Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14-11-2024 10:25
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
-
Size
3.1MB
-
MD5
92ffd2386f0d90f07e12f74ed815d219
-
SHA1
161df5d3809b21bcee3c633c9b0cb35f7db046ab
-
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
-
SHA512
e245c920f563fb0a59da61ba4d9d50d62b6628b9f4307cc046cb17498b3883b607296649d97c1e74ec01b4a4a3196f78894cc025b54847973cb2dfea2ca62763
-
SSDEEP
49152:yQe1or7i33p0rb/TNvO90d7HjmAFd4A64nsfJm++4MKtgynxVT+l9yxm2z1AmW00:bq3prE1g3ezAHco7Y
Malware Config
Signatures
-
Clears Windows event logs 1 TTPs 64 IoCs
Processes:
wevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exepid Process 1168 2872 wevtutil.exe 3028 wevtutil.exe 3840 212 wevtutil.exe 3568 wevtutil.exe 3028 wevtutil.exe 1540 4636 wevtutil.exe 3568 wevtutil.exe 2872 wevtutil.exe 1524 4220 wevtutil.exe 2428 4920 1536 wevtutil.exe 992 wevtutil.exe 4280 4408 1536 wevtutil.exe 4712 wevtutil.exe 2952 wevtutil.exe 1848 2772 1436 wevtutil.exe 3848 wevtutil.exe 3356 wevtutil.exe 4928 wevtutil.exe 4232 1924 1124 wevtutil.exe 4816 1864 1652 wevtutil.exe 4000 wevtutil.exe 3236 wevtutil.exe 1144 2392 3428 wevtutil.exe 1536 wevtutil.exe 2760 wevtutil.exe 2000 216 2392 4000 wevtutil.exe 4312 3468 4776 1392 2556 wevtutil.exe 1660 4456 2692 2024 4220 3788 3140 3428 wevtutil.exe 1696 wevtutil.exe 4264 4536 wevtutil.exe 2692 1836 1696 -
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Power Settings 1 TTPs 2 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in Program Files directory 64 IoCs
Processes:
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exedescription ioc Process File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Windows Media Player\wmlaunch.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\sq.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Mozilla Firefox\freebl3.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sr.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\sfs_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\pa-in.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\framework-dev.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\7-Zip\Lang\uk.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\PushSplit.jpe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe -
System Time Discovery 1 TTPs 2 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
-
Delays execution with timeout.exe 1 IoCs
Processes:
pid Process 4760 -
Enumerates system info in registry 2 TTPs 2 IoCs
Processes:
SearchApp.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS SearchApp.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU SearchApp.exe -
Kills process with taskkill 3 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepid Process 2856 taskkill.exe 2548 taskkill.exe 2184 taskkill.exe -
Processes:
SearchApp.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU SearchApp.exe -
Modifies registry class 64 IoCs
Processes:
SearchApp.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{57523D96-B7F6-4D2C-8AFC-BCC5F5392E94}" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\tn1036.bin" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR it-IT Lookup Lexicon" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-IT\\M1040Elsa" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech HW Voice Activation - Japanese (Japan)" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Traditional Chinese Phone Converter" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\AI041031" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hedda" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "French Phone Converter" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\de-DE\\MSTTSLocdeDE.dat" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\L1041" SearchApp.exe Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\MuiCache SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Italian (Italy)" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1041-110-WINMO-DNN" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\sidubm.table" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_es-ES.dat" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Cosimo" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 aa 000a ae 000b ah 000c ao 000d aw 000e ax 000f ay 0010 b 0011 ch 0012 d 0013 dh 0014 eh 0015 er 0016 ey 0017 f 0018 g 0019 h 001a ih 001b iy 001c jh 001d k 001e l 001f m 0020 n 0021 ng 0022 ow 0023 oy 0024 p 0025 r 0026 s 0027 sh 0028 t 0029 th 002a uh 002b uw 002c v 002d w 002e y 002f z 0030 zh 0031" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\fr-FR\\M1036Paul" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\sidubm.table" SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SpeechUXPlugin" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; message=NativeSupported; computer=NativeSupported" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Spanish (Spain)" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\sidubm.table" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR ja-JP Lookup Lexicon" SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hortense" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "410" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SW" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\VoiceActivation_fr-FR.dat" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\r1041sr.lxa" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\AI041041" SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Helena" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lts Lexicon" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR fr-FR Lts Lexicon" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "È stata selezionata la voce predefinita %1." SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "English Phone Converter" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Stefan - German (Germany)" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_HW_en-US.dat" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\L1040" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lookup Lexicon" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\sidubm.table" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Ichiro - Japanese (Japan)" SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Laura" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Discrete;Continuous" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\L1031" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Zira" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "You have selected %1 as the default voice." SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\it-IT\\sidubm.table" SearchApp.exe Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = 49553b76dbc112bcd96e2ce32f82aa3750d88abb05779f5fac65e84c5363077e SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "DebugPlugin" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Laura" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\AI041036" SearchApp.exe Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" SearchApp.exe Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; message=NativeSupported; address=NativeSupported; media=NativeSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; alphanumeric=NativeSupported" SearchApp.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
powershell.exepid Process 2684 powershell.exe 2684 powershell.exe 4996 4996 1016 1016 1164 1164 -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepowershell.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exewevtutil.exedescription pid Process Token: SeDebugPrivilege 2548 taskkill.exe Token: SeDebugPrivilege 2184 taskkill.exe Token: SeDebugPrivilege 2856 taskkill.exe Token: SeDebugPrivilege 2684 powershell.exe Token: SeSecurityPrivilege 3632 wevtutil.exe Token: SeBackupPrivilege 3632 wevtutil.exe Token: SeSecurityPrivilege 4936 wevtutil.exe Token: SeBackupPrivilege 4936 wevtutil.exe Token: SeSecurityPrivilege 264 wevtutil.exe Token: SeBackupPrivilege 264 wevtutil.exe Token: SeSecurityPrivilege 4436 wevtutil.exe Token: SeBackupPrivilege 4436 wevtutil.exe Token: SeSecurityPrivilege 3236 wevtutil.exe Token: SeBackupPrivilege 3236 wevtutil.exe Token: SeSecurityPrivilege 1436 wevtutil.exe Token: SeBackupPrivilege 1436 wevtutil.exe Token: SeSecurityPrivilege 1848 wevtutil.exe Token: SeBackupPrivilege 1848 wevtutil.exe Token: SeSecurityPrivilege 632 wevtutil.exe Token: SeBackupPrivilege 632 wevtutil.exe Token: SeSecurityPrivilege 2556 wevtutil.exe Token: SeBackupPrivilege 2556 wevtutil.exe Token: SeSecurityPrivilege 4088 wevtutil.exe Token: SeBackupPrivilege 4088 wevtutil.exe Token: SeSecurityPrivilege 4560 wevtutil.exe Token: SeBackupPrivilege 4560 wevtutil.exe Token: SeSecurityPrivilege 4792 wevtutil.exe Token: SeBackupPrivilege 4792 wevtutil.exe Token: SeSecurityPrivilege 3916 wevtutil.exe Token: SeBackupPrivilege 3916 wevtutil.exe Token: SeSecurityPrivilege 4284 wevtutil.exe Token: SeBackupPrivilege 4284 wevtutil.exe Token: SeSecurityPrivilege 676 wevtutil.exe Token: SeBackupPrivilege 676 wevtutil.exe Token: SeSecurityPrivilege 2108 wevtutil.exe Token: SeBackupPrivilege 2108 wevtutil.exe Token: SeSecurityPrivilege 1836 wevtutil.exe Token: SeBackupPrivilege 1836 wevtutil.exe Token: SeSecurityPrivilege 4816 wevtutil.exe Token: SeBackupPrivilege 4816 wevtutil.exe Token: SeSecurityPrivilege 4532 wevtutil.exe Token: SeBackupPrivilege 4532 wevtutil.exe Token: SeSecurityPrivilege 2864 wevtutil.exe Token: SeBackupPrivilege 2864 wevtutil.exe Token: SeSecurityPrivilege 660 wevtutil.exe Token: SeBackupPrivilege 660 wevtutil.exe Token: SeSecurityPrivilege 684 wevtutil.exe Token: SeBackupPrivilege 684 wevtutil.exe Token: SeSecurityPrivilege 2328 wevtutil.exe Token: SeBackupPrivilege 2328 wevtutil.exe Token: SeSecurityPrivilege 3920 wevtutil.exe Token: SeBackupPrivilege 3920 wevtutil.exe Token: SeSecurityPrivilege 2456 wevtutil.exe Token: SeBackupPrivilege 2456 wevtutil.exe Token: SeSecurityPrivilege 4308 wevtutil.exe Token: SeBackupPrivilege 4308 wevtutil.exe Token: SeSecurityPrivilege 1696 wevtutil.exe Token: SeBackupPrivilege 1696 wevtutil.exe Token: SeSecurityPrivilege 4740 wevtutil.exe Token: SeBackupPrivilege 4740 wevtutil.exe Token: SeSecurityPrivilege 3692 wevtutil.exe Token: SeBackupPrivilege 3692 wevtutil.exe Token: SeSecurityPrivilege 4588 wevtutil.exe Token: SeBackupPrivilege 4588 wevtutil.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
SearchApp.exepid Process 4272 SearchApp.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
