Malware Analysis Report

2024-12-07 10:00

Sample ID 241114-mf7tys1nhq
Target 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch
SHA256 f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Tags
credential_access discovery evasion persistence ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7

Threat Level: Likely malicious

The file 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery evasion persistence ransomware spyware stealer

Clears Windows event logs

Reads user/profile data of web browsers

Credentials from Password Stores: Windows Credential Manager

Power Settings

Drops file in Program Files directory

Browser Information Discovery

System Time Discovery

Unsigned PE

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Kills process with taskkill

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 10:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 10:25

Reported

2024-11-14 10:28

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Media Player\wmlaunch.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sr.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\sfs_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\pa-in.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\framework-dev.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\PushSplit.jpe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A

Browser Information Discovery

discovery

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{57523D96-B7F6-4D2C-8AFC-BCC5F5392E94}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\tn1036.bin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR it-IT Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-IT\\M1040Elsa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech HW Voice Activation - Japanese (Japan)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Traditional Chinese Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\AI041031" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hedda" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "French Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\de-DE\\MSTTSLocdeDE.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\L1041" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Italian (Italy)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1041-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_es-ES.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Cosimo" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 aa 000a ae 000b ah 000c ao 000d aw 000e ax 000f ay 0010 b 0011 ch 0012 d 0013 dh 0014 eh 0015 er 0016 ey 0017 f 0018 g 0019 h 001a ih 001b iy 001c jh 001d k 001e l 001f m 0020 n 0021 ng 0022 ow 0023 oy 0024 p 0025 r 0026 s 0027 sh 0028 t 0029 th 002a uh 002b uw 002c v 002d w 002e y 002f z 0030 zh 0031" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\fr-FR\\M1036Paul" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SpeechUXPlugin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; message=NativeSupported; computer=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Spanish (Spain)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR ja-JP Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hortense" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "410" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SW" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\VoiceActivation_fr-FR.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\r1041sr.lxa" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\AI041041" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Helena" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR fr-FR Lts Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "È stata selezionata la voce predefinita %1." C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "English Phone Converter" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Stefan - German (Germany)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_HW_en-US.dat" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\L1040" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lookup Lexicon" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Ichiro - Japanese (Japan)" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Laura" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Discrete;Continuous" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\L1031" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Zira" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\it-IT\\sidubm.table" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = 49553b76dbc112bcd96e2ce32f82aa3750d88abb05779f5fac65e84c5363077e C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "DebugPlugin" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Laura" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\AI041036" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; message=NativeSupported; address=NativeSupported; media=NativeSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; alphanumeric=NativeSupported" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 428 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 3084 wrote to memory of 3756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 3084 wrote to memory of 3756 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 428 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1300 wrote to memory of 3904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1300 wrote to memory of 3904 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3904 wrote to memory of 2808 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3904 wrote to memory of 2808 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 3120 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 3120 wrote to memory of 1124 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3120 wrote to memory of 1124 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1124 wrote to memory of 772 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1124 wrote to memory of 772 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2036 wrote to memory of 1892 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2036 wrote to memory of 1892 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1892 wrote to memory of 2364 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1892 wrote to memory of 2364 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 4956 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4956 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 5112 wrote to memory of 4408 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5112 wrote to memory of 4408 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 828 wrote to memory of 932 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 828 wrote to memory of 932 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 932 wrote to memory of 4836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 932 wrote to memory of 4836 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 4812 wrote to memory of 5052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4812 wrote to memory of 5052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 5052 wrote to memory of 4632 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5052 wrote to memory of 4632 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 5080 wrote to memory of 4060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 5080 wrote to memory of 4060 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4060 wrote to memory of 4444 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4060 wrote to memory of 4444 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 428 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 3936 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3936 wrote to memory of 2548 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 428 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2252 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2252 wrote to memory of 2184 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 428 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 1268 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1268 wrote to memory of 2856 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1268 wrote to memory of 2856 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 428 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "General Logging"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

memory/2684-6-0x000002C1ECAF0000-0x000002C1ECB12000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_scyoedrq.boq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2336-31-0x000001BBC6B50000-0x000001BBC6B60000-memory.dmp

memory/2336-15-0x000001BBC6A50000-0x000001BBC6A60000-memory.dmp

memory/2336-50-0x000001BBCED80000-0x000001BBCED81000-memory.dmp

memory/2336-52-0x000001BBCEEC0000-0x000001BBCEEC1000-memory.dmp

memory/2336-55-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp

memory/2336-54-0x000001BBCEEC0000-0x000001BBCEEC1000-memory.dmp

memory/2336-56-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp

memory/2336-58-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-57-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp

memory/2336-59-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-60-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-61-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-62-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-63-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-64-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-65-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-66-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-67-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-68-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-70-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-69-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-71-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-73-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-72-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-75-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-74-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp

memory/2336-76-0x000001BBCEF00000-0x000001BBCEF01000-memory.dmp

memory/2336-77-0x000001BBCEF00000-0x000001BBCEF01000-memory.dmp

memory/2336-78-0x000001BBCEF10000-0x000001BBCEF11000-memory.dmp

memory/2336-79-0x000001BBCEF60000-0x000001BBCEF61000-memory.dmp

memory/2336-80-0x000001BBCEF60000-0x000001BBCEF61000-memory.dmp

memory/4272-84-0x0000028292F00000-0x0000028293000000-memory.dmp

memory/4272-82-0x0000028292F00000-0x0000028293000000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\19WRGS2Y\microsoft.windows[1].xml

MD5 19789e21b4ea52c8d201e3c25c0d5b36
SHA1 245d5edae8c0372b5d412f2780762a768323ad96
SHA256 8b5c7163511de2d78bd7e9a877bba7ef3c09b5808c37bdf63f68aa796326eb7f
SHA512 76b2144794aab885e18eb8064af14d43a6d6ff3e14ba81389944982bf6890c6686cbcd4130c4452cf369eeb7cf38620030521e4a6bc6c1bc853577dc6ecf9acd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 e4f108415f443eca2a8a4065c5e6bd20
SHA1 6125c94738020b824fc84af8d6999d02ca388959
SHA256 2af169d4a1705956c9d4e20c5fe2e2ad0fa2f1e40ef679c1b5ce10a4ebefed06
SHA512 0b0f7fb336cf6f6fd1d73715eb3c3fbd4db5d993f7d4561db6b75b16f5e14878ab10d738ab6e6e8dac3faba8e95915a62c6c6396770e872f11e8ac4601c7f7af

