894cc025b54847973cb2dfea2ca62763
-
SSDEEP
49152:yQe1or7i33p0rb/TNvO90d7HjmAFd4A64nsfJm++4MKtgynxVT+l9yxm2z1AmW00:bq3prE1g3ezAHco7Y
Malware Config
Signatures
-
Clears Windows event logs 1 TTPs 64 IoCs
Processes:
wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exepid Process 2160 wevtutil.exe 2004 wevtutil.exe 1744 wevtutil.exe 2792 wevtutil.exe 1652 wevtutil.exe 1632 wevtutil.exe 1952 wevtutil.exe 1984 wevtutil.exe 1312 wevtutil.exe 1680 wevtutil.exe 2424 wevtutil.exe 1424 wevtutil.exe 1788 wevtutil.exe 1620 wevtutil.exe 892 wevtutil.exe 2904 wevtutil.exe 1832 wevtutil.exe 2064 wevtutil.exe 2028 wevtutil.exe 2036 wevtutil.exe 2408 wevtutil.exe 2160 wevtutil.exe 2236 wevtutil.exe 1204 wevtutil.exe 2472 wevtutil.exe 2440 wevtutil.exe 2848 wevtutil.exe 2060 wevtutil.exe 2648 wevtutil.exe 932 wevtutil.exe 2000 wevtutil.exe 1324 wevtutil.exe 3024 wevtutil.exe 2516 wevtutil.exe 2972 wevtutil.exe 1968 wevtutil.exe 2972 wevtutil.exe 2912 wevtutil.exe 1992 wevtutil.exe 2588 wevtutil.exe 2300 wevtutil.exe 2132 wevtutil.exe 1876 wevtutil.exe 2976 wevtutil.exe 2988 wevtutil.exe 1588 wevtutil.exe 1956 wevtutil.exe 1960 wevtutil.exe 2452 wevtutil.exe 1960 wevtutil.exe 2044 wevtutil.exe 1956 wevtutil.exe 912 wevtutil.exe 2560 wevtutil.exe 3032 wevtutil.exe 2052 wevtutil.exe 1540 wevtutil.exe 2436 wevtutil.exe 2552 wevtutil.exe 1992 wevtutil.exe 2248 wevtutil.exe 1364 wevtutil.exe 2052 wevtutil.exe 1424 wevtutil.exe -
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in Program Files directory 64 IoCs
Processes:
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exedescription ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\libvlc.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre7\lib\calendars.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\it-IT\sbdrop.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\zh-cn.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\mk.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\yo.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe -
Kills process with taskkill 3 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepid Process 2852 taskkill.exe 2564 taskkill.exe 2548 taskkill.exe -
Modifies registry class 3 IoCs
Processes:
reg.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" reg.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon reg.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b reg.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid Process 1192 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepowershell.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exedescription pid Process Token: SeDebugPrivilege 2852 taskkill.exe Token: SeDebugPrivilege 2564 taskkill.exe Token: SeDebugPrivilege 2548 taskkill.exe Token: SeDebugPrivilege 1192 powershell.exe Token: SeSecurityPrivilege 1516 wevtutil.exe Token: SeBackupPrivilege 1516 wevtutil.exe Token: SeSecurityPrivilege 2992 wevtutil.exe Token: SeBackupPrivilege 2992 wevtutil.exe Token: SeSecurityPrivilege 3028 wevtutil.exe Token: SeBackupPrivilege 3028 wevtutil.exe Token: SeSecurityPrivilege 2136 wevtutil.exe Token: SeBackupPrivilege 2136 wevtutil.exe Token: SeSecurityPrivilege 2276 wevtutil.exe Token: SeBackupPrivilege 2276 wevtutil.exe Token: SeSecurityPrivilege 3024 wevtutil.exe Token: SeBackupPrivilege 3024 wevtutil.exe Token: SeSecurityPrivilege 2740 wevtutil.exe Token: SeBackupPrivilege 2740 wevtutil.exe Token: SeSecurityPrivilege 2860 wevtutil.exe Token: SeBackupPrivilege 2860 wevtutil.exe Token: SeSecurityPrivilege 2560 wevtutil.exe Token: SeBackupPrivilege 2560 wevtutil.exe Token: SeSecurityPrivilege 2344 wevtutil.exe Token: SeBackupPrivilege 2344 wevtutil.exe Token: SeSecurityPrivilege 1108 wevtutil.exe Token: SeBackupPrivilege 1108 wevtutil.exe Token: SeSecurityPrivilege 980 wevtutil.exe Token: SeBackupPrivilege 980 wevtutil.exe Token: SeSecurityPrivilege 1352 wevtutil.exe Token: SeBackupPrivilege 1352 wevtutil.exe Token: SeSecurityPrivilege 1408 wevtutil.exe Token: SeBackupPrivilege 1408 wevtutil.exe Token: SeSecurityPrivilege 2356 wevtutil.exe Token: SeBackupPrivilege 2356 wevtutil.exe Token: SeSecurityPrivilege 2028 wevtutil.exe Token: SeBackupPrivilege 2028 wevtutil.exe Token: SeSecurityPrivilege 1632 wevtutil.exe Token: SeBackupPrivilege 1632 wevtutil.exe Token: SeSecurityPrivilege 696 wevtutil.exe Token: SeBackupPrivilege 696 wevtutil.exe Token: SeSecurityPrivilege 1028 wevtutil.exe Token: SeBackupPrivilege 1028 wevtutil.exe Token: SeSecurityPrivilege 1400 wevtutil.exe Token: SeBackupPrivilege 1400 wevtutil.exe Token: SeSecurityPrivilege 2352 wevtutil.exe Token: SeBackupPrivilege 2352 wevtutil.exe Token: SeSecurityPrivilege 1168 wevtutil.exe Token: SeBackupPrivilege 1168 wevtutil.exe Token: SeSecurityPrivilege 1304 wevtutil.exe Token: SeBackupPrivilege 1304 wevtutil.exe Token: SeSecurityPrivilege 2196 wevtutil.exe Token: SeBackupPrivilege 2196 wevtutil.exe Token: SeSecurityPrivilege 2268 wevtutil.exe Token: SeBackupPrivilege 2268 wevtutil.exe Token: SeSecurityPrivilege 2508 wevtutil.exe Token: SeBackupPrivilege 2508 wevtutil.exe Token: SeSecurityPrivilege 2052 wevtutil.exe Token: SeBackupPrivilege 2052 wevtutil.exe Token: SeSecurityPrivilege 2060 wevtutil.exe Token: SeBackupPrivilege 2060 wevtutil.exe Token: SeSecurityPrivilege 1532 wevtutil.exe Token: SeBackupPrivilege 1532 wevtutil.exe Token: SeSecurityPrivilege 2244 wevtutil.exe Token: SeBackupPrivilege 2244 wevtutil.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.execmd.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.exedescription pid Process procid_target PID 1736 wrote to memory of 2424 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 31 PID 1736 wrote to memory of 2424 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 31 PID 1736 wrote to memory of 2424 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 31 PID 2424 wrote to memory of 1456 2424 cmd.exe 32 PID 2424 wrote to memory of 1456 2424 cmd.exe 32 PID 2424 wrote to memory of 1456 2424 cmd.exe 32 PID 1736 wrote to memory of 1224 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 33 PID 1736 wrote to memory of 1224 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 33 PID 1736 wrote to memory of 1224 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 33 PID 1736 wrote to memory of 2192 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 34 PID 1736 wrote to memory of 2192 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 34 PID 1736 wrote to memory of 2192 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 34 PID 2192 wrote to memory of 1984 2192 cmd.exe 35 PID 2192 wrote to memory of 1984 2192 cmd.exe 35 PID 2192 wrote to memory of 1984 2192 cmd.exe 35 PID 1984 wrote to memory of 2220 1984 net.exe 36 PID 1984 wrote to memory of 2220 1984 net.exe 36 PID 1984 wrote to memory of 2220 1984 net.exe 36 PID 1736 wrote to memory of 2936 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 37 PID 1736 wrote to memory of 2936 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 37 PID 1736 wrote to memory of 2936 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 37 PID 2936 wrote to memory of 2912 2936 cmd.exe 38 PID 2936 wrote to memory of 2912 2936 cmd.exe 38 PID 2936 wrote to memory of 2912 2936 cmd.exe 38 PID 2912 wrote to memory of 2956 2912 net.exe 39 PID 2912 wrote to memory of 2956 2912 net.exe 39 PID 2912 wrote to memory of 2956 2912 net.exe 39 PID 1736 wrote to memory of 2040 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 40 PID 1736 wrote to memory of 2040 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 40 PID 1736 wrote to memory of 2040 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 40 PID 2040 wrote to memory of 2004 2040 cmd.exe 41 PID 2040 wrote to memory of 2004 2040 cmd.exe 41 PID 2040 wrote to memory of 2004 2040 cmd.exe 41 PID 2004 wrote to memory of 2008 2004 net.exe 42 PID 2004 wrote to memory of 2008 2004 net.exe 42 PID 2004 wrote to memory of 2008 2004 net.exe 42 PID 1736 wrote to memory of 2256 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 43 PID 1736 wrote to memory of 2256 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 43 PID 1736 wrote to memory of 2256 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 43 PID 