SearchApp.exepid Process 4272 SearchApp.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.execmd.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.execmd.execmd.exedescription pid Process procid_target PID 428 wrote to memory of 3084 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 84 PID 428 wrote to memory of 3084 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 84 PID 3084 wrote to memory of 3756 3084 cmd.exe 85 PID 3084 wrote to memory of 3756 3084 cmd.exe 85 PID 428 wrote to memory of 1768 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 86 PID 428 wrote to memory of 1768 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 86 PID 428 wrote to memory of 1300 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 87 PID 428 wrote to memory of 1300 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 87 PID 1300 wrote to memory of 3904 1300 cmd.exe 88 PID 1300 wrote to memory of 3904 1300 cmd.exe 88 PID 3904 wrote to memory of 2808 3904 net.exe 89 PID 3904 wrote to memory of 2808 3904 net.exe 89 PID 428 wrote to memory of 3120 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 90 PID 428 wrote to memory of 3120 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 90 PID 3120 wrote to memory of 1124 3120 cmd.exe 91 PID 3120 wrote to memory of 1124 3120 cmd.exe 91 PID 1124 wrote to memory of 772 1124 net.exe 92 PID 1124 wrote to memory of 772 1124 net.exe 92 PID 428 wrote to memory of 2036 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 93 PID 428 wrote to memory of 2036 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 93 PID 2036 wrote to memory of 1892 2036 cmd.exe 94 PID 2036 wrote to memory of 1892 2036 cmd.exe 94 PID 1892 wrote to memory of 2364 1892 net.exe 95 PID 1892 wrote to memory of 2364 1892 net.exe 95 PID 428 wrote to memory of 4956 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 96 PID 428 wrote to memory of 4956 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 96 PID 4956 wrote to memory of 5112 4956 cmd.exe 97 PID 4956 wrote to memory of 5112 4956 cmd.exe 97 PID 5112 wrote to memory of 4408 5112 net.exe 98 PID 5112 wrote to memory of 4408 5112 net.exe 98 PID 428 wrote to memory of 828 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 99 PID 428 wrote to memory of 828 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 99 PID 828 wrote to memory of 932 828 cmd.exe 100 PID 828 wrote to memory of 932 828 cmd.exe 100 PID 932 wrote to memory of 4836 932 net.exe 101 PID 932 wrote to memory of 4836 932 net.exe 101 PID 428 wrote to memory of 4812 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 102 PID 428 wrote to memory of 4812 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 102 PID 4812 wrote to memory of 5052 4812 cmd.exe 103 PID 4812 wrote to memory of 5052 4812 cmd.exe 103 PID 5052 wrote to memory of 4632 5052 net.exe 104 PID 5052 wrote to memory of 4632 5052 net.exe 104 PID 428 wrote to memory of 5080 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 105 PID 428 wrote to memory of 5080 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 105 PID 5080 wrote to memory of 4060 5080 cmd.exe 106 PID 5080 wrote to memory of 4060 5080 cmd.exe 106 PID 4060 wrote to memory of 4444 4060 net.exe 107 PID 4060 wrote to memory of 4444 4060 net.exe 107 PID 428 wrote to memory of 3936 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 108 PID 428 wrote to memory of 3936 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 108 PID 3936 wrote to memory of 2548 3936 cmd.exe 109 PID 3936 wrote to memory of 2548 3936 cmd.exe 109 PID 428 wrote to memory of 2252 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 112 PID 428 wrote to memory of 2252 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 112 PID 2252 wrote to memory of 2184 2252 cmd.exe 113 PID 2252 wrote to memory of 2184 2252 cmd.exe 113 PID 428 wrote to memory of 1268 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 114 PID 428 wrote to memory of 1268 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 114 PID 1268 wrote to memory of 2856 1268 cmd.exe 115 PID 1268 wrote to memory of 2856 1268 cmd.exe 115 PID 428 wrote to memory of 4160 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 118 PID 428 wrote to memory of 4160 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 118 PID 428 wrote to memory of 2848 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 119 PID 428 wrote to memory of 2848 428 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe 119
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:428 -
C:\Windows\system32\cmd.execmd /C "reg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"2⤵
- Suspicious use of WriteProcessMemory
PID:3084 -
C:\Windows\system32\reg.exereg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f3⤵PID:3756
-
-
-
C:\Windows\system32\cmd.execmd /C "iisreset /stop"2⤵PID:1768
-
-
C:\Windows\system32\cmd.execmd /C "NET STOP IISADMIN"2⤵
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Windows\system32\net.exeNET STOP IISADMIN3⤵
- Suspicious use of WriteProcessMemory
PID:3904 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 STOP IISADMIN4⤵PID:2808
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop WAS"2⤵
- Suspicious use of WriteProcessMemory
PID:3120 -
C:\Windows\system32\net.exenet stop WAS3⤵
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WAS4⤵PID:772
-
-
-
-
C:\Windows\system32\cmd.execmd /C "NET stop MSSQLSERVER"2⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Windows\system32\net.exeNET stop MSSQLSERVER3⤵
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER4⤵PID:2364
-
-
-
-
C:\Windows\system32\cmd.execmd /C "NET stop \"SQL Server (MSSQLSERVER)\""2⤵
- Suspicious use of WriteProcessMemory
PID:4956 -
C:\Windows\system32\net.exeNET stop \"SQL Server (MSSQLSERVER)\"3⤵
- Suspicious use of WriteProcessMemory
PID:5112 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"4⤵PID:4408
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop MSSQL$SQLEXPRESS"2⤵
- Suspicious use of WriteProcessMemory
PID:828 -
C:\Windows\system32\net.exenet stop MSSQL$SQLEXPRESS3⤵
- Suspicious use of WriteProcessMemory
PID:932 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS4⤵PID:4836
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop SQLSERVERAGENT"2⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\system32\net.exenet stop SQLSERVERAGENT3⤵
- Suspicious use of WriteProcessMemory
PID:5052 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT4⤵PID:4632
-
-
-
-
C:\Windows\system32\cmd.execmd /C "net stop mysql"2⤵
- Suspicious use of WriteProcessMemory
PID:5080 -
C:\Windows\system32\net.exenet stop mysql3⤵
- Suspicious use of WriteProcessMemory
PID:4060 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mysql4⤵PID:4444
-
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlservr.exe /T"2⤵
- Suspicious use of WriteProcessMemory
PID:3936 -
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlservr.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2548
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlceip.exe /T"2⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlceip.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2184
-
-
-
C:\Windows\system32\cmd.execmd /C "taskkill /F /IM sqlwriter.exe /T"2⤵
- Suspicious use of WriteProcessMemory
PID:1268 -
C:\Windows\system32\taskkill.exetaskkill /F /IM sqlwriter.exe /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2856
-
-
-
C:\Windows\system32\cmd.execmd /C "Del /S /F /Q %Windir%\Temp"2⤵PID:4160
-
-
C:\Windows\system32\cmd.execmd /C C:\Users\Public\Log.cmd2⤵PID:2848
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2684 -
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" el4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4936
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel4⤵
- Suspicious use of AdjustPrivilegeToken
PID:264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Application4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph4⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:1436
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1848
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl EndpointMapper4⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
PID:2556
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "General Logging"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4792
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl HardwareEvents4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4284
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4532
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"4⤵
- Suspicious use of AdjustPrivilegeToken
PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3920
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer4⤵
- Suspicious use of AdjustPrivilegeToken
PID:2456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy4⤵PID:2396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP44⤵PID:3904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine4⤵PID:2808
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore4⤵PID:1124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline4⤵PID:4964
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform4⤵PID:2996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch4⤵PID:2272
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug4⤵PID:3048
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin4⤵PID:4408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug4⤵PID:3676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational4⤵PID:3444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"4⤵PID:1560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin4⤵PID:4464
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug4⤵PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic4⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic4⤵PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic4⤵PID:3324
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic4⤵PID:3092
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic4⤵PID:3136
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic4⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"4⤵
- Clears Windows event logs
PID:3848
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"4⤵PID:3068
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"4⤵
- Clears Windows event logs
PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"4⤵PID:2824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"4⤵PID:1948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"4⤵PID:1104
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"4⤵PID:4160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"4⤵PID:4440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic4⤵PID:1456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational4⤵PID:4852
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug4⤵PID:2792
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational4⤵PID:1776
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General4⤵PID:3232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM4⤵PID:4272
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic4⤵PID:728
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin4⤵PID:1580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug4⤵PID:4492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational4⤵PID:3912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin4⤵PID:4472
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing4⤵PID:5008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic4⤵PID:2692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal4⤵PID:448
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"4⤵PID:3600
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"4⤵PID:2444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"4⤵PID:1388
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin4⤵PID:1460
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic4⤵PID:2412
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug4⤵PID:1468
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics4⤵PID:3284