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760535428627545.txt

MD5 acaef159923856ea5385473680463f1a
SHA1 8c961466b14c2070162ba4c62e1a6a7bc125adb6
SHA256 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8
SHA512 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

MD5 561b1a8e2d01cb5c63fff21d3cdd682b
SHA1 94a94afe676eef15449110636632c5576ab48ecc
SHA256 6574c3491ebb28df4f21497239ff59ec21aa9214bdaf0e15b46ecbbd8b103311
SHA512 5791b59527ad321deb2b2d972f6192e7d6895c76bafa35928bfeb89317fa527d4d167de5cf3a638f730c9f36696dc3756efefe41054cecb7ff5c237d891948d0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

MD5 c984fb655e464aa34c99e3ae511f62dc
SHA1 510034262528a95a5bf3a331a56aa490e48cfef7
SHA256 acb7a319404607f17744729c639979336b17829997903903d59de3ba6eb04be6
SHA512 a555f1be9748d93391b994bc3f8d1e9ae2bd1fadfd71fa8c24a975c7242adfbaae2bf08f6e6382b95f90fbb8f4af26b60e6996720c2b2048a2c0ccc163636958

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

MD5 8aaad0f4eb7d3c65f81c6e6b496ba889
SHA1 231237a501b9433c292991e4ec200b25c1589050
SHA256 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1
SHA512 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc

MD5 eab75a01498a0489b0c35e8b7d0036e5
SHA1 fd80fe2630e0443d1a1cef2bdb21257f3a162f86
SHA256 fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47
SHA512 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsglobals.txt

MD5 931b27b3ec2c5e9f29439fba87ec0dc9
SHA1 dd5e78f004c55bbebcd1d66786efc5ca4575c9b4
SHA256 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e
SHA512 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appssynonyms.txt

MD5 06a69ad411292eca66697dc17898e653
SHA1 fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d
SHA256 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1
SHA512 ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.schema

MD5 1659677c45c49a78f33551da43494005
SHA1 ae588ef3c9ea7839be032ab4323e04bc260d9387
SHA256 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb
SHA512 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsconversions.txt

MD5 2bef0e21ceb249ffb5f123c1e5bd0292
SHA1 86877a464a0739114e45242b9d427e368ebcc02c
SHA256 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307
SHA512 f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.csg

MD5 5475132f1c603298967f332dc9ffb864
SHA1 4749174f29f34c7d75979c25f31d79774a49ea46
SHA256 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd
SHA512 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.index

MD5 b2cef728978026d476329fa104dd233f
SHA1 9b7bef0b534d8e617dea0720c6c924278f14e684
SHA256 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32
SHA512 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.ft

MD5 21de42414cc2933affe1828f1ed2a29d
SHA1 1e12e4c389cfc585798e6098eb1fc1dae7f06afa
SHA256 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92
SHA512 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.0.filtertrie.intermediate.txt

MD5 f66204ddc2e55a4ba416e9768bd5aeaa
SHA1 0ebb17602b92ee42cfe273619c17c043402cc5dd
SHA256 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631
SHA512 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6

C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 297606869df1d5805e620b380e77b0c8
SHA1 c5d8351e303d986ee9590695243a80fd00085c90
SHA256 64fc01fa2fedbfa2a33dc7ecdaa0316242c09fb1e9bda8899afd9d159cd6621a
SHA512 ab211bb9be2f3f42f2035934d6470033669b542119cb291ac37261268467c0bb13ed4fc0eda33951076b098926d385cd9d46e87bd549b5b4790095e9d3fc3f2b

C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 c6138a1a9eabe5e324ddda4db2315d7f
SHA1 fedc04d2d3fe024a89be5d2efd0182d84c298e9e
SHA256 83fed732febba7f4459c620a452d4cec7a7697107247f90cb99e614a3e10b0bf
SHA512 8e187c6c134e71e0f8f646315795a864f0290c04ec0d665dd7035365c2fda0b77003f8d53586b8d15f058a919f5cc6ae73808cd645267bd962c7f757e2f6a9f6

C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 beafa4681f36117ac78ba64a401bc581
SHA1 6e4b1299a0e3aa28b0d6534796ea9a4212e4664b
SHA256 24d4a272ab5b328a511c9df4bd2b642b2225ba4b01b544a0a38dd6b8f9cab6ed
SHA512 b316098ece41fab5ce90f6703993e6a205934a3d85d50d551a135d1e20e84f3da7bd6edaa49d14c9d3e1b5aebb915a79618fd59de9dc64a943c24e6dd650100c

C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 05915e9e4a77356e56841a12b8e0f135
SHA1 5ff7e208cb2d6fee65705936a8288864f284d356
SHA256 2bf2769411bbaf7293a433129f2cf551a8743ecd9b18d5bb7162ce168068eca3
SHA512 9e8a84a62fb85151acf44caa9c0bf0260774861bff319f4faf4a4816efe3c76e7cbc9994d938322adc81f84e08638e236c737a25ca68de156789d87a00d1696c

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 d3ebe6c92b76a60295262fff2f05267f
SHA1 d00ef99c1d3913da3460616f910a5cef1234f2dd
SHA256 41f1cc68f46d1bac3c8e66766786fbf48f9f910dcb42727518c30ba7a5e8ba77
SHA512 d6b1c4e42b1cf31112c6425b9d7539021f5e8c9361405d670b11dce308d755ba2ea68870c257c19301f3344ea5c5c2560f07c115a9fc0381bb738dcc46ef6025

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 fee17b2ef92a4241dc0b169c292304f9
SHA1 d07f2558bb81be67e71437153add5041b0d91f6a
SHA256 43547106dd3568741e174d82182b438e5bd0c98edf1667776368709db4b7b8f6
SHA512 680964e01a81c65862ca41dc3913551d913660a1a6e2bb1ceaefb0606e865fdb647e68f784234b9b864cadb0a85bd17066e7a4f4a1af03765cf78196b61484c6

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 ab83ad1e2ae1380872edfaabd1a774fd
SHA1 7d414ab93c4bf1c1218cec8c97a215119e4d9b83
SHA256 f2a24d8ab23eb52cd2ca11bd3f874befd90c4b35760a6e8f9c15f4e6f86445cd
SHA512 af16b3afe3c17871b3d94fcdeb811c207d1be0822666c3c86ce2bace89fc5bf787ece7f765601f7fc761c95cebd497761ed9dc91beab28fe8568934ca8e3a763