2256 wrote to memory of 2324 2256 cmd.exe 44 PID 2256 wrote to memory of 2324 2256 cmd.exe 44 PID 2256 wrote to memory of 2324 2256 cmd.exe 44 PID 2324 wrote to memory of 2960 2324 net.exe 45 PID 2324 wrote to memory of 2960 2324 net.exe 45 PID 2324 wrote to memory of 2960 2324 net.exe 45 PID 1736 wrote to memory of 3068 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 46 PID 1736 wrote to memory of 3068 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 46 PID 1736 wrote to memory of 3068 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 46 PID 3068 wrote to memory of 3052 3068 cmd.exe 47 PID 3068 wrote to memory of 3052 3068 cmd.exe 47 PID 3068 wrote to memory of 3052 3068 cmd.exe 47 PID 3052 wrote to memory of 2932 3052 net.exe 48 PID 3052 wrote to memory of 2932 3052 net.exe 48 PID 3052 wrote to memory of 2932 3052 net.exe 48 PID 1736 wrote to memory of 2480 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 49 PID 1736 wrote to memory of 2480 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 49 PID 1736 wrote to memory of 2480 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 49 PID 2480 wrote to memory of 2896 2480 cmd.exe 50 PID 2480 wrote to memory of 2896 2480 cmd.exe 50 PID 2480 wrote to memory of 2896 2480 cmd.exe 50 PID 2896 wrote to memory of 3032 2896 net.exe 51 PID 2896 wrote to memory of 3032 2896 net.exe 51 PID 2896 wrote to memory of 3032 2896 net.exe 51 PID 1736 wrote to memory of 2976 1736 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 52
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Windows\system32\cmd.execmd /C "reg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"2⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\system32\reg.exereg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f3⤵
- Modifies registry class
PID:1456
-
-
-
C:\Windows\system32\cmd.execmd /C "iisreset /stop"2⤵PID:1224
-
-
C:\Windows\system32\cmd.execmd /C "NET STOP IISADMIN"2⤵
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\system32\net.exeNET STOP IISADMIN3⤵
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 STOP IISADMIN4⤵PID:2220
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop WAS"2⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\system32\net.exenet stop WAS3⤵
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WAS4⤵PID:2956
-
-
-
-
C:\Windows\system32\cmd.execmd /C "NET stop MSSQLSERVER"2⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\system32\net.exeNET stop MSSQLSERVER3⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER4⤵PID:2008
-
-
-
-
C:\Windows\system32\cmd.execmd /C "NET stop \"SQL Server (MSSQLSERVER)\""2⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\system32\net.exeNET stop \"SQL Server (MSSQLSERVER)\"3⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"4⤵PID:2960
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop MSSQL$SQLEXPRESS"2⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\system32\net.exenet stop MSSQL$SQLEXPRESS3⤵
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS4⤵PID:2932
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop SQLSERVERAGENT"2⤵
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\system32\net.exenet stop SQLSERVERAGENT3⤵
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT4⤵PID:3032
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop mysql"2⤵PID:2976
-
C:\Windows\system32\net.exenet stop mysql3⤵PID:2252
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mysql4⤵PID:2848
-
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlservr.exe /T"2⤵PID:2944
-
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlservr.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2852
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlceip.exe /T"2⤵PID:2572
-
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlceip.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2564
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlwriter.exe /T"2⤵PID:2540
-
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlwriter.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2548
-
-
-
C:\Windows\system32\cmd.execmd /C "Del /S /F /Q %Windir%\Temp"2⤵PID:1872
-
-
C:\Windows\system32\cmd.execmd /C C:\Users\Public\Log.cmd2⤵PID:1132
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1192 -
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" el4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Application4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl DebugChannel4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2136
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2276
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl4⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:3024
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl EndpointMapper4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl HardwareEvents4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1352
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Media Center"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance4⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:2028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline4⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:1632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform4⤵
- Suspicious use of AdjustPrivilegeToken
PID:696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2196
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2508
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2052
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1532
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2244
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational4⤵
- Clears Windows event logs
PID:1960
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"4⤵PID:1964
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"4⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"4⤵
- Clears Windows event logs
PID:2452
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"4⤵
- Clears Windows event logs
PID:2472
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"4⤵PID:2284
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"4⤵PID:2200
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder4⤵PID:624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant4⤵
- Clears Windows event logs
PID:1992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter4⤵PID:1716
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory4⤵PID:856
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug4⤵PID:2672
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry4⤵PID:2000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor4⤵PID:2148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational4⤵PID:1868
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance4⤵PID:1800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic4⤵PID:1680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"4⤵PID:1320
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log4⤵PID:1364
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup4⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational4⤵PID:1972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin4⤵PID:1004
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational4⤵PID:2400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic4⤵PID:2568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational4⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational4⤵PID:2208
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational4⤵PID:1764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic4⤵
- Clears Windows event logs
PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic4⤵PID:1744
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic4⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational4⤵
- Clears Windows event logs
PID:1312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational4⤵PID:1232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational4⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic4⤵PID:2376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing4⤵PID:2808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug4⤵PID:932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational4⤵PID:2632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational4⤵PID:2588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic4⤵PID:276