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug4⤵PID:4424
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic4⤵PID:4308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug4⤵PID:2032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv4⤵PID:4764
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational4⤵PID:4780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic4⤵PID:4304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational4⤵PID:1876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted4⤵PID:2036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic4⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"4⤵PID:4060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"4⤵PID:2280
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant4⤵
- Clears Windows event logs
PID:212
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace4⤵PID:2824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter4⤵PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory4⤵PID:4492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry4⤵PID:2492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin4⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational4⤵PID:736
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor4⤵PID:3972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection4⤵PID:4588
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational4⤵PID:4104
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational4⤵PID:4128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance4⤵PID:4236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager4⤵PID:4036
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic4⤵PID:4012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"4⤵PID:1912
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController4⤵PID:3264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client4⤵PID:4408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController4⤵PID:3676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController4⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log4⤵
- Clears Windows event logs
PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI4⤵PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP4⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic4⤵PID:2380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational4⤵PID:1268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational4⤵PID:3384
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational4⤵PID:3980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic4⤵PID:4440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic4⤵PID:2352
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational4⤵
- Clears Windows event logs
PID:3356
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin4⤵PID:4816
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational4⤵PID:4280
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"4⤵PID:3980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing4⤵PID:4440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic4⤵
- Clears Windows event logs
PID:992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational4⤵PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational4⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational4⤵PID:4168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational4⤵PID:3508
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic4⤵PID:4232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic4⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational4⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational4⤵PID:3996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic4⤵PID:4168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize4⤵PID:4304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call4⤵PID:5080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog4⤵PID:1560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary4⤵PID:4928
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing4⤵
- Clears Windows event logs
PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic4⤵PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug4⤵PID:3988
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational4⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic4⤵PID:2064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational4⤵PID:4408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose4⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic4⤵PID:3676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug4⤵PID:4680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug4⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug4⤵PID:1924
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational4⤵PID:3952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic4⤵PID:2804
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug4⤵PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic4⤵PID:3748
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug4⤵PID:4304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational4⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational4⤵PID:4944
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic4⤵PID:2228
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic4⤵PID:4928
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc4⤵PID:1560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic4⤵
- Clears Windows event logs
PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming4⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic4⤵PID:3644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic4⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging4⤵PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational4⤵PID:824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin4⤵PID:4304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic4⤵PID:4464
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin4⤵PID:3384
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic4⤵PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational4⤵PID:3328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic4⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational4⤵PID:3020
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing4⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic4⤵PID:3840
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic4⤵PID:2124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic4⤵PID:1772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational4⤵PID:4860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose4⤵PID:4060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational4⤵PID:4928
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational4⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational4⤵PID:2804
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance4⤵PID:4028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational4⤵PID:4236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin4⤵PID:3296
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational4⤵PID:1068
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug4⤵PID:3676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug4⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug4⤵
- Clears Windows event logs
PID:1124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational4⤵PID:1268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic4⤵PID:4680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational4⤵PID:4344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic4⤵PID:3236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug4⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational4⤵PID:1924
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug4⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic4⤵PID:4028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic4⤵PID:4484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic4⤵PID:2064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging4⤵PID:4944
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic4⤵PID:4060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming4⤵PID:4312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational4⤵PID:2280
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational4⤵
- Clears Windows event logs
PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational4⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic4⤵PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic4⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic4⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational4⤵PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic4⤵PID:3952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance4⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic4⤵PID:3020
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational4⤵
- Clears Windows event logs
PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic4⤵PID:4628
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic4⤵PID:4236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic4⤵PID:2124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention4⤵PID:1068
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic4⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance4⤵PID:1016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power4⤵PID:2032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic4⤵PID:4836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin4⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin4⤵PID:4232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin4⤵PID:3676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational4⤵PID:3308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational4⤵PID:1268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational4⤵PID:4680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational4⤵PID:4344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace4⤵PID:5024
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic4⤵PID:2656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug4⤵PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational4⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug4⤵PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic4⤵PID:4028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic4⤵PID:4484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug4⤵PID:1224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic4⤵PID:1580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug4⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug4⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic4⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug4⤵PID:5084
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational4⤵PID:1124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic4⤵
- Clears Windows event logs
PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational4⤵PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational4⤵PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug4⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance4⤵PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational4⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"4⤵PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"4⤵PID:3948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService4⤵PID:380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug4⤵PID:4288