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 6b36a2339381dc98f79ed0c2a844486f
SHA1 ae6028e9d4fb95eeefc60638dba4ffdf4489b9d0
SHA256 0b36219859a9581883179f431436c0f7f37f6d25fc0cb1a91f7722e7b33210f0
SHA512 9a0181c099589d07e00edfecc8306741fdfb67bf63e8339257616b7984b3ba2cfe57a29c9f08f680a8a52ae870472d7dcf6a379a63a6cd28c098e478267314b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 e1c5806254052d79ab497a16811dffd3
SHA1 96d4c563bcf0407ee91f6f4b39edaa6c92398190
SHA256 4276cbc3c89e673755715e5c2990e68fe25dcd7c8f07e9624eaaf240d30432cb
SHA512 a1c9687ad8cb950b5a1230cf8e72540639164a015eef29f2ce654ac0317949208f2a926bbf024675b42e5d9fe3ceda2c9944fc1b6bbb4ee2e60f0bd3b9bce908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 4f99dd2c1d65234b3a46897abfe8050e
SHA1 38a9bcefcb7fefaf76d513f203a408d731e544df
SHA256 65e57a38ca30ca7555fdcea43bbc610dcb3552bd8e039b847ef5cfd56770cccd
SHA512 fce05ce3f3934df1b6bbbaeb0f50538529dbfbd1b4168ad12bddf55fba38fcb74da07e62d0e3f95735390f1be044a48f0c464d0b1a51737d1a2bcafc9ec201b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 32563260724f4ca2582dd7722d03a4c2
SHA1 b7f99194c212e34770e5dac0a848f4eb59b4298d
SHA256 325437fe006e72fe7393aea2672d1e0debd3793708dca514d25606b954d64f9b
SHA512 0b8e280e433d1af8a565a75af577e514eb39b89b9f31e20e36fb5cc16670d48fc8102314b88463c4331652ef3ffedef40d2d6a040a515f8bcd93fa6e0ca58202

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 13be9a0ae299e2f0e1120b2160273588
SHA1 1d1a22576525e57d4bd05e721b4190881afa784d
SHA256 beb445d1dd5d931c8a6d990fab6ff22176564a7e6e6a789e8e5afdb25f7124ae
SHA512 7bc1688c69b11e2ff0cc0418fd0cb31ac7bdd29dd22de7f964698f9c992a1a1e6cbfe895e54c8717018f13827e0d9034a7c7e4f60038638a08f65fd0ef90066c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 9e7c3dfb3305640ceda7790cb95503cf
SHA1 487a2445c87faef18bebd3d8c3d06e3161b087af
SHA256 ab4886e9f7e505d10d57c10a3e73b788ed2cf3554c0f3208166022a89aae68f3
SHA512 dcb9fc632da8f07e5a1cf289f2887aa2d04acf04ba8d831b0074a7350e179cdeebb9c92af1fb2f5c0c86fb23831f315f5380e08a9eaee37decc4944ff9a0cdca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 5807e85471707ec39982a045ae78a31e
SHA1 652feff53d46afdc31fc1071a3c2658be1fc86f9
SHA256 48eeaf493217a4848a1c1c44cf063d25c2402e4614d89677f2714270f1b39a76
SHA512 f2176d15ee2c2dad65fbe99ee8ba3f68c926434871ffe18d8c6001f206f47fede5e6295eca17e96cf1fce2054135885dfd43524e33b47a8155b70cfe7dcfd6b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 f2824a248b1bd3f4319eaaf5377a8398
SHA1 20765216bd943c21ee7933549dea617c153b6895
SHA256 1a1e9b3b05070e1a0210e9ae8c022e22380c4451db69f9ccfcb4f56d8f3c8780
SHA512 581a04f7fdadb10583646047eb6b6e9f759d2fb614971dd217889f35b4fee2a1a99dfe72ef772db379b64e430d3509143c851c99c8eb240058c3e1496208587f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 721bb99a78d520115e9f55f9fd1553bf
SHA1 2912a9ebc6804a3b5b9e02131bd62d24c999ac7d
SHA256 fba090a9d60e499f57885a6ca4eb644b5ea0de353f603b4083ef5cc1a3f734c8
SHA512 a3e2862449ca3a4a9c6bbb855bbab76f316ed33bf05b123165e4c46b975a7504a138b957986526ff61e391016201df426d7026753b665597436253be6c50e682

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 6f0ce026e9f3726aede477c318286d3e
SHA1 a7e568cf7c170e257b999beb9fee5bc1f9e60a05
SHA256 043e65d570c88651bdae3ef82fa0206ca2f12e4a1603b73df1ab572dd8ebdc79
SHA512 d559c0ecd1bec9d760cec7603feecd22a8c3ba0505052f49f036301ac07b3aceb8147d1b0222297c077479b1563d671dcd50266b5ba3a8b07e72c47da7afba9a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 0ac26e5d355f08cc270b0ebf5ea44b2b
SHA1 1b117a2483dafe1b53beab6411d7e68ce67d7b58
SHA256 7484c423911a81fdbc1b5c9f072a8fdb953f55e3a5ef4011ad2b0511531a850e
SHA512 a307e9d2e20fb554eca93a7a1ba2dc5e5766205a276974e2b6861155ada5eec264964c3b115c13bc249947756bcf5f65b8a3f4e27f58a38aa457e78a74ac9cbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 0853218977303c318c2c2ab65ac6191e
SHA1 d7b898be7a2bfbcc744954067a6c443c318cddb6
SHA256 3785cb2beed1dbe3fbcfcd41fc257085e787e3b34b3469dd8a1af8dfd665a4de
SHA512 ea1b039895dda66d64f09dcbcb4cf796c826598214319a6e2907be965327f890f53a8fc4941f8193f4629b70530b7b396d3601544badc62e7ee221f468f78bba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 7bdbd610b89a62f113a5c4c1cd1baf81
SHA1 687d4fba732f9107a353fb5fce02502b428f9d49
SHA256 9276f0a4747babcc20fa6cd216a2d70c6770545c48c28fd52cf865fc0d6c0922
SHA512 6327ab384282a04fb863228ec86630c8c06d0806ec2229b44245fa9e3b9d98a7b660a15310649cf316434883042e535dd73858c5c5bf13434387f2c1cfa405e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 98a1b5d363174f6d0d1b521339b908ed
SHA1 b2bcb33d8d698471b7ce176cbf0bba2d91d1eec7
SHA256 ada6b34aa1a61b36382684a008fb51ace958d83e313f4abde0206d34eda4525c
SHA512 f9dec702242a4f770a4c2113468b84778ae5c87ebad5df8e139d3f3cdab8d02a5e872047059d6ca2a574eef9e972d1df5e9713dc4227b8914c23e726120f4540