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic4⤵PID:1808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational4⤵PID:1824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose4⤵PID:1524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic4⤵PID:1528
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug4⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational4⤵PID:1256
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational4⤵PID:2432
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic4⤵PID:1620
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic4⤵PID:1616
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic4⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming4⤵PID:2424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug4⤵PID:2948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational4⤵PID:1984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic4⤵
- Clears Windows event logs
PID:2036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic4⤵
- Clears Windows event logs
PID:2912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic4⤵
- Clears Windows event logs
PID:2160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging4⤵PID:2004
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic4⤵PID:1128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic4⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug4⤵PID:2256
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational4⤵PID:2816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic4⤵PID:2312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic4⤵PID:3032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational4⤵PID:3040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational4⤵
- Clears Windows event logs
PID:2848
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance4⤵PID:2836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin4⤵
- Clears Windows event logs
PID:2516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational4⤵PID:2016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin4⤵PID:2972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational4⤵PID:2272
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin4⤵
- Clears Windows event logs
PID:2248
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational4⤵PID:2524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug4⤵PID:1944
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic4⤵PID:2788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug4⤵PID:2548
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational4⤵PID:1316
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug4⤵PID:1692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic4⤵PID:1040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug4⤵PID:3020
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational4⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug4⤵PID:2580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational4⤵PID:668
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic4⤵PID:2340
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational4⤵PID:1500
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin4⤵PID:432
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug4⤵
- Clears Windows event logs
PID:2560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational4⤵PID:2344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug4⤵PID:1108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational4⤵PID:980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug4⤵PID:1352
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic4⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug4⤵PID:2356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug4⤵PID:2028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational4⤵PID:1632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic4⤵PID:696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic4⤵PID:1028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic4⤵PID:1400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback4⤵PID:2352
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational4⤵PID:1168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic4⤵PID:1304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic4⤵PID:2196
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic4⤵PID:2268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging4⤵PID:2508
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming4⤵PID:3008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance4⤵PID:520
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug4⤵PID:1532
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing4⤵PID:2244
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing4⤵
- Clears Windows event logs
PID:1960
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational4⤵PID:1964
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational4⤵PID:2456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational4⤵PID:2452
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational4⤵PID:2472
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug4⤵PID:2284
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational4⤵PID:2200
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic4⤵PID:624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance4⤵
- Clears Windows event logs
PID:1992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational4⤵PID:1716
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic4⤵PID:856
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance4⤵PID:2672
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic4⤵PID:2000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic4⤵PID:2148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug4⤵PID:1868
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic4⤵PID:1800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug4⤵
- Clears Windows event logs
PID:1680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational4⤵PID:1320
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic4⤵
- Clears Windows event logs
PID:1364
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug4⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational4⤵PID:1996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug4⤵PID:1564
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic4⤵PID:2584
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug4⤵PID:2532
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic4⤵PID:2264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug4⤵PID:2208
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational4⤵PID:1764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational4⤵PID:1744
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider4⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational4⤵PID:1312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic4⤵PID:1232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"4⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug4⤵PID:2376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational4⤵PID:2808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic4⤵PID:932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug4⤵PID:2632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug4⤵PID:2588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance4⤵PID:276
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance4⤵PID:1808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational4⤵PID:1824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"4⤵PID:1524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"4⤵PID:1528
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"4⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"4⤵PID:2104
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"4⤵
- Clears Windows event logs
PID:2044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService4⤵
- Clears Windows event logs
PID:1620
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic4⤵PID:1616