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose4⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational4⤵PID:4780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug4⤵PID:3996
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic4⤵PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic4⤵
- Clears Windows event logs
PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic4⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic4⤵PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic4⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational4⤵PID:4712
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic4⤵PID:3948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic4⤵PID:380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational4⤵PID:4288
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational4⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic4⤵PID:2328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational4⤵PID:3596
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic4⤵PID:2660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic4⤵PID:1524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic4⤵PID:2028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational4⤵PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational4⤵
- Clears Windows event logs
PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic4⤵PID:3328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic4⤵PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic4⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic4⤵PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"4⤵PID:4028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic4⤵PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational4⤵PID:5080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic4⤵PID:4464
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug4⤵PID:4312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational4⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic4⤵PID:2224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin4⤵PID:1884
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug4⤵PID:3328
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational4⤵PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic4⤵PID:4292
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic4⤵PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic4⤵
- Clears Windows event logs
PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic4⤵PID:4628
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR4⤵PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug4⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic4⤵PID:5084
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic4⤵PID:1924
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational4⤵PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic4⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational4⤵PID:4268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic4⤵PID:4628
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic4⤵PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic4⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic4⤵PID:5084
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing4⤵
- System Time Discovery
PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic4⤵PID:1184
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic4⤵PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic4⤵PID:4932
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog4⤵PID:4268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic4⤵PID:4628
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic4⤵PID:864
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic4⤵
- Clears Windows event logs
PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic4⤵PID:1644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational4⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic4⤵PID:5084
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational4⤵PID:5024
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic4⤵PID:2656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic4⤵PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic4⤵
- Power Settings
PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic4⤵PID:4748
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic4⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug4⤵PID:3748
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational4⤵PID:3948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance4⤵PID:4236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin4⤵PID:2124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin4⤵PID:2064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug4⤵PID:1224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational4⤵PID:2692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational4⤵PID:1016
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic4⤵PID:1312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade4⤵PID:4060
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot4⤵PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance4⤵PID:2660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug4⤵PID:1524
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin4⤵PID:3308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug4⤵PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug4⤵PID:3656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug4⤵PID:4612
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug4⤵PID:2136
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational4⤵PID:684
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic4⤵
- Clears Windows event logs
PID:4220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic4⤵PID:3840
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational4⤵PID:4624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"4⤵PID:4268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin4⤵PID:4128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug4⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational4⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin4⤵PID:2032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug4⤵PID:4836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug4⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational4⤵PID:3492
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic4⤵PID:4160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational4⤵PID:2368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic4⤵
- Clears Windows event logs
PID:4928
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational4⤵PID:1560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational4⤵PID:2224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin4⤵PID:1884
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic4⤵PID:1408
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing4⤵PID:3384
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing4⤵PID:4344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource4⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode4⤵PID:3644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance4⤵PID:2656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error4⤵PID:4636
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic4⤵PID:1924
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic4⤵PID:3020
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational4⤵PID:4748
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit4⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic4⤵
- Clears Windows event logs
PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational4⤵PID:380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug4⤵PID:4232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic4⤵PID:1456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic4⤵
- Clears Windows event logs
PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational4⤵PID:2660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational4⤵PID:1124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance4⤵
- Clears Windows event logs
PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf4⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin4⤵PID:2804
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational4⤵PID:3840
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf4⤵PID:4624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic4⤵PID:4420
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug4⤵PID:4268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug4⤵PID:4128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic4⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic4⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug4⤵PID:2032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug4⤵PID:4836
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational4⤵PID:5012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic4⤵PID:4232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational4⤵PID:1456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug4⤵
- Clears Windows event logs
PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug4⤵PID:772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic4⤵PID:2660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic4⤵PID:1124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic4⤵PID:2760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic4⤵PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults4⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic4⤵PID:3748
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic4⤵PID:4992
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc4⤵PID:3624
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic4⤵PID:4000
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic4⤵PID:380
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational4⤵PID:2072
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication4⤵PID:4128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit4⤵PID:1044
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security4⤵PID:1560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic4⤵PID:5080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic4⤵PID:4780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic4⤵PID:1268
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic4⤵PID:2280
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry4⤵PID:4680
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug4⤵
- Clears Windows event logs
PID:3236
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic4⤵PID:2348
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted4⤵PID:4476
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational4⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational4⤵
- Clears Windows event logs
PID:4536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic4⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic4⤵PID:2440
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug4⤵PID:3760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose4⤵PID:3360
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational4⤵PID:5088
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin4⤵PID:1540
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug4⤵PID:2124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational4⤵PID:1580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic4⤵PID:1308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug4⤵PID:3900