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 347a8612f84f467b75a6e6d81b42232d
SHA1 22af640d6d9b446e250b54406bbc802f53944ca1
SHA256 80761e868fea965222db3c5749604d66e697721648feee48a82185637dcd751a
SHA512 3fe23003ad21c5917ca3f9383161a9de623311fd06398ab616b27079168a717abcb178f250e8ac568c6c02f66989610997b426b1dcf8061d3ab93936c8c58b68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 1ecc69d55b8c20942fa1b1ce62cbd8bf
SHA1 1cebc606ca8b6262f05b4cbd333fdc8c810cdb44
SHA256 8175bca5c3d6e69cc0eb5d3240f71aac6587da583e85b42330d2cebfc28daa2b
SHA512 72238325c70a7c770ede71e8be7445aa4711899706f2c04e6e6a865ac974bb9868b41b52c61bf1df760a9dca1853201beb170f085e6394d41bd912fd3783a23d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 45757b6888387c8af57693487641f2a8
SHA1 0666c595782bfe7477232dc85b6cc8f18a35ab89
SHA256 9adb9ff28f92a65a160a809677769e2c3a07344f57bc83ada38a439def0e64e5
SHA512 b17a9f7f0d3ec9eef7d7d8442fc50c7fe1e84531dd440e3e0970c0ebdd40ee367de274f3ad2ac5e876bf6427816ef38e1510a41a17ddf6cddcce6c4e7e34c067

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 819cc6a12914ab1d6832849430b1ba9d
SHA1 77b4f860c5c16de7888cef4572a3c73f3e70a490
SHA256 bc216240c3e551381369be6aae402d5c22c910ef385f243ac2f3f32392e03142
SHA512 38d221fc6dbdf431943ec613c6fd7f636b74e032565a3dcdbae9b73df351dd162a1756b41a194bea52121784052f37ddbf180069c6f92bc6674da7a9a9e3ff70

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 cb1a970a192ee0eefb26aac99c8de11c
SHA1 b1a99e72a9dd5a7bbb346f6851a6b473b1008da3
SHA256 2194d7c6d49d375d2e9aa6e2252197553c6d15249338ad7637ab1708b08326fe
SHA512 27b3fe74704f847e54122c8d8eeede0f0cd18da3b1638f8dbb0f27bba6bf2dfc23cc9a6f91a3cc3a719b00bbdb679ad581ba8a2322314ff447eede0be4071c65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 86ab6628ea3490ea67f39da1b028eb4f
SHA1 0379f88e767b9338bd16fcfd235fc3cbfe976013
SHA256 a0935d1c05854c81fbb35ff52e470f3232e510ebb2762df7b6b233bdbf1e5346
SHA512 b2359952e12a8d08f5fb44021d69a729fed58958a5b1df69002ad47edc03fd1d09073be9cc5c0850d7fe00b963d97629342995f5d90acac6d27453cc30037bb8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 cf17349995d55a3c9f11eb789dd7f905
SHA1 1087673d3812028203ebb4c2eb7a596d9ba5079e
SHA256 42ad98e7afbc65fabb859e40c45a1d7aaab7e3f225d8f5a3753cbb9aac98e218
SHA512 fdb80f3d0fc4525bed60d3465a77ba7e0d2ad6a9367a0c6de4886a9cb92549e0e56bc10fe6693a00bc672c15be13b8fdfb7e63e3d9f793533f99e01a263f2ebd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 e071ac37bb1bd5b4dc09522fc15550a3
SHA1 f43f99a1b5f63fe647c124aae2a0b1d58e1c5e40
SHA256 9649b0690509b61b5f3f947482c975a863e2fe4ac437f06b3c47bbe03182cae2
SHA512 ab180aaddd084689def28a729079070ff6bfbffc3b460899d1a03f1f871555d2cb0954d341ba85e62c1c9a9a514fa6015b5e22bedf606d4bb7fb7c9ef0294fa1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 e87e3f2d94ab471c0082b7f266268c03
SHA1 179d7816a07cbb49b6f621aededb1e0147ef97b3
SHA256 76b4f0288ac1869abf3e27bfaa05f16ebec24708d848d59dbe1ed16358fa3d85
SHA512 ec2aa5378bfcc994608674a1dbd60d7b3c7580bb7b28ab2ff51f858baefaa55e511af3d679bd4ecc446d50c52a0cd9229d153523508f88aa0e469165a275560f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 484f2d0bb3ead025c57530bf492b4263
SHA1 4072f4035351bd6e7eeba06938c9eb3f9ee25397
SHA256 947c67f4abed23368af18d0bd304bf0a323e89f5181b428bf30fbadcf4c375c3
SHA512 6b11cd282d32602f63f2377a6b38901645325f1d0d7e97873fd9e28f504abdb89905cda10dae38adc59c3107d3e4eec6799845041ebec4ffad2b400a238ab815