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace4⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational4⤵PID:2424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug4⤵PID:2948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing4⤵PID:1984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic4⤵PID:2036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational4⤵PID:2912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational4⤵PID:2160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug4⤵
- Clears Windows event logs
PID:2004
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational4⤵PID:1128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace4⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic4⤵PID:2256
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic4⤵PID:2816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic4⤵PID:2312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic4⤵PID:3032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin4⤵PID:3040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic4⤵PID:2848
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic4⤵PID:2836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic4⤵PID:2516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic4⤵PID:2016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic4⤵
- Clears Windows event logs
PID:2972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic4⤵PID:2272
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic4⤵PID:2564
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational4⤵PID:2988
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic4⤵PID:1552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic4⤵
- Clears Windows event logs
PID:1968
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic4⤵PID:2380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic4⤵PID:984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic4⤵PID:940
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic4⤵PID:2996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug4⤵PID:2132
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational4⤵PID:2316
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors4⤵PID:1436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational4⤵PID:1832
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"4⤵
- Clears Windows event logs
PID:1952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic4⤵PID:2792
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug4⤵
- Clears Windows event logs
PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic4⤵PID:1496
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic4⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug4⤵PID:1324
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational4⤵PID:2120
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational4⤵PID:840
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic4⤵PID:2088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic4⤵PID:1152
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic4⤵PID:580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin4⤵PID:1548
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug4⤵PID:1340
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic4⤵PID:1348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin4⤵PID:588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic4⤵PID:764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational4⤵PID:2240
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter4⤵
- Clears Windows event logs
PID:1956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader4⤵PID:556
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform4⤵PID:2336
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic4⤵
- Clears Windows event logs
PID:2052
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug4⤵PID:2060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic4⤵
- Clears Windows event logs
PID:1424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational4⤵PID:2412
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug4⤵PID:2436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic4⤵PID:2280
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational4⤵PID:972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational4⤵
- Clears Windows event logs
PID:2408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic4⤵PID:2228
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic4⤵PID:900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance4⤵
- Clears Windows event logs
PID:912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic4⤵PID:1164
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational4⤵PID:2468
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC4⤵PID:756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational4⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational4⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic4⤵PID:1420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic4⤵PID:960
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational4⤵PID:1320
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug4⤵PID:1788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic4⤵
- Clears Windows event logs
PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic4⤵PID:1972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic4⤵PID:2552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug4⤵PID:2400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational4⤵PID:2568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog4⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic4⤵PID:2112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic4⤵PID:1764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic4⤵
- Clears Windows event logs
PID:1744
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational4⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic4⤵PID:1312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic4⤵PID:1232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic4⤵
- Power Settings
PID:2892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic4⤵PID:2376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic4⤵PID:2808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic4⤵
- Clears Windows event logs
PID:932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance4⤵
- Clears Windows event logs
PID:2588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin4⤵PID:276
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug4⤵PID:1808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational4⤵
- Clears Windows event logs
PID:892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug4⤵PID:888
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic4⤵PID:2236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug4⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug4⤵PID:2104
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug4⤵PID:2044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo4⤵PID:1620
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic4⤵PID:1616
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational4⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic4⤵PID:2424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational4⤵PID:2948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational4⤵PID:1984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational4⤵PID:2036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"4⤵PID:2912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin4⤵
- Clears Windows event logs
PID:2160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational4⤵PID:2004
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing4⤵PID:1128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin4⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational4⤵PID:2256
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic4⤵PID:2816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational4⤵PID:2312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational4⤵
- Clears Windows event logs
PID:3032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational4⤵PID:3040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing4⤵
- Clears Windows event logs
PID:2976
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational4⤵PID:2876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic4⤵PID:2516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic4⤵PID:2016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic4⤵