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose4⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health4⤵PID:5096
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational4⤵PID:4956
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat4⤵PID:3332
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin4⤵PID:5112
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug4⤵PID:2012
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational4⤵
- Clears Windows event logs
PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic4⤵PID:2028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational4⤵PID:1884
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC4⤵PID:3308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational4⤵PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational4⤵PID:4948
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational4⤵PID:3908
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main4⤵PID:4260
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog4⤵PID:1652
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog4⤵PID:768
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational4⤵PID:4984
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic4⤵PID:2484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic4⤵PID:1344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug4⤵PID:4972
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug4⤵PID:4512
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational4⤵
- Clears Windows event logs
PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic4⤵PID:3296
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational4⤵PID:4056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug4⤵PID:396
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic4⤵PID:3024
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug4⤵PID:1860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic4⤵PID:2124
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic4⤵PID:4480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic4⤵PID:1580
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic4⤵PID:4456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational4⤵PID:4560
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational4⤵PID:2080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational4⤵PID:4296
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug4⤵
- Clears Windows event logs
PID:3568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic4⤵PID:4312
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance4⤵PID:1456
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational4⤵PID:3640
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic4⤵
- Clears Windows event logs
PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic4⤵PID:2028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug4⤵PID:1884
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational4⤵PID:2660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin4⤵PID:3800
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic4⤵PID:4916
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug4⤵PID:3516
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational4⤵PID:632
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic4⤵PID:3788
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin4⤵PID:4476
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic4⤵PID:2676
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug4⤵PID:4536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational4⤵PID:2188
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin4⤵PID:4064
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic4⤵PID:1056
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug4⤵PID:2304
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational4⤵PID:2480
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic4⤵PID:4108
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug4⤵PID:3860
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational4⤵PID:1980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin4⤵PID:3296
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug4⤵PID:4544
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational4⤵PID:1376
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin4⤵PID:2772
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic4⤵PID:2904
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug4⤵PID:4276
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational4⤵PID:2692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic4⤵PID:3168
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic4⤵PID:4824
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic4⤵PID:4128
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic4⤵PID:4160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational4⤵PID:4232
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational4⤵PID:2008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin4⤵PID:4008
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational4⤵PID:2952
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver4⤵PID:4780
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational4⤵PID:2224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational4⤵PID:2404
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic4⤵PID:4452
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic4⤵PID:4148
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug4⤵PID:3308
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic4⤵PID:3368
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf4⤵PID:4344
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic4⤵PID:660
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic4⤵PID:3484
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic4⤵PID:3428
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic4⤵PID:1536
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic4⤵PID:740
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic4⤵PID:2252
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic4⤵PID:2656
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic4⤵PID:3892
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational4⤵PID:4040
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"4⤵PID:3020
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"4⤵PID:1980
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"4⤵PID:2756
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"4⤵PID:1696
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"4⤵PID:3296
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"4⤵PID:1760
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"4⤵PID:3024
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"4⤵PID:220
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic4⤵PID:1224
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational4⤵PID:4944
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic4⤵PID:2692
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic4⤵PID:4976
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter4⤵PID:5032
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall4⤵PID:2752
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug4⤵PID:4264
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance4⤵PID:4160
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations4⤵PID:4928
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic4⤵PID:4444
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic4⤵PID:5080
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic4⤵PID:1796
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational4⤵PID:3028
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic4⤵PID:1568
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational4⤵PID:2872
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic4⤵PID:4452
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational4⤵PID:3384
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational4⤵PID:876
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic4⤵PID:2644
-
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin4⤵PID:4948
-
-
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy1⤵PID:1560
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵PID:2336
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy1⤵PID:3800
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4272
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy1⤵PID:2224
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy1⤵PID:4712
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy1⤵PID:4028
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵PID:684
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize711B
MD5e1c5806254052d79ab497a16811dffd3
SHA196d4c563bcf0407ee91f6f4b39edaa6c92398190
SHA2564276cbc3c89e673755715e5c2990e68fe25dcd7c8f07e9624eaaf240d30432cb
SHA512a1c9687ad8cb950b5a1230cf8e72540639164a015eef29f2ce654ac0317949208f2a926bbf024675b42e5d9fe3ceda2c9944fc1b6bbb4ee2e60f0bd3b9bce908
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize683B
MD54f99dd2c1d65234b3a46897abfe8050e
SHA138a9bcefcb7fefaf76d513f203a408d731e544df
SHA25665e57a38ca30ca7555fdcea43bbc610dcb3552bd8e039b847ef5cfd56770cccd
SHA512fce05ce3f3934df1b6bbbaeb0f50538529dbfbd1b4168ad12bddf55fba38fcb74da07e62d0e3f95735390f1be044a48f0c464d0b1a51737d1a2bcafc9ec201b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1KB
MD532563260724f4ca2582dd7722d03a4c2
SHA1b7f99194c212e34770e5dac0a848f4eb59b4298d
SHA256325437fe006e72fe7393aea2672d1e0debd3793708dca514d25606b954d64f9b
SHA5120b8e280e433d1af8a565a75af577e514eb39b89b9f31e20e36fb5cc16670d48fc8102314b88463c4331652ef3ffedef40d2d6a040a515f8bcd93fa6e0ca58202
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize445B
MD513be9a0ae299e2f0e1120b2160273588
SHA11d1a22576525e57d4bd05e721b4190881afa784d
SHA256beb445d1dd5d931c8a6d990fab6ff22176564a7e6e6a789e8e5afdb25f7124ae
SHA5127bc1688c69b11e2ff0cc0418fd0cb31ac7bdd29dd22de7f964698f9c992a1a1e6cbfe895e54c8717018f13827e0d9034a7c7e4f60038638a08f65fd0ef90066c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize611B
MD59e7c3dfb3305640ceda7790cb95503cf
SHA1487a2445c87faef18bebd3d8c3d06e3161b087af
SHA256ab4886e9f7e505d10d57c10a3e73b788ed2cf3554c0f3208166022a89aae68f3
SHA512dcb9fc632da8f07e5a1cf289f2887aa2d04acf04ba8d831b0074a7350e179cdeebb9c92af1fb2f5c0c86fb23831f315f5380e08a9eaee37decc4944ff9a0cdca
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize388B
MD55807e85471707ec39982a045ae78a31e
SHA1652feff53d46afdc31fc1071a3c2658be1fc86f9
SHA25648eeaf493217a4848a1c1c44cf063d25c2402e4614d89677f2714270f1b39a76
SHA512f2176d15ee2c2dad65fbe99ee8ba3f68c926434871ffe18d8c6001f206f47fede5e6295eca17e96cf1fce2054135885dfd43524e33b47a8155b70cfe7dcfd6b8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize552B
MD5f2824a248b1bd3f4319eaaf5377a8398
SHA120765216bd943c21ee7933549dea617c153b6895
SHA2561a1e9b3b05070e1a0210e9ae8c022e22380c4451db69f9ccfcb4f56d8f3c8780
SHA512581a04f7fdadb10583646047eb6b6e9f759d2fb614971dd217889f35b4fee2a1a99dfe72ef772db379b64e430d3509143c851c99c8eb240058c3e1496208587f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize388B
MD5721bb99a78d520115e9f55f9fd1553bf
SHA12912a9ebc6804a3b5b9e02131bd62d24c999ac7d
SHA256fba090a9d60e499f57885a6ca4eb644b5ea0de353f603b4083ef5cc1a3f734c8