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 b5bf5b2a075b2b94fb706c13e688d4c9
SHA1 1778ee2e179b9f13e24b3acf0835ff69c83aef7f
SHA256 e1df4bc7b15c6dbab45544394bd90c796a2d79d12acc4c320b0b0e93322cf8ce
SHA512 f0207f671297512b16c09e9da032660060c6ea8f7b0bcdcc7a90c7c21e32de3c81d07f50bb2b7b2478c9d87dc882614cbd74bebc1e95493ba52eff69bc524aac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 feccee2b5da9e90828bd157f2faa1c28
SHA1 990a3cb8d65d2d91fa31386070e0e856a9a6f295
SHA256 065262a9d9795567df892a906bdf4cbebf3351d21d82ad307c9b376fcb4bb617
SHA512 2bffbbcc0b330e1e884e74bc95eed82cc6e96512b0fe8bb2dff296c37187a6fde0c7c7649eecc87b4d9e30396591c8db15526ae842bffa6d8eccb9b3127721ff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 8f90dc177f9c67b09e2d86c2b10c2022
SHA1 82da3dde037dec2c29d8e5cd65fb1eacae9555ad
SHA256 611b8b82652cc8b3d6695d4359b282658cdc9b9a62162f095fc49c6b44293b0e
SHA512 d4a5045d442be2000c07d02d0901a83f55611fb640628871f8912fdcc9ca7e82d282ae3bf12918362200184da79a80cf71506bbf357221c47f4c46421da0718a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 d3527aa13341f3878c42480207a4f646
SHA1 0500a6b18b510712e2dd3a41d4d418f26617511e
SHA256 44dcd42b2080a696b3d21f6b46fea2ce4534d84c0338d35c3e061c69d407855e
SHA512 1d6fe6ebe11cd3ee69a7c3fb62d5f969d631fa7c11f158790712a97031d1e480f29fdf6bac14d943dda9f0fb6ee7e6f94f127e155e14a338d858066e5b2e4c7a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 c366726dd6f76b9f47644d41959219c3
SHA1 bb12c5e6aa3853d8e01798fc53240f833dd83793
SHA256 4fce526f580582da0e58e0a1d3e1124ef43e797f2b625083812ea11ac73b1b0c
SHA512 d947b3d1fc52544af8853bd421f1f96796d7b1cd041abb86eff5fc2e01a9cb77d5446b9e69ec08dfcf7a0cf5ecda4335d3aa7dc28c581e592bf62398947a8c2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 06d3fb84ea85a6a6ed054e9a0fb72f56
SHA1 115ca7133579c2afd5846f55e55903cf425026e2
SHA256 099c8a2d0c90a7bfca5447b52e3bb59825a888226fec41b3a1e620ee304ed0e0
SHA512 9984961586959f8d5ca9a104f91d5d73b77f0fb6c5b6ba3121317fd655967f8db45cfda31f822d8a95afbd9319d59130f681e52e19a174004e99369c1f9954e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 0f2d06fcf471c66af33f5904d76ffde0
SHA1 efd7d55e939549e8baf448471f7357f4fa886b23
SHA256 3aec4099f8a820de66e4a71f8152ff2d4925b31e414892985ae18bd9444617b8
SHA512 63f08e586713e497deadbb0851fa30730a6603d6795962abed45305dbe373270382eb4fd5a50607227a4b3dc3d85ac43403d0e79792c299f26a045ebced60b58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 5bf397aa9176de3cedf8d29a191f084c
SHA1 eebde2f3dfd247d22045d3ad448b0e54f5b1863d
SHA256 0c4ad6b53509ba4c997dc208c2810876320931333dae4a86e0d8c77bfee35be0
SHA512 04b3baf0d80a74f318df2d71cf7a8ea02a4703fe4923ec69e90ad168bbb990f10ace8a935b4881bda1c326af8211b7ddf942857029cc3811ae270e6d64c9faba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 bc09f0735d93fe04a85a9bf5b88ab4bd
SHA1 fb0c9661f3002b50d92ac05ffec72e641013542b
SHA256 792a3faa342b92370dabee3ef4a99bbf37ff95e99a9c93fba97bcb17911251ce
SHA512 eaad69b3754450ebabe0c6d20137e5c1fd13a626dab74e0fef45302dfed87b20263f41526aee088c9f6be19c38818e0a0b57ef655ea6dc8974da5dd1deca5a54

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 502c4494016ab309437d58dcd873089c
SHA1 28f3bafe7f158829e53f3af2ffd8e14c95cc0b99
SHA256 b66e5a44c0be22b7197c5ade84ad08510ba4553bb5aafafc1540ec632cdda136
SHA512 40365944e8471e9e12afd26e11d012986de69cd79e4f538c4f32ad5ae0bfc34e80a5152c11bbda8306d71fec0179ef3f30c28cc1933685a56287c72d2d8c4887

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp

MD5 e200c815632c89cf77c5582dc7334a75
SHA1 b4815fc6babfbb66072abee2180953d24c2725d3
SHA256 c10440dbe38a820433a790c9ff8086395dbd108d9b048b5572fe1a5de3339b2a
SHA512 d5627dc9e9e2d7e221f8deeccc175f8d190b43ab64ffe032eab629aeb907de20c8339c47f7ebb389b94bacd0b374dad3463464cdc8a909a010d734861615d0d6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 83571b73771359002d59ebc9befdae55
SHA1 404e41179a9105449ea6480ded696bc9ad777ad1
SHA256 aa50c1f284bd799c71c9dcf44e376edf56118526f7b8d386efa3a3a302741dd3
SHA512 8fe5ecb1acd3de4086fd46c8918a046684c4b95e8ecf37ee2b0f7e081f5973698c093e8e11bfd24e4757e51b8a9d3cea46140c0453a6323e781e8e7c0b37568c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 3824f479bb9eb12d3574558acd65a21d
SHA1 b0927a17c40ff49d356e2095a59541d30b01b0b3
SHA256 f7f44bd28cbfe03b5467efa04bd2323ce0b55be75ff4fd699ede8b7520e555fe
SHA512 17f01814b2566c5ab99d55794e1422067614d8705aa5c07d707ff024017a630fa94ee2c463aff91c9c95e472dc724214d792dd04023c1234a813229d6ba9c345

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

MD5 c90e0021700ff525dcb6e8c71b8dcbbc
SHA1 dba98fcf84f0c8d55a41b90bf6a9bf9f4a22818e
SHA256 772a7fe743e8abf35b06f173526c6e5349531772e4f3ce9f89003bf3f2dc8e0d
SHA512 bbb109b398fa0f99e7821a2e52ecbfde39a82cc93042a715ba1b589d81e2d4a0eebb9d4519dfc7f5cd54bb727df7663cffa2b8103ea7871a9a9769e6e7770f27

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB

MD5 0191a80f1e300a5a7af5d6784231dd9d
SHA1 70753f21c7c81dccc1b63f59c559e50ac303de68
SHA256 a01b9af0190fcb8f7d8d0756fe99264d7206e1f4698919ffd634c4297d0843ec
SHA512 430e42a2d96aa4f4c84a3b61680b4b64854df9b0cccb50b7389fef68399d561030fab78f269b829e744d1b1e32df09cf7c974eea10e4f4b9b3a43b49f5814602