- Clears Windows event logs
PID:2972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational4⤵PID:2272
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational4⤵PID:2564
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf4⤵
- Clears Windows event logs
PID:2988
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug4⤵PID:1552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug4⤵PID:1968
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic4⤵PID:2380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic4⤵PID:984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic4⤵PID:940
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic4⤵
- Clears Windows event logs
PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic4⤵PID:2996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic4⤵
- Clears Windows event logs
PID:2132
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic4⤵PID:2316
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic4⤵PID:1436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic4⤵
- Clears Windows event logs
PID:1832
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic4⤵PID:1952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic4⤵
- Clears Windows event logs
PID:2792
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic4⤵PID:1496
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic4⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic4⤵
- Clears Windows event logs
PID:1324
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc4⤵PID:2120
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic4⤵PID:840
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic4⤵PID:2356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic4⤵PID:1148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic4⤵PID:1632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic4⤵PID:696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin4⤵PID:1028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug4⤵PID:1400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic4⤵PID:1016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational4⤵PID:1168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational4⤵PID:2240
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational4⤵PID:1956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational4⤵PID:556
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main4⤵PID:2336
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog4⤵PID:2052
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic4⤵
- Clears Windows event logs
PID:2060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic4⤵PID:1424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug4⤵PID:2412
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic4⤵PID:2436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic4⤵
- Clears Windows event logs
PID:1876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug4⤵
- Clears Windows event logs
PID:2064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic4⤵PID:560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational4⤵PID:680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic4⤵PID:836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin4⤵PID:1716
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic4⤵PID:1584
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug4⤵PID:856
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational4⤵PID:2672
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin4⤵
- Clears Windows event logs
PID:2000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic4⤵PID:2148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug4⤵PID:1868
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational4⤵PID:1800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic4⤵PID:1680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin4⤵PID:2656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic4⤵
- Clears Windows event logs
PID:1788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational4⤵PID:1972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic4⤵PID:2552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug4⤵PID:2400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational4⤵PID:2568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture4⤵PID:2300
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin4⤵PID:2112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic4⤵PID:1764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational4⤵PID:1744
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin4⤵PID:1204
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic4⤵PID:1312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug4⤵PID:1232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational4⤵PID:2892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic4⤵PID:2376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic4⤵PID:2808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational4⤵PID:964
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational4⤵PID:1756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic4⤵PID:924
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug4⤵PID:1816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic4⤵PID:1828
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf4⤵PID:2520
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic4⤵PID:1824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic4⤵PID:1524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic4⤵
- Clears Windows event logs
PID:2236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"4⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"4⤵PID:2104
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"4⤵PID:2044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic4⤵PID:1620
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic4⤵PID:1616
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug4⤵PID:1624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications4⤵
- Clears Windows event logs
PID:2424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance4⤵PID:2948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations4⤵
- Clears Windows event logs
PID:1984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic4⤵PID:2036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic4⤵PID:2912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational4⤵PID:2160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational4⤵PID:2004
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic4⤵PID:1128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance4⤵PID:2144
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational4⤵PID:2256
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic4⤵PID:2816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational4⤵PID:2832
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic4⤵
- Clears Windows event logs
PID:2648
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational4⤵PID:2848
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational4⤵PID:2836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic4⤵PID:2444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace4⤵
- Clears Windows event logs
PID:1588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic4⤵PID:2248
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic4⤵PID:2524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic4⤵PID:2784
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic4⤵PID:1552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic4⤵PID:1968
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic4⤵PID:2380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational4⤵PID:984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic4⤵PID:940
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational4⤵PID:2996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic4⤵PID:2132
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug4⤵PID:2316
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic4⤵PID:1436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic4⤵PID:1832
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic4⤵PID:1952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic4⤵PID:2792
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic4⤵PID:1496