SHA512a3e2862449ca3a4a9c6bbb855bbab76f316ed33bf05b123165e4c46b975a7504a138b957986526ff61e391016201df426d7026753b665597436253be6c50e682
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize552B
MD56f0ce026e9f3726aede477c318286d3e
SHA1a7e568cf7c170e257b999beb9fee5bc1f9e60a05
SHA256043e65d570c88651bdae3ef82fa0206ca2f12e4a1603b73df1ab572dd8ebdc79
SHA512d559c0ecd1bec9d760cec7603feecd22a8c3ba0505052f49f036301ac07b3aceb8147d1b0222297c077479b1563d671dcd50266b5ba3a8b07e72c47da7afba9a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize388B
MD50ac26e5d355f08cc270b0ebf5ea44b2b
SHA11b117a2483dafe1b53beab6411d7e68ce67d7b58
SHA2567484c423911a81fdbc1b5c9f072a8fdb953f55e3a5ef4011ad2b0511531a850e
SHA512a307e9d2e20fb554eca93a7a1ba2dc5e5766205a276974e2b6861155ada5eec264964c3b115c13bc249947756bcf5f65b8a3f4e27f58a38aa457e78a74ac9cbf
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize552B
MD50853218977303c318c2c2ab65ac6191e
SHA1d7b898be7a2bfbcc744954067a6c443c318cddb6
SHA2563785cb2beed1dbe3fbcfcd41fc257085e787e3b34b3469dd8a1af8dfd665a4de
SHA512ea1b039895dda66d64f09dcbcb4cf796c826598214319a6e2907be965327f890f53a8fc4941f8193f4629b70530b7b396d3601544badc62e7ee221f468f78bba
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize7KB
MD57bdbd610b89a62f113a5c4c1cd1baf81
SHA1687d4fba732f9107a353fb5fce02502b428f9d49
SHA2569276f0a4747babcc20fa6cd216a2d70c6770545c48c28fd52cf865fc0d6c0922
SHA5126327ab384282a04fb863228ec86630c8c06d0806ec2229b44245fa9e3b9d98a7b660a15310649cf316434883042e535dd73858c5c5bf13434387f2c1cfa405e6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize7KB
MD598a1b5d363174f6d0d1b521339b908ed
SHA1b2bcb33d8d698471b7ce176cbf0bba2d91d1eec7
SHA256ada6b34aa1a61b36382684a008fb51ace958d83e313f4abde0206d34eda4525c
SHA512f9dec702242a4f770a4c2113468b84778ae5c87ebad5df8e139d3f3cdab8d02a5e872047059d6ca2a574eef9e972d1df5e9713dc4227b8914c23e726120f4540
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize15KB
MD5347a8612f84f467b75a6e6d81b42232d
SHA122af640d6d9b446e250b54406bbc802f53944ca1
SHA25680761e868fea965222db3c5749604d66e697721648feee48a82185637dcd751a
SHA5123fe23003ad21c5917ca3f9383161a9de623311fd06398ab616b27079168a717abcb178f250e8ac568c6c02f66989610997b426b1dcf8061d3ab93936c8c58b68
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize8KB
MD51ecc69d55b8c20942fa1b1ce62cbd8bf
SHA11cebc606ca8b6262f05b4cbd333fdc8c810cdb44
SHA2568175bca5c3d6e69cc0eb5d3240f71aac6587da583e85b42330d2cebfc28daa2b
SHA51272238325c70a7c770ede71e8be7445aa4711899706f2c04e6e6a865ac974bb9868b41b52c61bf1df760a9dca1853201beb170f085e6394d41bd912fd3783a23d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize17KB
MD545757b6888387c8af57693487641f2a8
SHA10666c595782bfe7477232dc85b6cc8f18a35ab89
SHA2569adb9ff28f92a65a160a809677769e2c3a07344f57bc83ada38a439def0e64e5
SHA512b17a9f7f0d3ec9eef7d7d8442fc50c7fe1e84531dd440e3e0970c0ebdd40ee367de274f3ad2ac5e876bf6427816ef38e1510a41a17ddf6cddcce6c4e7e34c067
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize179B
MD5819cc6a12914ab1d6832849430b1ba9d
SHA177b4f860c5c16de7888cef4572a3c73f3e70a490
SHA256bc216240c3e551381369be6aae402d5c22c910ef385f243ac2f3f32392e03142
SHA51238d221fc6dbdf431943ec613c6fd7f636b74e032565a3dcdbae9b73df351dd162a1756b41a194bea52121784052f37ddbf180069c6f92bc6674da7a9a9e3ff70
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize703B
MD5cb1a970a192ee0eefb26aac99c8de11c
SHA1b1a99e72a9dd5a7bbb346f6851a6b473b1008da3
SHA2562194d7c6d49d375d2e9aa6e2252197553c6d15249338ad7637ab1708b08326fe
SHA51227b3fe74704f847e54122c8d8eeede0f0cd18da3b1638f8dbb0f27bba6bf2dfc23cc9a6f91a3cc3a719b00bbdb679ad581ba8a2322314ff447eede0be4071c65
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize8KB
MD5cf17349995d55a3c9f11eb789dd7f905
SHA11087673d3812028203ebb4c2eb7a596d9ba5079e
SHA25642ad98e7afbc65fabb859e40c45a1d7aaab7e3f225d8f5a3753cbb9aac98e218
SHA512fdb80f3d0fc4525bed60d3465a77ba7e0d2ad6a9367a0c6de4886a9cb92549e0e56bc10fe6693a00bc672c15be13b8fdfb7e63e3d9f793533f99e01a263f2ebd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize19KB
MD586ab6628ea3490ea67f39da1b028eb4f
SHA10379f88e767b9338bd16fcfd235fc3cbfe976013
SHA256a0935d1c05854c81fbb35ff52e470f3232e510ebb2762df7b6b233bdbf1e5346
SHA512b2359952e12a8d08f5fb44021d69a729fed58958a5b1df69002ad47edc03fd1d09073be9cc5c0850d7fe00b963d97629342995f5d90acac6d27453cc30037bb8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize823B
MD5e071ac37bb1bd5b4dc09522fc15550a3
SHA1f43f99a1b5f63fe647c124aae2a0b1d58e1c5e40
SHA2569649b0690509b61b5f3f947482c975a863e2fe4ac437f06b3c47bbe03182cae2
SHA512ab180aaddd084689def28a729079070ff6bfbffc3b460899d1a03f1f871555d2cb0954d341ba85e62c1c9a9a514fa6015b5e22bedf606d4bb7fb7c9ef0294fa1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1KB
MD5e87e3f2d94ab471c0082b7f266268c03
SHA1179d7816a07cbb49b6f621aededb1e0147ef97b3
SHA25676b4f0288ac1869abf3e27bfaa05f16ebec24708d848d59dbe1ed16358fa3d85
SHA512ec2aa5378bfcc994608674a1dbd60d7b3c7580bb7b28ab2ff51f858baefaa55e511af3d679bd4ecc446d50c52a0cd9229d153523508f88aa0e469165a275560f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1KB
MD5484f2d0bb3ead025c57530bf492b4263
SHA14072f4035351bd6e7eeba06938c9eb3f9ee25397
SHA256947c67f4abed23368af18d0bd304bf0a323e89f5181b428bf30fbadcf4c375c3
SHA5126b11cd282d32602f63f2377a6b38901645325f1d0d7e97873fd9e28f504abdb89905cda10dae38adc59c3107d3e4eec6799845041ebec4ffad2b400a238ab815
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize802B
MD5b5bf5b2a075b2b94fb706c13e688d4c9
SHA11778ee2e179b9f13e24b3acf0835ff69c83aef7f
SHA256e1df4bc7b15c6dbab45544394bd90c796a2d79d12acc4c320b0b0e93322cf8ce
SHA512f0207f671297512b16c09e9da032660060c6ea8f7b0bcdcc7a90c7c21e32de3c81d07f50bb2b7b2478c9d87dc882614cbd74bebc1e95493ba52eff69bc524aac
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize2KB
MD506d3fb84ea85a6a6ed054e9a0fb72f56
SHA1115ca7133579c2afd5846f55e55903cf425026e2
SHA256099c8a2d0c90a7bfca5447b52e3bb59825a888226fec41b3a1e620ee304ed0e0
SHA5129984961586959f8d5ca9a104f91d5d73b77f0fb6c5b6ba3121317fd655967f8db45cfda31f822d8a95afbd9319d59130f681e52e19a174004e99369c1f9954e8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize2KB
MD5d3527aa13341f3878c42480207a4f646
SHA10500a6b18b510712e2dd3a41d4d418f26617511e
SHA25644dcd42b2080a696b3d21f6b46fea2ce4534d84c0338d35c3e061c69d407855e
SHA5121d6fe6ebe11cd3ee69a7c3fb62d5f969d631fa7c11f158790712a97031d1e480f29fdf6bac14d943dda9f0fb6ee7e6f94f127e155e14a338d858066e5b2e4c7a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize4KB
MD5feccee2b5da9e90828bd157f2faa1c28
SHA1990a3cb8d65d2d91fa31386070e0e856a9a6f295
SHA256065262a9d9795567df892a906bdf4cbebf3351d21d82ad307c9b376fcb4bb617
SHA5122bffbbcc0b330e1e884e74bc95eed82cc6e96512b0fe8bb2dff296c37187a6fde0c7c7649eecc87b4d9e30396591c8db15526ae842bffa6d8eccb9b3127721ff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize289B
MD58f90dc177f9c67b09e2d86c2b10c2022
SHA182da3dde037dec2c29d8e5cd65fb1eacae9555ad
SHA256611b8b82652cc8b3d6695d4359b282658cdc9b9a62162f095fc49c6b44293b0e
SHA512d4a5045d442be2000c07d02d0901a83f55611fb640628871f8912fdcc9ca7e82d282ae3bf12918362200184da79a80cf71506bbf357221c47f4c46421da0718a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize385B
MD5c366726dd6f76b9f47644d41959219c3
SHA1bb12c5e6aa3853d8e01798fc53240f833dd83793
SHA2564fce526f580582da0e58e0a1d3e1124ef43e797f2b625083812ea11ac73b1b0c
SHA512d947b3d1fc52544af8853bd421f1f96796d7b1cd041abb86eff5fc2e01a9cb77d5446b9e69ec08dfcf7a0cf5ecda4335d3aa7dc28c581e592bf62398947a8c2d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1003B
MD50f2d06fcf471c66af33f5904d76ffde0
SHA1efd7d55e939549e8baf448471f7357f4fa886b23
SHA2563aec4099f8a820de66e4a71f8152ff2d4925b31e414892985ae18bd9444617b8
SHA51263f08e586713e497deadbb0851fa30730a6603d6795962abed45305dbe373270382eb4fd5a50607227a4b3dc3d85ac43403d0e79792c299f26a045ebced60b58
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1KB
MD55bf397aa9176de3cedf8d29a191f084c
SHA1eebde2f3dfd247d22045d3ad448b0e54f5b1863d
SHA2560c4ad6b53509ba4c997dc208c2810876320931333dae4a86e0d8c77bfee35be0
SHA51204b3baf0d80a74f318df2d71cf7a8ea02a4703fe4923ec69e90ad168bbb990f10ace8a935b4881bda1c326af8211b7ddf942857029cc3811ae270e6d64c9faba
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize2KB
MD5bc09f0735d93fe04a85a9bf5b88ab4bd
SHA1fb0c9661f3002b50d92ac05ffec72e641013542b
SHA256792a3faa342b92370dabee3ef4a99bbf37ff95e99a9c93fba97bcb17911251ce
SHA512eaad69b3754450ebabe0c6d20137e5c1fd13a626dab74e0fef45302dfed87b20263f41526aee088c9f6be19c38818e0a0b57ef655ea6dc8974da5dd1deca5a54
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize840B
MD5502c4494016ab309437d58dcd873089c
SHA128f3bafe7f158829e53f3af2ffd8e14c95cc0b99
SHA256b66e5a44c0be22b7197c5ade84ad08510ba4553bb5aafafc1540ec632cdda136
SHA51240365944e8471e9e12afd26e11d012986de69cd79e4f538c4f32ad5ae0bfc34e80a5152c11bbda8306d71fec0179ef3f30c28cc1933685a56287c72d2d8c4887
-
Filesize
558KB
MD5297606869df1d5805e620b380e77b0c8
SHA1c5d8351e303d986ee9590695243a80fd00085c90
SHA25664fc01fa2fedbfa2a33dc7ecdaa0316242c09fb1e9bda8899afd9d159cd6621a
SHA512ab211bb9be2f3f42f2035934d6470033669b542119cb291ac37261268467c0bb13ed4fc0eda33951076b098926d385cd9d46e87bd549b5b4790095e9d3fc3f2b
-
Filesize
95KB
MD5c6138a1a9eabe5e324ddda4db2315d7f
SHA1fedc04d2d3fe024a89be5d2efd0182d84c298e9e
SHA25683fed732febba7f4459c620a452d4cec7a7697107247f90cb99e614a3e10b0bf
SHA5128e187c6c134e71e0f8f646315795a864f0290c04ec0d665dd7035365c2fda0b77003f8d53586b8d15f058a919f5cc6ae73808cd645267bd962c7f757e2f6a9f6
-
Filesize
36KB
MD5beafa4681f36117ac78ba64a401bc581
SHA16e4b1299a0e3aa28b0d6534796ea9a4212e4664b
SHA25624d4a272ab5b328a511c9df4bd2b642b2225ba4b01b544a0a38dd6b8f9cab6ed
SHA512b316098ece41fab5ce90f6703993e6a205934a3d85d50d551a135d1e20e84f3da7bd6edaa49d14c9d3e1b5aebb915a79618fd59de9dc64a943c24e6dd650100c
-
Filesize
153B
MD505915e9e4a77356e56841a12b8e0f135
SHA15ff7e208cb2d6fee65705936a8288864f284d356
SHA2562bf2769411bbaf7293a433129f2cf551a8743ecd9b18d5bb7162ce168068eca3
SHA5129e8a84a62fb85151acf44caa9c0bf0260774861bff319f4faf4a4816efe3c76e7cbc9994d938322adc81f84e08638e236c737a25ca68de156789d87a00d1696c
-
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize114B
MD5d3ebe6c92b76a60295262fff2f05267f
SHA1d00ef99c1d3913da3460616f910a5cef1234f2dd
SHA25641f1cc68f46d1bac3c8e66766786fbf48f9f910dcb42727518c30ba7a5e8ba77
SHA512d6b1c4e42b1cf31112c6425b9d7539021f5e8c9361405d670b11dce308d755ba2ea68870c257c19301f3344ea5c5c2560f07c115a9fc0381bb738dcc46ef6025
-
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize113B
MD5fee17b2ef92a4241dc0b169c292304f9
SHA1d07f2558bb81be67e71437153add5041b0d91f6a
SHA25643547106dd3568741e174d82182b438e5bd0c98edf1667776368709db4b7b8f6
SHA512680964e01a81c65862ca41dc3913551d913660a1a6e2bb1ceaefb0606e865fdb647e68f784234b9b864cadb0a85bd17066e7a4f4a1af03765cf78196b61484c6
-
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize1014KB
MD5ab83ad1e2ae1380872edfaabd1a774fd
SHA17d414ab93c4bf1c1218cec8c97a215119e4d9b83
SHA256f2a24d8ab23eb52cd2ca11bd3f874befd90c4b35760a6e8f9c15f4e6f86445cd
SHA512af16b3afe3c17871b3d94fcdeb811c207d1be0822666c3c86ce2bace89fc5bf787ece7f765601f7fc761c95cebd497761ed9dc91beab28fe8568934ca8e3a763
-
Filesize
831KB
MD56b36a2339381dc98f79ed0c2a844486f
SHA1ae6028e9d4fb95eeefc60638dba4ffdf4489b9d0
SHA2560b36219859a9581883179f431436c0f7f37f6d25fc0cb1a91f7722e7b33210f0
SHA5129a0181c099589d07e00edfecc8306741fdfb67bf63e8339257616b7984b3ba2cfe57a29c9f08f680a8a52ae870472d7dcf6a379a63a6cd28c098e478267314b1