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID

MD5 a86b5d0d4a6ecaedaee39c49dc80a3c1
SHA1 0c686e5164d49dc1fe4cf3c990d21c047cf0829e
SHA256 a8dc9ea66e36e8aa0a9620a12228bc62ba39cf632862f67ec825b7594cdb2757
SHA512 a75e786237d02d1ce666a6ef98e66db53ce696f3481ba01f6f311709ae42c299503d5b6c2cfed95c55310d0639f11038f7b0ecfb6d54bfc59045233006c15ed4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome

MD5 3f0b6f9c120427797ec49194b7b2684d
SHA1 94b42d47c67f254aed67e13e0fcc3b1dc22763b9
SHA256 c47300de08378a4ab89911e77d5ba068651f04717e85a8d9304be5d9914facae
SHA512 7779115cd1f87e150de121b5af4fccf6ad8acd37443e67649078a53f1cf512a52a737caa2d81d5bd41a20d392f0151de202c609f97328cf748cab2f83875bc23

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge

MD5 5998c2059f49770bd20c81c12805b08f
SHA1 c85963f4c05b4ea9a18cdf054abde21385320ebe
SHA256 c325f613d9e1f9e9df1d0bd7db8a3c59f7884d91bd4fa2078cf0509969c8d918
SHA512 814f3a603bedbab272e942040390b285e559662cd94a52a91003ffaa2f5b7d6e4d224e37da9bb755484c659fda9f6c59c0c84fe10892d7df207185598219067a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}

MD5 8ab0ccfe101f2a223bf9fc11f910ec64
SHA1 86a7cf51b399bb786896fb77f59ee8b4844f5afe
SHA256 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a
SHA512 b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}

MD5 9f1ff11e31c55a87372e85612ca3c290
SHA1 c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d
SHA256 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893
SHA512 dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}

MD5 93a41069c98050e3ea095a2185fddce9
SHA1 92eecf90eb3e8235397bf0574acf0e7405541b26
SHA256 0382664c279fd723231cbef1f76c8592dfa408b3b42dd8f343a21f4e77adc497
SHA512 7a36bcf3ef2c41b5084c36404ce692466934931428f2dcaabb86c2a666cf39b53467161a6d13045eb7a68f31461163d869135aca4c744b9215fbb8891b36fc0d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}

MD5 0705d6835877cf0e3c45fc7427647c75
SHA1 b03330cd06f821600bb0323e7c2277311f065f6f
SHA256 b04759fee392d36cc20a319943c4ddac356cd1fbed6223a4961688689350a84e
SHA512 0faaf02180ef6ea2a8a74ab2be7b72be24eff69e5aecdf97bec838a637e7b3efb85ffed32c2e035b2100615e2711cccbe8afe231ec55a7245d00d6c98329d83c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}

MD5 e799eff0b7816a5587d146f9bb951f1f
SHA1 28f99125424d8e0647ed01a21c378362de181cdb
SHA256 daee10eef8cdad237bee08e5429e529bca3b7a10c1bd76578588108a3a6b272b
SHA512 02ad638295b2a21c3b4367e7f3ef345b81e3ba8c62c61a97ef51b1f102c28b2fd6863f3ca1b3b87051ec95da92c42a8bfcd4e0adf18cebd3de0a2c27a388d563

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}

MD5 855718d0bd86e35b1d42ceabdcfc61b3
SHA1 2a6698c8231e2fa27f93fd5141a252a4b06251b1
SHA256 78c940de004462f42d6bd01aaa33cd73f2c3b06652730c385f1f9c4760ac9537
SHA512 bea1a7ac95e76b120c65bce325d87c27d385f992c6b95def100ba50fc4e7eaf13c61c10bd95231046885a17afa1aba3fc4158d095360caa46412ae8b136288b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15

MD5 943dc823b68d13170c037022cf94d95c
SHA1 0e39464d007f8c35667277d3fa42f297a5d75820
SHA256 ee75215cb2025b29a28bd6ba4d363924ea305eceee5cb9c9afe68dd97c7b0415
SHA512 4ae351553521d41e844f6de549f1c7a6dd3eb544b50976913cdea58edd3e3b8cb81d21b2461258c3af1c65815ccdad407ae193d220656a44c6f4d4f21200eaa1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15

MD5 7b4b9fd2b81ce798f3b31e585fefbd06
SHA1 9b10727f132e741089047841df048fcadddcd9e0
SHA256 3eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7
SHA512 2e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe

MD5 295e1773200faaaf90fde45e9756fadd
SHA1 8a2c49076f59739c7e69f19852d4ea0a772af2a3
SHA256 f795251afd7834282ad149d10bebf7dceea04ba56a960b7b9e3899e4287f1385
SHA512 f0cd5d2e0b82d40c7256b4560e461b3eefa73fe51ac6679f29928faab673276ba12190dcaa404b89664bdb38e4da04c968e1db694410c9fb68d5234b58278d14

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe

MD5 f4ebff482100da28a335dd2ee22e4a32
SHA1 bbe5f2c752b40641d02cbb43d5c0fb9c53889414
SHA256 802308e769a49d907538c5fa0e974313fb6e3bf29cfc8c6d1d69dddd8cd124af
SHA512 86147c1a98cde8389145059666a7d241035f69558183d21f2d069a2f973de96125d5b3f3985732d47e556c09dd0d0acb75447293700e9b45feb798e145c5add1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe

MD5 6f0d8710c462b5955d9d16745bdb1bfd
SHA1 ed0545934a28799ef27dddcc0439d05dc40c47ac
SHA256 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd
SHA512 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe

MD5 988d8f7a55d7a70d764dfa515a4ec6cd
SHA1 0935b33593ae55a70833624fbb1edd7208391ff7
SHA256 db1ddddf683c53435b987f49f5f5b3262899451c634298bafb3a0b122ceaa62a
SHA512 3ea0e33b836e1cd0b8d034f1e4d31cfbccad59332cdfd0cfbf08005c32204ff930c5578350fd1ac111f109b1ae38d3621394227cbb1da11d64af4e46735789c8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt

MD5 968e7d1aa993ef1052b35a95c51946d5
SHA1 c67817521eb4f70d692d3d29b32676b1871e3d40
SHA256 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239
SHA512 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url