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing4⤵PID:1780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency4⤵PID:1324
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power4⤵PID:2120
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render4⤵PID:1944
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing4⤵PID:2600
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI4⤵PID:1152
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic4⤵PID:580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic4⤵PID:1548
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic4⤵PID:1340
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic4⤵PID:1348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug4⤵PID:588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational4⤵PID:764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"4⤵PID:2308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"4⤵
- Clears Windows event logs
PID:1956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"4⤵PID:556
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"4⤵PID:2336
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"4⤵
- Clears Windows event logs
PID:2052
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"4⤵PID:2060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug4⤵
- Clears Windows event logs
PID:1424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational4⤵PID:2412
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational4⤵
- Clears Windows event logs
PID:2436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational4⤵PID:1876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic4⤵PID:2064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational4⤵PID:560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational4⤵PID:680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational4⤵PID:836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic4⤵PID:1716
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic4⤵PID:1584
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational4⤵PID:2468
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin4⤵PID:756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug4⤵PID:2776
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic4⤵PID:1080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui4⤵PID:1420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic4⤵PID:960
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic4⤵PID:1320
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl OAlerts4⤵PID:1356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Security4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Setup4⤵PID:1972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl System4⤵
- Clears Windows event logs
PID:2552
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel4⤵PID:2400
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL4⤵PID:2568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL4⤵
- Clears Windows event logs
PID:2300
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl WMPSetup4⤵PID:2112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine4⤵PID:1764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin4⤵PID:1744
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl muxencode4⤵
- Clears Windows event logs
PID:1204
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize27KB
MD5ccb3c9016ad47cc749ba2e5a10d7fef6
SHA120f8a905240262823de646949d244e001e9426d4
SHA256c86f74378dd1711a320c80c3a1443d0b666d20e080a226df1bdeeae873ec7f97
SHA5123037bb5fdfa22c50df22f07004a7b91cad0e85385c7da255ba7c8f0ae70ac20e942b060536ff20a75441eec2d02b9ddf6116edcb0a1fba9bf95c7f4812b0df7b
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize19KB
MD5afb4516a414052edc55e47c7c2babca6
SHA1d3cbb51f9cc99c107284139573e6256bc359285b
SHA25619e92356c6920750b491550b3a8266cac82eae427ad5490ef3e03b5c9b5fb2d7
SHA5123184c548f3051f70528287359f6b948209444c822f79d6574f7e055c5716a91985a54cd64289f4a8b92c00ff1151aa4357341c6298800dbd6496d5ff176866e7
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5986514c80ca072d1921b2ef6d2d80cb3
SHA14a2e1850cdb2e016d44cc621390635c7e17fd759
SHA25662adb9d1cecbd1c904826243a1d1c7a61141ab3c705e4315e64310648304c331
SHA512f3282611bff241400d0d4838e72d24ed6df728794c636614073c7897b102e2dfa6e90dc8e79c6a68997426c9ae9d12a4cea02de2c67cfbf8131ee001f65a2403
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5fc08c68ad937f4725bb8174a5d7f07c4
SHA16c0417b0023831a0fd0fcaab30196dfdd1159fa1
SHA256a129ad53a0499c7490a020fdb1996508bbbc973a340bb4e3fca1f31250d76c3a
SHA512b350c42d57d5b388a5bace651b328ba9127aaad923000003540132bc571f939bad69e633965f802661db178034964f12db030106db1aeb476a94876ac78ead14
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD51605241a3b589821e57c78f3d1b840f8
SHA1f9704396e74b4c08aaab6bf1cfd44a780723b83a
SHA256ff5cb1c0e2744471e193a167708f7b0dec13eeb3417585993335e97cc12c26db
SHA512baf73da9fc132f3c196048eb69860cf3488e5f869cda2a15662c6cc25a239fc1f87633159654c58b9ff1199f1feee24116349d99fef0dd3244257c57024bcd65
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD56f0feee6bd9a597075d7cd7725ee4e8b
SHA17790ca9198b234e699e1af6a2c8883bcd6f6e35e
SHA2562b0912a88885c1ab6767452477d27a1e501869b6263c8114f3144142aa48fe87
SHA512fb4243f26be18b12f12ad5a7aeba26a4d97a350da6d85b5c9990dc919b17016806c8a0f5b62a3f7e75876f0963fc89b679e8fe9744b2e16be0cf5dd3bcfa0fdc
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5276968fddaf71989846554e52046e98c
SHA1995b8a50d41232d685ba05aac61ef2c529e2be0f
SHA256c665b406b92cea6ee6b872658eccf501c49de9f8bb72738a9d433808445738d1
SHA5120bb21d63f91615d738cfa06ef159c76e3cb58a92589d1b5318d197b2bb30ea445594b55ff5a218fe92e67582e039eaa24c768c0496e1f7f7eaf685e60b0876bb
-
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5112e8b575026b23a0d26beed2eb2ef81
SHA1a1efcd205575d9eeddd80aa9d27f53cbd152622e
SHA256d46a2a8598cfa545aa50d87d2f9bc665a97bf3438bb6e0b2bcd03c64e7fa0d63
SHA51288072b909108be05df4836aa10d87892ec9db183263fac02db282d3f1a9cecd6422015020ec120886dc51a7c3f286281455f6fde542893cb34187c90fb9be81c
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD5d64d030b061b0200af949ac43e7e70fb
SHA15f3f4f427c841de9eb4aa840aacc61874fdaff85
SHA2563f046ff85377f8ec7d441b0afa9d1fe7b5547b671c59c1f75f552f1f112a143f
SHA512997645c6570da4808d39bdd1220c2184d82416e8ba7409e09ea769541c271f8aab57b281d446022b15202c93480293ada97207dd8b311b4c96a31af4b4a27ba7
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize3KB
MD536fdbd03572ce79e51df5d4700bfe3bb
SHA1a01867df5cd1861a77f95c24abf90f4d906dc21e
SHA2560ccfd7b91980f42dcc159fb0d277491d60a16512de0c89c5f841a9933084b605
SHA5121890e0f87c6acb10e041ce59204acf087fe00bf18d5a3dae864ad5c0a8b8dd7e82dc84b472eb26c9bb9eacedda7adc8f128b1c2085f571a9069c826db58f4b70
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD5138ca16c6e3a7a212795388c0c8e91bd
SHA158965d7d8ac6fc0987aa5b2006d7c53a83f70f04
SHA2562437a6f2f341ed0d6cdba0db6bc3080deac5f5a8bf9bd64b0ba1a06f953ee139
SHA512ff16820c75cb2862bdde9756c35730daebc2ffe534dfc92019f5a6dce301bfac0ba1bceff3002015f5d47f563f47793bbef8b8f9458ba9df27b1010549af531c
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize3KB
MD5d28cb20d7a13bebe6c74570fc69910f9
SHA1bc4d2381849fff80118dc3b465ae7ff00189b438
SHA256db9f928e5fdaeaf81c96b969ee3fbbe06e48602ab7497192fbd16c0e3d12a5c6
SHA5123a7cf7881b1cf0145ebf1a664ac40071202c520f90832837524378d8ad1f611507f70ff98b6eb77fb65096afce24a89b4308cb5625fad1fad70dde52a9f79905
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD51060bdc5b66203a43f502f8f2358a97c
SHA1d43738dd8b35ff1423801496005e5842183c2584
SHA256e44f75612ddd73384ddc18ad98cec1cea64549cf9604240c151ca026c4b2fcbe
SHA5124759e2bb0098fc83387204e3a768224fd1d44d958b2544884806953b19c0cfe045e6b46e722a063a66529b09b08a493131c0c2610883c4ea185ea53849fe5553
-
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize3KB
MD57866e2844ac0cc06b8f829a2e82c77e1
SHA1e603d2cca4d8048bf911a1e89254e4e4d98c14a9
SHA256dbdbf83d9059ba06a08574bb47e46ed636b917345e75080378e5f729b9d25b97
SHA51210c8d0597f501098d07a3cd2f7a372c3c567b8a112d0de1ed3365ab568bda5167e54e909d329c58bdb03b4702518791b17ed9d6cbc6272aed08c5a0ccafdef52
-
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD58092005059988c39c96a07be09802a82
SHA1113acad8e88b6f10029dd62e369cda7fe7028dcc
SHA2566328605a42669b43acc68fc11c0194d640fe5133e2ffaf3daf1915b56efc719b