-
Filesize
8KB
MD5e200c815632c89cf77c5582dc7334a75
SHA1b4815fc6babfbb66072abee2180953d24c2725d3
SHA256c10440dbe38a820433a790c9ff8086395dbd108d9b048b5572fe1a5de3339b2a
SHA512d5627dc9e9e2d7e221f8deeccc175f8d190b43ab64ffe032eab629aeb907de20c8339c47f7ebb389b94bacd0b374dad3463464cdc8a909a010d734861615d0d6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize471B
MD583571b73771359002d59ebc9befdae55
SHA1404e41179a9105449ea6480ded696bc9ad777ad1
SHA256aa50c1f284bd799c71c9dcf44e376edf56118526f7b8d386efa3a3a302741dd3
SHA5128fe5ecb1acd3de4086fd46c8918a046684c4b95e8ecf37ee2b0f7e081f5973698c093e8e11bfd24e4757e51b8a9d3cea46140c0453a6323e781e8e7c0b37568c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
Filesize412B
MD53824f479bb9eb12d3574558acd65a21d
SHA1b0927a17c40ff49d356e2095a59541d30b01b0b3
SHA256f7f44bd28cbfe03b5467efa04bd2323ce0b55be75ff4fd699ede8b7520e555fe
SHA51217f01814b2566c5ab99d55794e1422067614d8705aa5c07d707ff024017a630fa94ee2c463aff91c9c95e472dc724214d792dd04023c1234a813229d6ba9c345
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\19WRGS2Y\microsoft.windows[1].xml
Filesize97B
MD519789e21b4ea52c8d201e3c25c0d5b36
SHA1245d5edae8c0372b5d412f2780762a768323ad96
SHA2568b5c7163511de2d78bd7e9a877bba7ef3c09b5808c37bdf63f68aa796326eb7f
SHA51276b2144794aab885e18eb8064af14d43a6d6ff3e14ba81389944982bf6890c6686cbcd4130c4452cf369eeb7cf38620030521e4a6bc6c1bc853577dc6ecf9acd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres
Filesize2KB
MD5c90e0021700ff525dcb6e8c71b8dcbbc
SHA1dba98fcf84f0c8d55a41b90bf6a9bf9f4a22818e
SHA256772a7fe743e8abf35b06f173526c6e5349531772e4f3ce9f89003bf3f2dc8e0d
SHA512bbb109b398fa0f99e7821a2e52ecbfde39a82cc93042a715ba1b589d81e2d4a0eebb9d4519dfc7f5cd54bb727df7663cffa2b8103ea7871a9a9769e6e7770f27
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB
Filesize36KB
MD50191a80f1e300a5a7af5d6784231dd9d
SHA170753f21c7c81dccc1b63f59c559e50ac303de68
SHA256a01b9af0190fcb8f7d8d0756fe99264d7206e1f4698919ffd634c4297d0843ec
SHA512430e42a2d96aa4f4c84a3b61680b4b64854df9b0cccb50b7389fef68399d561030fab78f269b829e744d1b1e32df09cf7c974eea10e4f4b9b3a43b49f5814602
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID
Filesize36KB
MD5a86b5d0d4a6ecaedaee39c49dc80a3c1
SHA10c686e5164d49dc1fe4cf3c990d21c047cf0829e
SHA256a8dc9ea66e36e8aa0a9620a12228bc62ba39cf632862f67ec825b7594cdb2757
SHA512a75e786237d02d1ce666a6ef98e66db53ce696f3481ba01f6f311709ae42c299503d5b6c2cfed95c55310d0639f11038f7b0ecfb6d54bfc59045233006c15ed4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome
Filesize36KB
MD53f0b6f9c120427797ec49194b7b2684d
SHA194b42d47c67f254aed67e13e0fcc3b1dc22763b9
SHA256c47300de08378a4ab89911e77d5ba068651f04717e85a8d9304be5d9914facae
SHA5127779115cd1f87e150de121b5af4fccf6ad8acd37443e67649078a53f1cf512a52a737caa2d81d5bd41a20d392f0151de202c609f97328cf748cab2f83875bc23
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge
Filesize36KB
MD55998c2059f49770bd20c81c12805b08f
SHA1c85963f4c05b4ea9a18cdf054abde21385320ebe
SHA256c325f613d9e1f9e9df1d0bd7db8a3c59f7884d91bd4fa2078cf0509969c8d918
SHA512814f3a603bedbab272e942040390b285e559662cd94a52a91003ffaa2f5b7d6e4d224e37da9bb755484c659fda9f6c59c0c84fe10892d7df207185598219067a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
Filesize36KB
MD58aaad0f4eb7d3c65f81c6e6b496ba889
SHA1231237a501b9433c292991e4ec200b25c1589050
SHA256813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA5121a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}
Filesize36KB
MD58ab0ccfe101f2a223bf9fc11f910ec64
SHA186a7cf51b399bb786896fb77f59ee8b4844f5afe
SHA2568cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a
SHA512b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}
Filesize36KB
MD59f1ff11e31c55a87372e85612ca3c290
SHA1c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d
SHA2560c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893
SHA512dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}
Filesize36KB
MD593a41069c98050e3ea095a2185fddce9
SHA192eecf90eb3e8235397bf0574acf0e7405541b26
SHA2560382664c279fd723231cbef1f76c8592dfa408b3b42dd8f343a21f4e77adc497
SHA5127a36bcf3ef2c41b5084c36404ce692466934931428f2dcaabb86c2a666cf39b53467161a6d13045eb7a68f31461163d869135aca4c744b9215fbb8891b36fc0d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}
Filesize36KB
MD50705d6835877cf0e3c45fc7427647c75
SHA1b03330cd06f821600bb0323e7c2277311f065f6f
SHA256b04759fee392d36cc20a319943c4ddac356cd1fbed6223a4961688689350a84e
SHA5120faaf02180ef6ea2a8a74ab2be7b72be24eff69e5aecdf97bec838a637e7b3efb85ffed32c2e035b2100615e2711cccbe8afe231ec55a7245d00d6c98329d83c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}
Filesize36KB
MD56ba483c92ecc054466753e522db97936
SHA1f46a0ed2d9d68a979241974f1588d076f64f68aa
SHA25625b4c976977835c431d466db710ff3d5861cacc4e77683ec6fd4d5c9d5ae0afd
SHA512ba9fcc6b649ba53bbead16cc9e47741fbf4abb3d115212b15931d7e759b07a3ddd926042ebc93dc1887dd25dd33044c44bae4fcaf2452217d7d1180b1b269f0b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}
Filesize36KB
MD5e799eff0b7816a5587d146f9bb951f1f
SHA128f99125424d8e0647ed01a21c378362de181cdb
SHA256daee10eef8cdad237bee08e5429e529bca3b7a10c1bd76578588108a3a6b272b
SHA51202ad638295b2a21c3b4367e7f3ef345b81e3ba8c62c61a97ef51b1f102c28b2fd6863f3ca1b3b87051ec95da92c42a8bfcd4e0adf18cebd3de0a2c27a388d563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}
Filesize36KB
MD52e455b88290024ba91a90deb1f194a19
SHA1d17027449bffef8c398ff1ffd8fbf078171805ea
SHA25665afc3f47f89f404bb847eca3c445bcbb15af5fe0905fc050fcb6b6d2f6d00cc
SHA5121cea9d5922894fe900df5b186af735997cdc2132ccdce5690681f4e55608c5c9dbfd5b072c81453ac7456df7fe6577f55e5f86900363fd3acfafa78dbcd6ac5f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}
Filesize36KB
MD5855718d0bd86e35b1d42ceabdcfc61b3
SHA12a6698c8231e2fa27f93fd5141a252a4b06251b1
SHA25678c940de004462f42d6bd01aaa33cd73f2c3b06652730c385f1f9c4760ac9537
SHA512bea1a7ac95e76b120c65bce325d87c27d385f992c6b95def100ba50fc4e7eaf13c61c10bd95231046885a17afa1aba3fc4158d095360caa46412ae8b136288b8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15
Filesize36KB
MD51d3c4e80c24cd236fa76a27435926362
SHA17dbb5cdcac2ba68296501209c9fe98edcca2d35f
SHA256dbcdcb3b5da2fff40a182288466d41e376b9c578ffcae1c40e53e6b2b1162b2e
SHA512b871c72d59f3422ef443502bdd0c955be46f34f599efb063dd5d8701902c390f8397df4d4d04699a03cc3326f4761a4d463df7ee8f7a32559ae0b0e39af41acf
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15
Filesize36KB
MD52c3d8b38f4706d2bd623310de468a21b
SHA143aa3a23be9e599c8df874b631e2291fa0fd5e25
SHA256eb7c131073394f7824cd2152e9ef1f87bfa7feb09097af42d7a882b3ad7b7ac3
SHA51245fa14f771adb80eaac8d0bc02e70d9e9e453d27238698c7953de7434c4a182eadad6e7fc908de4e5babd487f9dc917fa3ba67ca599c5889804d948da7fd1fd8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15
Filesize36KB
MD5943dc823b68d13170c037022cf94d95c
SHA10e39464d007f8c35667277d3fa42f297a5d75820
SHA256ee75215cb2025b29a28bd6ba4d363924ea305eceee5cb9c9afe68dd97c7b0415
SHA5124ae351553521d41e844f6de549f1c7a6dd3eb544b50976913cdea58edd3e3b8cb81d21b2461258c3af1c65815ccdad407ae193d220656a44c6f4d4f21200eaa1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15
Filesize36KB
MD547c378bdc07ccd57b6e51d03085d0a09
SHA15e0bcae2ef2a557ef7b7feb11c032e567347c9e9
SHA256c8306e51b61f5b4d819bee37f60258378b9605c6787f55cbed76c676bed66322
SHA5121425b348c230aa7818d08049b57228a27bc591fbbb1a107f153eefc3e313ad12cd3ec3efab0b314795ddf00586a821e98eb042db68d3862ea2cf800a0cadb77a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15
Filesize36KB
MD5c314b7443a535d4b39b28c6a2d246ef5
SHA1b7688df267a8304d3f1f6afdbcddbf96a5e86fcd
SHA256288834f082fb5ca0868a7b8fd3f645c883841d612731771df1c9490d99af76ad
SHA512ca3ac5def4b819cbc0cb770a2e0b482e3ad5753f167b2741e7e31c20ab7236559695297b9dd5d8088ac2f1b3886a7e644166c4fab29dd63c60a906abc547f422
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
Filesize36KB
MD50e2a09c8b94747fa78ec836b5711c0c0
SHA192495421ad887f27f53784c470884802797025ad
SHA2560c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA51261530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15
Filesize36KB
MD5d73810507446e10f35cef691a91cc5f3
SHA1f871fc76285b469eaf3f77697acb489438671a31
SHA256bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3
SHA512c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize36KB
MD5f7c68aeb068be0b1676467034ec1ec2e
SHA1e20d93b078d12e810d3acedd043a0732d4ffc0ef
SHA256eb436308ba9a771a091998e4f804d999355f285737682273a6faa98dcbf3b3e0
SHA5121b1cdccecbb81f4749f1fdf11d9426eff55cf8faf866b0600884af8636a716c62f152f6ffbb14c2d5565eb664e0e6a4908c584a8ab37aff2c9d008c247b63edb
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15
Filesize36KB
MD5a03a0988894c00b0079df02367d9825b
SHA1e7c6203741bc7b729f4ea6b7aa0afac1fcaec277
SHA2566f37c8f98b70b89c2cc380d0aa38b0262921202d0ee63561f57a3304575236bd
SHA512692a6dd4619f7e05c06480d7a65fbec407a31d30087ee89efe8eda8e8a578e7a285f51af58ddd9e2c1629b9b9b32c57c8031457587b3c9a7088e21b03ece1b35
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15
Filesize36KB
MD57b4b9fd2b81ce798f3b31e585fefbd06
SHA19b10727f132e741089047841df048fcadddcd9e0
SHA2563eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7
SHA5122e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15
Filesize36KB
MD5f35b45b5028b3b64375cbb3fafb44044
SHA124ed8611db1e76ee699152e10be6c96c60e8a7fe
SHA256848a25007192b687231de4053ef7ba80b6df0e70d52342b4b1fd4abb14ec4c25
SHA5120d7ddae93245cea32af0bd89bfe9f841bf905b97464fb87aeb5158190e0a166b69a88babc7498b88eefd41838696db2c6245ea63a3d5c5d8b78e702972f765c5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32
Filesize36KB
MD5e1aa86a6110404c34e05c063601112ad
SHA10680868aee468fce12215d90684c4c7cf7769b34
SHA256af63b4e541130d09289a3c6852de203f2723792bab7464559459a732d553f8bd
SHA512fce875b8ab57ae028c3bdd3adc645075babb7244a9c3338abf2ce871e56722c895610ed2001c1c84de34c2837616ba3664839e0985f42ff164b1549e909c07c0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop
Filesize36KB
MD5c29ef40b14d06595314ab1f6634ee474
SHA1faf7420e380424794dae3192186f4e5263d1ec1c
SHA2564121ec51b50f6b8d459c56d92058af3ac611b00d7245d7b39145d47445e7273f
SHA51260a472a5867d3fc79e5023ec260fd00dd48d207423b336a9c7393fd8a7303e88b2aecb005f652f2a983d522ec878011dbe797ff56bcf9079a43a4e971f8f4531
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel
Filesize7KB
MD5744a0320026eb91c3f475b4ceb3a39a9
SHA165f61bf6a7e5094f68656494a59553c1c64123da
SHA256b003c371a0dc78f40822f9959e084ad23cbb605dc362f04fff880459bde1b63e
SHA5121e961b5c1d77c81ec0f326608a1e12511a4a0041a458b4551c17859b3afb83d98ca3c84cd8ff771684a6747f6df2ac82fe5851132034c1c42c8bd1029f4734ba
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe
Filesize36KB
MD52bd136eb4cb4539c66599b66221dbbba
SHA122532c9b312cce5d6e593955b795cb2ba2857124
SHA256aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6
SHA51222ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe
Filesize36KB
MD5295e1773200faaaf90fde45e9756fadd
SHA18a2c49076f59739c7e69f19852d4ea0a772af2a3
SHA256f795251afd7834282ad149d10bebf7dceea04ba56a960b7b9e3899e4287f1385
SHA512f0cd5d2e0b82d40c7256b4560e461b3eefa73fe51ac6679f29928faab673276ba12190dcaa404b89664bdb38e4da04c968e1db694410c9fb68d5234b58278d14
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
Filesize36KB
MD59b55b8a492df2ce8fb6e9b0565dbcdcc
SHA1b52570ebb2a3c3aa8cc3ffc6ad0955078abd5235
SHA256e73573d120f91a45563e277015e3ca72f05ff1b18976df5c81bd490805020f25