MD5 bad093419be1135cfe9694ea77088c78
SHA1 76204c7ca72cf666add9c9931389d635c82e8af0
SHA256 136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c
SHA512 3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe

MD5 0e6ef93d5933046a62bc747ea00e24fe
SHA1 dd78782d47f49c2d8bb903a87596b84cf1299601
SHA256 5086deb58d1ef6e262c226c1c9f590280ba09484995da092ee1c9e0e5bcdc6c5
SHA512 e7db0b2a9f8d1c3dc26ea5360a34959de95449cc6575ec199c4d01e487af627b7c9e2eb60166905011eb53a96d4e7076530ac5e429b3a3c47eb610b63fb089bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm

MD5 a62d519be58c4ec079cd825e04c1f4bf
SHA1 91c59ff74e1911d942cdb7a68ebba42f10dc3510
SHA256 9af30e079cc36bdf17fb5fffebbe68b2275616f9513b07e99f15f7065a2d99c6
SHA512 637a0dced1a940af17c47abcdf30dc1a2ab2c1a1f70b9199789670398e87d2c9ad445f82e05fd1ea84cccfb62d25c8253218426c1fd9784b14dd5c7bae881b69

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc

MD5 5e2da008f38c7ad813d9fe8e669dddd6
SHA1 3f4ed852167cfb251cce13be4906a0cbea58f021
SHA256 0cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28
SHA512 8d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe

MD5 53397b08309ff534a07d24635ba224ca
SHA1 acb7765998078026e0b6ffbe57e72d8d454bc54c
SHA256 5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0
SHA512 bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe

MD5 7794df1f7ea502f8b5a7afe7458dcbd4
SHA1 179f413597c837600e87609de63ae9112e3e7199
SHA256 75f6713e1ae6f0caa52d0b3957114d7653e2e002b33e1c6b173f6a584ead94e4
SHA512 2a77656d9201c8684315c1fe8693fee206b13d072fd4164491b7a4c5fc46a3ba78216200c48b044bad221c27423394529173f8d84a5a38da7343231d0f7d9fbc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc

MD5 7279e4431c96c1030f6ccefb5fce7cf3
SHA1 e6d0c93d63c00d14e2f40f5fdbf6c3fdc3487442
SHA256 64472af7e48d716d113b1c8a8241eaa67737b21e29abd62b4a0bfb485363ae3a
SHA512 db7febd66f65a486b1b77f13d8b32787c9d04e2b07003cd0dc90f4531afe70132ed9f165ab55c012b60857bd4e6f8fe2e78f7ff132bf64a95159d7138e5df53d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe

MD5 7689c30d53af0dc638a76cdac2b6755c
SHA1 ee74ae57c6c4867783c282b46cce4aaee6fcd5c3
SHA256 a05bcdcfa0fdc148fc7eadaa891e11d3646b84b04f793782b7257edd77015e35
SHA512 6840a48e5725501b37455f650cabffc17086453b6d70f943ff379f2b5b1ff9d1a72da8dd27083c082c3abcaaca3cbcb36da2c7005d08811cf94b45e88392f38b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe

MD5 4f0414c4ef966619b5cf9b740c9f1096
SHA1 d136f140bb9aa3d3d9b5aa5dcb413d78b93c71fe
SHA256 bfedb922c2dd20626051ac2dea4f06021eb0a51ed53d901bb7fdc3c27b0c9cc2
SHA512 bb094fd2695d2ad8f0e1f5ea5652dcf1e377adeb597cc84836aed75685689aa14f622632575bfb59a37ab86610f0595b3897adc6db7278dc141e4ef9495deb38

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe

MD5 5e8789e07e5c0545251da36bd0c8e4a5
SHA1 75a00b8758ec1b080c47dae3452977e4a61f0167
SHA256 5682a3ff1985edd22549e7821899c00286687562c768c262de1d2a542b1884ff
SHA512 3a415a469a0c2f833f93a64c5025388bc83513502cdaa46f0091d11006e48eb67215fac01953bb02c5f304d21e0f487db1085260f0f603c554c4b19434e137ce

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 2a411bcfe80e1d37e92edab81bdfb3c1
SHA1 7c88f9f2e4f6438d404cf9d06b0f9b423a4d21a0
SHA256 5da20ef7ac791c3f4541d0e8ec0ccebd79bc8c5819b097ee16ce845585ec5d92
SHA512 1fc2245df1f1d23b44c4063b5bc0d46fab4490da488695aaa66dd68aa4d1a8c6e51d5646c2c24f87ccfcd081cd1a6b48445c5854bde7956a3b35faff0d8c541a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe

MD5 f29ba4c9e82e3ba6f79cb3383cb96f79
SHA1 f8082d87ac238c237627b132889c9cb223fbb262
SHA256 9e228359b717ec1507aaecfa380c6e8e24a810133f8e5bd11171e5f9cc905c84
SHA512 a33b9c6e094ba20e7085e42ced2de54bd74461575d581b859a36481ff8c65f7737d0ac52429bc9ead3ca67f197755c49f0ea0771d8606c7af8bab55d061f6f84

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe

MD5 a89988784e4640ac2ec71f90ce85b825
SHA1 9e22ce33b9c1fbe81690d7d7b315ce815e72994b
SHA256 679f4056018986fc3f9329155cd3a826ef7bc664bd7cb6dec0ae07a7818ce57a
SHA512 9b82109d2fe226f99d2919672734ca8dfca74b3bc2032b406519ae96e37d33a6ef77be655ae0ba5c54036e3ae3510efe767e5881b17e85b04292b1558387a919

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe

MD5 33cf1a9ad7e502fd7c2de69a7da48801
SHA1 a71f1a144616eda1ca60886843fae98703417a0b
SHA256 f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0
SHA512 edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

MD5 406347732c383e23c3b1af590a47bccd
SHA1 fae764f62a396f2503dd81eefd3c7f06a5fb8e5f
SHA256 e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e
SHA512 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe

MD5 3ccc6610ecf9eb036fc50fda1f781d21
SHA1 de7db115b3bd1b926ae0b2a795e7d0feac621851
SHA256 2192613bbcf96dd824a813b59c598c486ea713a05c82fb1184eb955bc3b84839
SHA512 aa3a6d68415fc17695a8dc35271617834a84b3485af974cf34f2ff2a065ab6217db4a19e08abd22330dea9d9a44963e0aa70feda061db2ca6c0c29b2f4c6ca42