SHA5129a3791c1f0946ee7f10f0c57a5c1f9f3473f73e7242a9d3217d9a54840663473cf7a34d7676e984d7a7d99e25b7a9130eb9d0c0776b5448402ad9a223950d151
-
Filesize
2KB
MD55a6f13425165848b9a28f36de9aa0ef2
SHA19c27fefd16357ad6c909b73491487d72d8b24160
SHA2567db3b527e2e960ac12f602e54c604bb819e27fa8128ff82f5a5d6edb3e5ac95c
SHA512857939165393ff4eb10b8772e43b79334a51983d3c6a171ede5a668d1fb0eded15b7c15bf9f81bf7db2cce0687164e07bf7776f5adbf485e44acfd7fcacf2436
-
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize2KB
MD590c41dbf3dc37be2492b8fe2ea06bf1c
SHA1da460ccfd0ee1c9910fe4eea4d7e210b862bbf08
SHA256e0e7ff7255d163cffaea316409f2de306bfe3942d03c262070b3cb8d17c3ae4a
SHA5127fe376e5e156e02ede9f9cae8ece3d644a10985097efcb6124768c361b50e759a1ddf288c9bb94ac40906b65451e02c26dc67d715f4d2dfd399e9def6aa37e34
-
Filesize
5KB
MD5ecf7c78d91faa77767ea785a8a50ad7e
SHA1989ad657fdb0068ab603221233e46cbc8553dea5
SHA256536c5e711c3806cceeceac3ef84e9a009a6c5b3aa06fb4d37a2d839ca3ead7d8
SHA512c66033474861ceb89b210a641984faf11794849adf99fd13917880b85bde1588b468d2c3f091d4ac811f05d181d6bd1ded8af2320113ba83eb626d1be83dc40b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize12KB
MD5b2b0de1ed10bac0babe16f15e62ffda0
SHA1fa0a516a68eadd605738b5672a2d02a62101a362
SHA256e211975b486d87eb356dd4a620396043fc250bebe766e545bc9c4093515e43ee
SHA5127d7d4f0881a7b43e59f6862b654621fca04f6d7f04fdb10c8f169f5d25aea20072abdf6713a85dfe1e9be2641b13bf7bf5a176b18d8ec8a364b00161d511b8f2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize8KB
MD5b772bb53b07d73e1ee0779d6dc15a333
SHA12009804f64dddbbddcc9fc1dd159a5063d07a8f1
SHA25629379bbe38d6a8a16193394b64e51b9412f0d13d4530e64d5b3755e2b82c69de
SHA5122d40f3d7f3521a7c0adbe5601f484d07e982e7b063a731fe3d11a64cca4977e9f13cb06eed8f8c44bab08252d4e8e59a503ff01d94cd2095f15593da8ae4fb23
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize57B
MD53d0ab06cca099e1896d76c1ce17b0624
SHA19521b3ed8953aa70f3d4089833470b763ea26b1f
SHA2569be26140b970f5c353c0f440dc25d7c29081666a07f5c964ec952b239dc42c48
SHA5125aeee4b0d9422b031fc208162da6f835d74c47d447e079edd67bdceff42d55089304d684f664f38fedaa3d64c1e61239238e9d6b82acf288a0e58c79c545e7e2
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize7KB
MD566a1828c4b2980c43ec3ccdeca5439da
SHA14ef1561800df0a00935a1eb73e72abac3a626b36
SHA256fb1af86782b92ae14c0a8e8b4c8f77c07f10a64c1507c7d1411708b4a4739ca4
SHA51284ba044057ac07083ddb8d51889177517d8aed56fb3d1ecb677f9a1240631824199b27759eabbb993df13664320dc0232ceae46940882c7d640c2db243d1795f
-
Filesize
809KB
MD59877683f54af94f981608a776557e99e
SHA14d9a59f5f6e4d504e7f7e3345cca4d96859fb57e
SHA25608eaa1f2885f0a290c87ffcbe1648b3caccd75d3b65c4084166e12b4f9b66724
SHA512a038fac7bda3633bd6b3f9f12c3e2f327cadbb01c9dacecc455cf9f2e40da4749ccd05f51569d9b74f34954ffc81c8878ff87def85e0f7d816a697a3201fafd0
-
Filesize
153B
MD5713af64f2a66eb1526d498f7c7b12a7b
SHA10a9b5e2b2ba16808206176470e2fda1f92c36046
SHA25620def8fb12c615c956854fdead1a78bc9eac3aa3f60773fade9a376b9ab024f8
SHA512942cdd14630e528dcdc75a579340419eed2e20bdec665f33f9c1f6d3489a32e16ad497e7c8cbadaa8bb583351e12547436a2b02b2720ee8c0583e99082008257
-
Filesize
27B
MD5b82a86643ec6c1aa164115dd48d50175
SHA191124c81694abf18e40ff5df8a835ee6d867e6e8
SHA256170022934e19c0014818830e73c19ec8fcae268e4b05a084c632ae1a63276fb3
SHA5126d671f1800789e90302945ee34ec625efd2cad8cc41f7399637d2d82941c154e63b9e54e3e62d3df5c8383319467739dfaa8681ba1793fb847ae8cf653d9e683
-
Filesize
27B
MD5a0b9a96178c73a33a0c11b70699631e6
SHA1212dd4696892719b0c937913e5593a96d40e5215
SHA2569a6864a02470556c0f3020cabeefede073cab64a1a6450c5e3efe1a68a507932
SHA5129839521680f96945d7f5df133b63f30c2223a41c4517923f630fc4187c92b856af0beb70c15b8ab3cda7431e765c90c67418877c24e3385f063673596ee52615
-
Filesize
27B
MD5dfdf83f73bf308d88290ea3ec38ccf3a
SHA1b03425088158c1904bd19134bf7122566a3ec724
SHA2561929e6819b42c8c197cdbd069f13d27bad8d3e9649f94445e9c1adf3eaedccf8
SHA51269af3b7fabdb2d3529d5895758d5913ab7a5ef71a56afcd759257a2d725121f0835c7d77031d00338a56ae25ba027befae89997ba098f619e36130578347d6e5
-
Filesize
27B
MD587950f5801f345c4e97d57d42b44d39f
SHA17ecb77f6344d1aaac21b1e10b40aaafe8ecf3eae
SHA256ff271fccde06cb66a26f12ab598619cb860cb13aa1b5429cdb199a8ac28e5879
SHA512030f16e7fe95ccea0d07860b433cab6834c5468649cd333a6cb7b75989d0d95e018d5a4093d0849171896f4e526297d618f55500a70cd7c3e191606515bd2d02
-
Filesize
831KB
MD52511a7e76ea7362b772d7236b41c9510
SHA1c94ebb9cdd5eebc38f73e99de69ebaedf8855f35
SHA25695ff8d2787e7c53f4d9e24daf82177e66ab155543e89491f95638da87c3067d3
SHA512e74d545bad1d04367caa5d447fc6e9ae27b76fd8aa8922d16c485de3b4783c152082bd0dae4681d5922d210d6a6c537d14539e298a471acb6b8b87c25bf166da
-
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize1KB
MD5b85dc75f2510eba19b42816b2391779f
SHA168c19f840c25fff934d7ec9b1a2b4510ff11f2cc
SHA2562cd75ffbc8bc9036486ab72b0a9a233027a9a2c84c37aa5f2f89e17670a3d049
SHA512418becf37185c7c1c93352d39eaeb9557b2a074f04e831a9e118d7e0cbd9ed7ec643be678c518f943b13299f24b642a3f35b69a82c12aaf63512283924a9db5e
-
Filesize
4KB
MD581cd39af114dd719964b568d4d4d5d36
SHA14d0a048b4d52d322b40bdec0147d09939978e02a
SHA2566e695b84a8a54a7596176c38a8b699e5eb60ffbc351764be5a72bc2e5eb2bdad
SHA512d5d79252f5f6db7476ca13bd2419f41e7d780a10cd17b60538431186b47cfacc753c8693c9abedaa42fb233dead2da101dc697c500c2e2c03bf894153ca91f4c
-
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD564fd39dff664a3f7c6115cf329780a77
SHA1184a4a38a07b6fe51bcf7c33f54b01cf11b11d9a
SHA256f3e4e4c485d415509b996a0207f80cea4af956836df7f72d7fe38774fcb7d12f
SHA51205811fd04c415cb3beb8aa7bbfded944c9e5006922be1bd0fadb61087aed709c6418382e8cef2964b76b31303125bf674030c0b602e7ce8df32abbac54546f46
-
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize674B
MD555788b7ca9b07af5831d1680cd4dbdd3
SHA15cacfddc549a6dd7d4ea20523eb8507f18c2a51d
SHA25621d3ac620523e4e4277eeb046b8e3118f7fa57c056cc2dd1321de217548cc447
SHA512cf56668c7bcfa6bb17c438f1cedcb4c84c44d2280465f497a7a268bcc57a3e845fab4e6caf948db1a3e577e83b31b805066545522f89ffe3a3d38b0fca6476d8
-
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize1KB
MD54b005d5da246ce2084e8322e9a8d5623
SHA1148227721d008a60f3aca4ad563acc399370a2e9
SHA256283372763d4747d9b1c80686becf4ad619fc1b0c91999e15a572838f4fbf9a79
SHA512d52b6d686e7713d7ed86c1ff90cfbbfa53ab478ba72ec4c4a5e0a6982ed185da7431f3ceac19071ed103ccec94c12dc7c40c968a07e3792e9ee1a9395beeeab3
-
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize17KB
MD5f5aedca57bb0ea123c185f67724b44ac
SHA1cc447594fa6ca0a86684b279535184f5a96f8368
SHA2561e2b63db93eae148f3227d9829cc3d06c849130852e2ee4ebd05116ab09d087e
SHA512bd4fd81baae5bf16896efd2a78a053da795d30bef784cbf9a8443615e550ac57f76ec3efcaef88ec1a03de6aad9a06c2e378818dfb75b7ec23c2c8b90cf4585a
-
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize9KB
MD532b4b86a3cdc0c42c0dfe8dfee233063
SHA10ec4888e98fdc4450012f84e2e0c8a2d77766c01
SHA256207bc11aa9668231bf1cd85dc4cb6ac1030834f1bae830386601a1df083ce4d6
SHA512b8098448ea945ce61af7b9b48e76c6f80bd034bc32a0738342d9551c943f812878cd2a385d904260cf611bc160fbf0a564564583dcce7ac3522512d5b79a7543
-
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD59e78e7cca3f3575587c1d3537c835a13
SHA184117d8f9ec72e498647be70357363247b9c1374
SHA2568385a1da2d82156233e9d06d14ed647d9e1a1bb99e95c81f457da487eb165ddf
SHA51209c99ffb57ea3e5f05cb0c039aa65844cf8b2d1c6741fb334f864bfa8bd6e0a9ffa88d0b5330e1622c0be566c9cb615af2c7c2f49b0ad425c34700994812563a
-
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize65KB
MD53bf894012d3fb2785be4ad0ad685afdf
SHA164e57ccc8c795b2db1a758b842213a3aa30ebb85
SHA25626aab55106cdb7f877e69ba7494e7b101bde41ba2411365b0b52059835bc36d4
SHA5123404cb3782c329166ec426cfd653ba41cdf5cef51b16923905a5cc8c7acd341dba891b218b52f05e56b96418fe657383a098964026b134c3366f749d65153fde
-
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize724B
MD5a2707f01c4faffc3329991304f001c26
SHA1319dd92d0bd6433ba3bb61670674061ecc9d9b01
SHA256ff5ed938a3b8fdcdc04721a2dd901fa0dae129955b68579b18d3b2268485b75e
SHA51268cffe8ef81586cbceff04a50d04f5f790809ebea938358ccd2a0d91d42048d613145eca9501329246ee326779492588e91a351a32f47b2472b01b6ec281bdfc
-
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD582915d8f74bd63ebb0a155d7fa3c8808
SHA1c6827ae444e5d206e445bfcf65f364b5e330b345
SHA2569175eafd8935aaa2df349dc201fb5037ff1ce9c952179f7195181f9b3cc1adcd