SHA512a8fb3c061f4b6fd17167cd8ed9f92b34b90e826b6dfc036db33c72f960052e20c4cc0fbef3988032ebc30449aa310149e81187bb7e6ff87f6249202f2652cc5e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe
Filesize36KB
MD50d19bea6f0b22383fff2d13e0e6ff0a2
SHA1416f9bd9d2f0deacc06490fbefe77a6ffc2064a9
SHA256da3cc596513ca5729f367af635df99081509cf5dcf9f5744090c7cd9fa8e0243
SHA512e9ee700a8b17396239bc5ea79f384c80e34c7412f5877e4b6214e6748ea291341599880aa5338a9e68a3ab86f2f5263b08193a543be72372eb01da0432ae3308
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc
Filesize36KB
MD592e39e4bd3e216cf76a2cf3d93c53fdb
SHA16b3315770d169c632712e5bfa002610c3917d99c
SHA256be2529bc70fad82f5a753a3c4083d9ae5361c1e95a2c5fce51df6feb442de615
SHA512ed9c3732a6f54efba8313ca533eaf6e9a5eac80977ac8028452fbfcb1429e46de192ab2afcf7f1d3bb1f0a1a8f31f00782424059d82022f660bc44fe133e3b6c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe
Filesize36KB
MD53ccc6610ecf9eb036fc50fda1f781d21
SHA1de7db115b3bd1b926ae0b2a795e7d0feac621851
SHA2562192613bbcf96dd824a813b59c598c486ea713a05c82fb1184eb955bc3b84839
SHA512aa3a6d68415fc17695a8dc35271617834a84b3485af974cf34f2ff2a065ab6217db4a19e08abd22330dea9d9a44963e0aa70feda061db2ca6c0c29b2f4c6ca42
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
Filesize36KB
MD5406347732c383e23c3b1af590a47bccd
SHA1fae764f62a396f2503dd81eefd3c7f06a5fb8e5f
SHA256e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e
SHA51218905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe
Filesize36KB
MD533cf1a9ad7e502fd7c2de69a7da48801
SHA1a71f1a144616eda1ca60886843fae98703417a0b
SHA256f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0
SHA512edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
Filesize36KB
MD5eab75a01498a0489b0c35e8b7d0036e5
SHA1fd80fe2630e0443d1a1cef2bdb21257f3a162f86
SHA256fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47
SHA5122ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe
Filesize36KB
MD5f4ebff482100da28a335dd2ee22e4a32
SHA1bbe5f2c752b40641d02cbb43d5c0fb9c53889414
SHA256802308e769a49d907538c5fa0e974313fb6e3bf29cfc8c6d1d69dddd8cd124af
SHA51286147c1a98cde8389145059666a7d241035f69558183d21f2d069a2f973de96125d5b3f3985732d47e556c09dd0d0acb75447293700e9b45feb798e145c5add1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe
Filesize36KB
MD5a89988784e4640ac2ec71f90ce85b825
SHA19e22ce33b9c1fbe81690d7d7b315ce815e72994b
SHA256679f4056018986fc3f9329155cd3a826ef7bc664bd7cb6dec0ae07a7818ce57a
SHA5129b82109d2fe226f99d2919672734ca8dfca74b3bc2032b406519ae96e37d33a6ef77be655ae0ba5c54036e3ae3510efe767e5881b17e85b04292b1558387a919
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe
Filesize36KB
MD5f29ba4c9e82e3ba6f79cb3383cb96f79
SHA1f8082d87ac238c237627b132889c9cb223fbb262
SHA2569e228359b717ec1507aaecfa380c6e8e24a810133f8e5bd11171e5f9cc905c84
SHA512a33b9c6e094ba20e7085e42ced2de54bd74461575d581b859a36481ff8c65f7737d0ac52429bc9ead3ca67f197755c49f0ea0771d8606c7af8bab55d061f6f84
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7
Filesize36KB
MD52a411bcfe80e1d37e92edab81bdfb3c1
SHA17c88f9f2e4f6438d404cf9d06b0f9b423a4d21a0
SHA2565da20ef7ac791c3f4541d0e8ec0ccebd79bc8c5819b097ee16ce845585ec5d92
SHA5121fc2245df1f1d23b44c4063b5bc0d46fab4490da488695aaa66dd68aa4d1a8c6e51d5646c2c24f87ccfcd081cd1a6b48445c5854bde7956a3b35faff0d8c541a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
Filesize36KB
MD55e8789e07e5c0545251da36bd0c8e4a5
SHA175a00b8758ec1b080c47dae3452977e4a61f0167
SHA2565682a3ff1985edd22549e7821899c00286687562c768c262de1d2a542b1884ff
SHA5123a415a469a0c2f833f93a64c5025388bc83513502cdaa46f0091d11006e48eb67215fac01953bb02c5f304d21e0f487db1085260f0f603c554c4b19434e137ce
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe
Filesize36KB
MD54f0414c4ef966619b5cf9b740c9f1096
SHA1d136f140bb9aa3d3d9b5aa5dcb413d78b93c71fe
SHA256bfedb922c2dd20626051ac2dea4f06021eb0a51ed53d901bb7fdc3c27b0c9cc2
SHA512bb094fd2695d2ad8f0e1f5ea5652dcf1e377adeb597cc84836aed75685689aa14f622632575bfb59a37ab86610f0595b3897adc6db7278dc141e4ef9495deb38
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe
Filesize36KB
MD57689c30d53af0dc638a76cdac2b6755c
SHA1ee74ae57c6c4867783c282b46cce4aaee6fcd5c3
SHA256a05bcdcfa0fdc148fc7eadaa891e11d3646b84b04f793782b7257edd77015e35
SHA5126840a48e5725501b37455f650cabffc17086453b6d70f943ff379f2b5b1ff9d1a72da8dd27083c082c3abcaaca3cbcb36da2c7005d08811cf94b45e88392f38b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
Filesize36KB
MD56f0d8710c462b5955d9d16745bdb1bfd
SHA1ed0545934a28799ef27dddcc0439d05dc40c47ac
SHA256342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd
SHA512404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc
Filesize36KB
MD57279e4431c96c1030f6ccefb5fce7cf3
SHA1e6d0c93d63c00d14e2f40f5fdbf6c3fdc3487442
SHA25664472af7e48d716d113b1c8a8241eaa67737b21e29abd62b4a0bfb485363ae3a
SHA512db7febd66f65a486b1b77f13d8b32787c9d04e2b07003cd0dc90f4531afe70132ed9f165ab55c012b60857bd4e6f8fe2e78f7ff132bf64a95159d7138e5df53d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe
Filesize36KB
MD57794df1f7ea502f8b5a7afe7458dcbd4
SHA1179f413597c837600e87609de63ae9112e3e7199
SHA25675f6713e1ae6f0caa52d0b3957114d7653e2e002b33e1c6b173f6a584ead94e4
SHA5122a77656d9201c8684315c1fe8693fee206b13d072fd4164491b7a4c5fc46a3ba78216200c48b044bad221c27423394529173f8d84a5a38da7343231d0f7d9fbc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
Filesize36KB
MD553397b08309ff534a07d24635ba224ca
SHA1acb7765998078026e0b6ffbe57e72d8d454bc54c
SHA2565c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0
SHA512bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc
Filesize36KB
MD55e2da008f38c7ad813d9fe8e669dddd6
SHA13f4ed852167cfb251cce13be4906a0cbea58f021
SHA2560cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28
SHA5128d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm
Filesize36KB
MD5a62d519be58c4ec079cd825e04c1f4bf
SHA191c59ff74e1911d942cdb7a68ebba42f10dc3510
SHA2569af30e079cc36bdf17fb5fffebbe68b2275616f9513b07e99f15f7065a2d99c6
SHA512637a0dced1a940af17c47abcdf30dc1a2ab2c1a1f70b9199789670398e87d2c9ad445f82e05fd1ea84cccfb62d25c8253218426c1fd9784b14dd5c7bae881b69
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe
Filesize36KB
MD50e6ef93d5933046a62bc747ea00e24fe
SHA1dd78782d47f49c2d8bb903a87596b84cf1299601
SHA2565086deb58d1ef6e262c226c1c9f590280ba09484995da092ee1c9e0e5bcdc6c5
SHA512e7db0b2a9f8d1c3dc26ea5360a34959de95449cc6575ec199c4d01e487af627b7c9e2eb60166905011eb53a96d4e7076530ac5e429b3a3c47eb610b63fb089bd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe
Filesize36KB
MD5988d8f7a55d7a70d764dfa515a4ec6cd
SHA10935b33593ae55a70833624fbb1edd7208391ff7
SHA256db1ddddf683c53435b987f49f5f5b3262899451c634298bafb3a0b122ceaa62a
SHA5123ea0e33b836e1cd0b8d034f1e4d31cfbccad59332cdfd0cfbf08005c32204ff930c5578350fd1ac111f109b1ae38d3621394227cbb1da11d64af4e46735789c8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url
Filesize36KB
MD5bad093419be1135cfe9694ea77088c78
SHA176204c7ca72cf666add9c9931389d635c82e8af0
SHA256136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c
SHA5123b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt
Filesize36KB
MD5968e7d1aa993ef1052b35a95c51946d5
SHA1c67817521eb4f70d692d3d29b32676b1871e3d40
SHA256719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239
SHA5123382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.0.filtertrie.intermediate.txt
Filesize18KB
MD5f66204ddc2e55a4ba416e9768bd5aeaa
SHA10ebb17602b92ee42cfe273619c17c043402cc5dd
SHA256232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631
SHA51289df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.1.filtertrie.intermediate.txt
Filesize5B
MD534bd1dfb9f72cf4f86e6df6da0a9e49a
SHA15f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA2568e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.2.filtertrie.intermediate.txt
Filesize5B
MD5c204e9faaf8565ad333828beff2d786e
SHA17d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.ft
Filesize26KB
MD521de42414cc2933affe1828f1ed2a29d
SHA11e12e4c389cfc585798e6098eb1fc1dae7f06afa
SHA2560f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92
SHA5121e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.index
Filesize991KB
MD5b2cef728978026d476329fa104dd233f
SHA19b7bef0b534d8e617dea0720c6c924278f14e684
SHA25660ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32
SHA51233c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.csg
Filesize444B
MD55475132f1c603298967f332dc9ffb864
SHA14749174f29f34c7d75979c25f31d79774a49ea46
SHA2560b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd
SHA51254433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.schema
Filesize150B
MD51659677c45c49a78f33551da43494005
SHA1ae588ef3c9ea7839be032ab4323e04bc260d9387
SHA2565af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb
SHA512740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsconversions.txt
Filesize1.4MB
MD52bef0e21ceb249ffb5f123c1e5bd0292
SHA186877a464a0739114e45242b9d427e368ebcc02c
SHA2568b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307
SHA512f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsglobals.txt
Filesize343KB
MD5931b27b3ec2c5e9f29439fba87ec0dc9
SHA1dd5e78f004c55bbebcd1d66786efc5ca4575c9b4
SHA256541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e
SHA5124ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appssynonyms.txt
Filesize237KB
MD506a69ad411292eca66697dc17898e653
SHA1fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d
SHA2562aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1
SHA512ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760535428627545.txt
Filesize61KB
MD5acaef159923856ea5385473680463f1a
SHA18c961466b14c2070162ba4c62e1a6a7bc125adb6
SHA25643c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8
SHA5125a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760536280418433.txt
Filesize61KB
MD5190a3a38fbbecff68c090688e6c8ba20
SHA19afb677325a0456575b4fc3327daaca9ca392d32
SHA256cf0665cb7354dbf9b6ac678bfd496e4de678aad8e90c34549c2a6c9b5e63ef5b
SHA5125957ff1e49cf3b12474dd457e1e0a953eec5fa6e3f28989ce6338ab724684e7b1fd0423adbed1ae2f15ab18fc9918a15f81657cf1a41bd7dc02435b2e479ecb7
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
Filesize251KB
MD5561b1a8e2d01cb5c63fff21d3cdd682b
SHA194a94afe676eef15449110636632c5576ab48ecc
SHA2566574c3491ebb28df4f21497239ff59ec21aa9214bdaf0e15b46ecbbd8b103311
SHA5125791b59527ad321deb2b2d972f6192e7d6895c76bafa35928bfeb89317fa527d4d167de5cf3a638f730c9f36696dc3756efefe41054cecb7ff5c237d891948d0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
Filesize8KB
MD5c984fb655e464aa34c99e3ae511f62dc
SHA1510034262528a95a5bf3a331a56aa490e48cfef7
SHA256acb7a319404607f17744729c639979336b17829997903903d59de3ba6eb04be6
SHA512a555f1be9748d93391b994bc3f8d1e9ae2bd1fadfd71fa8c24a975c7242adfbaae2bf08f6e6382b95f90fbb8f4af26b60e6996720c2b2048a2c0ccc163636958
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
Filesize8KB
MD5e4f108415f443eca2a8a4065c5e6bd20
SHA16125c94738020b824fc84af8d6999d02ca388959
SHA2562af169d4a1705956c9d4e20c5fe2e2ad0fa2f1e40ef679c1b5ce10a4ebefed06
SHA5120b0f7fb336cf6f6fd1d73715eb3c3fbd4db5d993f7d4561db6b75b16f5e14878ab10d738ab6e6e8dac3faba8e95915a62c6c6396770e872f11e8ac4601c7f7af
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
60B
MD56a2f870841e0126632f5b9bf0d000d6a
SHA151689e26641f0eb054cd90553a21a472a2e79148
SHA2564bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0