SHA5127f8bf0dd134ab65a3c791bf980df5da8bbbed5e56732682c6a2ba1fa0fbb8085de11d436e9a996176238cc91c22af166b88d0abfc2a5dfce1e691d4295768f46
-
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize7KB
MD5087c20c7b8a25ba3681132be6fdbc6c6
SHA181f7c5387c6d3dfb16750b29117135e837035196
SHA256a2d266ebc42ed3aa29bdae3f5c3a13c254a3e4e033b1fecb31ac8672a0405563
SHA512de8bd2da7ff37863957bdbefd186506d2fc10dfe8f97e7d54572ccd6d6e75f69b80393f04953a676542f9b51648617a1d4fe09fdf9a0220015ff0034bd7515ef
-
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD5c8c2ffb90fd7007f97faca2ec3eb396f
SHA1223bcd6edcee46350c502c3fa051e9bbbd0404c5
SHA2561d7d897afc62f64bf5df2ede3b6c6b93df47a3cf67529b88eba53ff6fe9bc46b
SHA512164c7801448e36944c8fc3ce1ff5d3423fdf615c057c3daa93a2c6778a41cd136996df91059eacd8a388189018f53c1626504e052e169a50af10c2bc9eaa4fc7
-
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5828cbe0f94e5f9542f13458c09ef3787
SHA163de8e86dcb4ce76cc947f4c7459b7c46bf7fad2
SHA256f8dd87e1163d3dad2f60d49436216b657740d71d26716c215d48b84415a08fbb
SHA5123ec3c119733b6b88b28e7f507258680c0d77278fcc59ea43b649db556145cede5d21481ab2c533c70ec819b96d4e2e19957ea87de3de258042a0ac7bdb970cb6
-
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize2KB
MD5ae87d7631b243fe81a5b721f02904500
SHA109d865f273589f7b27c2618c1be2f12f2360b26f
SHA25687f0d54275e01153c42ab9df9c9c3fe2f8a3b2edfd49e433a5578b840a1ba84e
SHA512995a4d8e4862416ce9a5695c60b972b5809e340e943b3f144c61f4e9862eaf12b8bef7df98361cb08cb69d86fb54e7da4c65b50fe1059139023636546bd21c21
-
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize2KB
MD5a1e08e8067ef86c7ac8b0b2578e551c1
SHA12203fae2e3f572435d16889fc0b8ac1197f99956
SHA256703eda008dc744a2be66d585a608c10a350aa65428116db7c9ceecb383fff400
SHA512c5c3ea69558cdc79e1dd253692499c9efb3cdfe7a7a0e8bae2f5ef15ec979606536ae0a777390a6847926b352bf8917aa3a13f53dcb162978e4f1e79c4ddb75c
-
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize1KB
MD5d61ee4313e6ae1127df228c8c0cd569e
SHA1359cca37bc790ae515e64a035bf9491e5c82473b
SHA25680d2ff26fb5f24e6e8112fdf02cf972aaec91090fb7b3a836169499e3036c14d
SHA5127a467fb734efa75810b6aff6db45786ab1303f9a0afc74271ad3a7b0aec2a8613f9be868b90450771196f23c4aabad3a3bd9fe32c12f8261d28c260b2168f62d
-
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD571f25e78db90d3cdc34666bcacf755b5
SHA14e9c79563b8cc1320d17648cbcf70d37eab70871
SHA256331371b15ef3f0f582572da8d992538844f6a7aee8cdd4ec3901178ccf214c27
SHA5120aeb7d80f588f664f19c98fc3cec3582ccdaa9fa6db7d3449e56fbb24c217658adfea4ac6e8e5fba727b4f6d9400dfac37d69d2fb49352f00418dd2887d70cf8
-
Filesize
6KB
MD50bd1bc23040588f0f905824b9ed49cd4
SHA13e94cd0cef05acf721dbf77ec1a971cb9801e646
SHA2567a91c3a84eeb711be37ce13854718b3e0a58bc581c12e1e7f7f8e96a04825e75
SHA512a83d54f7b3249b7d10b228ddce0dace2216cbd34f331b374e2964c0bec210eb5655a797a92181a9490c04fce822a1951ffb01edff50ce3af3c04b04e57b83676
-
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize1KB
MD5f1c2978246511072175bb2824dd5f213
SHA1371c84f27d0ae80358970f060b9114d58304d66e
SHA256ff20a942a6e936194a84316a1e664c141c11f99e4a1658a1f2892b97f543ebb8
SHA512f2d8089f5badc337e671fb73c95594d3cb0980997c634aaa860f05d92d7b433ed39aa6aae9b21e33a1dd5ffedd724da0cab06a7987a13f4ddb53ca688abfae0a
-
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize4KB
MD588d40c25e2e2495be0f58eb7501d183a
SHA1489397abe0229b91f2caeb21a7509e0a163c710f
SHA2563fc33565cec410f223dcc4c9d954d977a25ce5ba8b745dc1aca2b8f934dc76ff
SHA512e28ae49c64d0126e5936145124ee68705dc00bdfa0b59de130364d4f8f670493331bb977200e6cd37540a9ec2849855be4ce95de71b5b5dcc93197186154457b
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5392872261c29153a2e29c43a9f2b5466
SHA172c81941a72c646e972186d7696c877f992bab50
SHA256d213d3f018e03cd11e224e86ed16055b90aed917c506a0399c10738a1e56618a
SHA51247d609c3e870e5292ba3bfc8342b2eb2a715e682df86b60405588a10614a7d44c6c27d9237469844fbe13d59b7ee807455f4e45a41ae34893b63ba4e3b565e76
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize5KB
MD5088c9d2ecafcaea3636283e768cb3a2e
SHA1db8003e62a1476adc4b69889caa887d7cdf12fc1
SHA2569ad32211cfed13b17e78551c7af4bdbf0d0d55d26b9484e2553239be70f0309a
SHA512bc61ff659d161a3d87cb1ce5a1e7ac99193ac6ec52d26a2dcc6f7932d8fe83968ddb8586dd4a18de18a4720b9ac544c6fc2c616abe982f20c0f5ffcf8741e7c9
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize3KB
MD56a375b769da673fecdf21d8019be00c9
SHA13975138047b8674c58e006eef4e1a99f663ae930
SHA256aae6996ee257879c063ab5a8884bf64bf978cf1cade43ffc1d0b99c52a329e07
SHA512e026638f60d20ec5f3bd976dabaac53e15a14791f567597bf8d05fd307aa4edbdea2da1392c0abfe79c378e6650df5195e2ed179e97f945b5af6f9b407426326
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize974B
MD595b9d18b99481e78be94781ff070c1ff
SHA1791a45fb28d478c569c54f7ea20a66efc7dc34e5
SHA256105c111ace325f37f0f3f0c846565044b5031b4d86cf9a9b58d1653ce996efd0
SHA512738f511d796c64c2675cf0e07ffaef315f911aec53bf5ead2cf071ac5a04f0fab9a5451ee87c602c85250797bf3fd95279b1103886adfd5bbd5dedb06496837b
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize9KB
MD5827bcb84367207a2d304565690256aa8
SHA10fa96680e62aa4e4541f2dde01c7e664b27f220e
SHA25618ef6b3a17d8ea521c2ba34931f4d28239ed461fe1b35a4dbef4079cb1fbbcf7
SHA512f70db8ea133d44cb502d6afced78fe9b69f76883bccf837e6e15e36532f53a94bc3a0ae134e6c9f9c04cef69d70a44bd097042467078364b10e4de1905e9e27e
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize24KB
MD59d704e7ce3242e57e559d467f3658fc9
SHA1613d09c620a01fc195db1cf055c8039dcf745695
SHA256a242a0f91a83032cc03f0c72383635d124ec6a14711352bbe913137fb134385c
SHA5120383168cb2c81e9fa54e3639a9d81550ddfdd35b10d52618ba6b4014c3a1cecd542388ad4421fadff9444a18dac84b467ea162f33d3c41ede95036365d3443ea
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize1KB
MD5ff4b32d2d09223dda8ddc90fb9a9b3a7
SHA1cb5b6829e86c4aa55689c0d24961ecfb469f13ad
SHA2567f720c22ed43228804eb3913af85406478268a04b13d700f0f422ec04767d763
SHA512da2718c827e70c00147b2a0e4a46798bda44d18ead87ecf8703d08022ef37c82d1867c6325d69ba63f15e4b298dcf323afba7a8b11bae878f587222d88a17ed2
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize42KB
MD58ea160b5067724a94401bef03e976749
SHA190ee0d3a40e126493eea3b79e2862f05250b5005
SHA256521fd670cbfd6e3c1c1838f22e844b0915e74c42431a01ac097b70e6bdd658f4
SHA512cb42c45f3e858b078b42a81e22872fea03fff04d8dc64386fccba5f36fbac3b6ae984c732f1cc7fe29caf27fef73b7f881e4e40e6313a3574429fd3250e0901a
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize14KB
MD5672fdff15a306e013b0683e8ca1c9217
SHA152e37fa8c89977bbb9aa0b79dd4379551f2c08e8
SHA25685ea1067c5de063e5a38657a831e67b25fb55e7da49bb854676e039d061c7c30
SHA512d6f46ea993d7465d5ad7024fa7457834069eb32cc438d4dec26e97904998ba3d090d83f695c280880642a4899d0933fa0c3fbf09c756d5bacce0b2f826f58227
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize56KB
MD5be01f8c1d86d272256ea05291755cde1
SHA1b61ae6bfd2c0e724192f5519f1f1e1b4b033da5f
SHA25627b4923cc6fc7b0938a1f100cd13817f8c5f1bbc3deefc11d231645f256f33c1
SHA512a4e68db6abd10d8b6e590079006d12f93adb805a7e0e9ada753023e5fa215f335e3bf57a1e367b8b1eb023513fcbee7d4865a065bc53d7b7236ea80c523e6c03
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize132KB
MD51ce3ea6b9e2068f2e748c955669759d4
SHA12cf8e2be79c4ec5cd96e60724f5908ed32147a2a
SHA2564a0202c8224c87027ac27546a16fcbffd6a701923a0d87df2df08c87cd0ddbf9
SHA5122dd86e7aa18c6875a38e8095f00e33184585446b1f94f0f03d32780ecd6a797e3ebf2b642a45bea7342a0275421ce54246e9103ae9c40646f581c1fdd80219c0
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize8KB
MD56c5004b31039c95d04120eb49732c04e
SHA1746f7431ed0838ed0bd397e9ee4b6117ddd7dfcc
SHA25694957e650b8469a9ef2d1a87160187576a83b56eaf066d5adc6ce5b22f082187
SHA5124bd3d879347cb002180eaee694b84e1107c640c07476f4f36057b1601418c16a2aa3fa4157a8c5b1af93772d75049018b44c106f8881cd19310acf09ad31ccbd
-
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
Filesize15KB
MD519d07675a96a08d0531a28f87c15041b
SHA118a5fe6d21328a9e79a484b35a9852dbe0e0e64c
SHA2561eade926e09bcc22f5b106579ce57bf257b646cb04bff2cd35eea8d9bfecd5ac
SHA51231d383559eb0f57196c199d8d2fb28cfd67f44feae5429a74c4bde57920cfe3f57dbb84e2203c91d66b65f05993acdd0e21a5df1fea13fe6c24ea929458fbe9f
-
Filesize
60B
MD56a2f870841e0126632f5b9bf0d000d6a
SHA151689e26641f0eb054cd90553a21a472a2e79148
SHA2564bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0