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc

MD5 92e39e4bd3e216cf76a2cf3d93c53fdb
SHA1 6b3315770d169c632712e5bfa002610c3917d99c
SHA256 be2529bc70fad82f5a753a3c4083d9ae5361c1e95a2c5fce51df6feb442de615
SHA512 ed9c3732a6f54efba8313ca533eaf6e9a5eac80977ac8028452fbfcb1429e46de192ab2afcf7f1d3bb1f0a1a8f31f00782424059d82022f660bc44fe133e3b6c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe

MD5 0d19bea6f0b22383fff2d13e0e6ff0a2
SHA1 416f9bd9d2f0deacc06490fbefe77a6ffc2064a9
SHA256 da3cc596513ca5729f367af635df99081509cf5dcf9f5744090c7cd9fa8e0243
SHA512 e9ee700a8b17396239bc5ea79f384c80e34c7412f5877e4b6214e6748ea291341599880aa5338a9e68a3ab86f2f5263b08193a543be72372eb01da0432ae3308

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe

MD5 9b55b8a492df2ce8fb6e9b0565dbcdcc
SHA1 b52570ebb2a3c3aa8cc3ffc6ad0955078abd5235
SHA256 e73573d120f91a45563e277015e3ca72f05ff1b18976df5c81bd490805020f25
SHA512 a8fb3c061f4b6fd17167cd8ed9f92b34b90e826b6dfc036db33c72f960052e20c4cc0fbef3988032ebc30449aa310149e81187bb7e6ff87f6249202f2652cc5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe

MD5 2bd136eb4cb4539c66599b66221dbbba
SHA1 22532c9b312cce5d6e593955b795cb2ba2857124
SHA256 aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6
SHA512 22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel

MD5 744a0320026eb91c3f475b4ceb3a39a9
SHA1 65f61bf6a7e5094f68656494a59553c1c64123da
SHA256 b003c371a0dc78f40822f9959e084ad23cbb605dc362f04fff880459bde1b63e
SHA512 1e961b5c1d77c81ec0f326608a1e12511a4a0041a458b4551c17859b3afb83d98ca3c84cd8ff771684a6747f6df2ac82fe5851132034c1c42c8bd1029f4734ba

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop

MD5 c29ef40b14d06595314ab1f6634ee474
SHA1 faf7420e380424794dae3192186f4e5263d1ec1c
SHA256 4121ec51b50f6b8d459c56d92058af3ac611b00d7245d7b39145d47445e7273f
SHA512 60a472a5867d3fc79e5023ec260fd00dd48d207423b336a9c7393fd8a7303e88b2aecb005f652f2a983d522ec878011dbe797ff56bcf9079a43a4e971f8f4531

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32

MD5 e1aa86a6110404c34e05c063601112ad
SHA1 0680868aee468fce12215d90684c4c7cf7769b34
SHA256 af63b4e541130d09289a3c6852de203f2723792bab7464559459a732d553f8bd
SHA512 fce875b8ab57ae028c3bdd3adc645075babb7244a9c3338abf2ce871e56722c895610ed2001c1c84de34c2837616ba3664839e0985f42ff164b1549e909c07c0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15

MD5 f35b45b5028b3b64375cbb3fafb44044
SHA1 24ed8611db1e76ee699152e10be6c96c60e8a7fe
SHA256 848a25007192b687231de4053ef7ba80b6df0e70d52342b4b1fd4abb14ec4c25
SHA512 0d7ddae93245cea32af0bd89bfe9f841bf905b97464fb87aeb5158190e0a166b69a88babc7498b88eefd41838696db2c6245ea63a3d5c5d8b78e702972f765c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15

MD5 a03a0988894c00b0079df02367d9825b
SHA1 e7c6203741bc7b729f4ea6b7aa0afac1fcaec277
SHA256 6f37c8f98b70b89c2cc380d0aa38b0262921202d0ee63561f57a3304575236bd
SHA512 692a6dd4619f7e05c06480d7a65fbec407a31d30087ee89efe8eda8e8a578e7a285f51af58ddd9e2c1629b9b9b32c57c8031457587b3c9a7088e21b03ece1b35

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.key-KLWXVWCCSJYM.0xc0f369a1f2da7

MD5 f7c68aeb068be0b1676467034ec1ec2e
SHA1 e20d93b078d12e810d3acedd043a0732d4ffc0ef
SHA256 eb436308ba9a771a091998e4f804d999355f285737682273a6faa98dcbf3b3e0
SHA512 1b1cdccecbb81f4749f1fdf11d9426eff55cf8faf866b0600884af8636a716c62f152f6ffbb14c2d5565eb664e0e6a4908c584a8ab37aff2c9d008c247b63edb

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15

MD5 d73810507446e10f35cef691a91cc5f3
SHA1 f871fc76285b469eaf3f77697acb489438671a31
SHA256 bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3
SHA512 c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

MD5 0e2a09c8b94747fa78ec836b5711c0c0
SHA1 92495421ad887f27f53784c470884802797025ad
SHA256 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36
SHA512 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15

MD5 c314b7443a535d4b39b28c6a2d246ef5
SHA1 b7688df267a8304d3f1f6afdbcddbf96a5e86fcd
SHA256 288834f082fb5ca0868a7b8fd3f645c883841d612731771df1c9490d99af76ad
SHA512 ca3ac5def4b819cbc0cb770a2e0b482e3ad5753f167b2741e7e31c20ab7236559695297b9dd5d8088ac2f1b3886a7e644166c4fab29dd63c60a906abc547f422

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15

MD5 47c378bdc07ccd57b6e51d03085d0a09
SHA1 5e0bcae2ef2a557ef7b7feb11c032e567347c9e9
SHA256 c8306e51b61f5b4d819bee37f60258378b9605c6787f55cbed76c676bed66322
SHA512 1425b348c230aa7818d08049b57228a27bc591fbbb1a107f153eefc3e313ad12cd3ec3efab0b314795ddf00586a821e98eb042db68d3862ea2cf800a0cadb77a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15

MD5 2c3d8b38f4706d2bd623310de468a21b
SHA1 43aa3a23be9e599c8df874b631e2291fa0fd5e25
SHA256 eb7c131073394f7824cd2152e9ef1f87bfa7feb09097af42d7a882b3ad7b7ac3
SHA512 45fa14f771adb80eaac8d0bc02e70d9e9e453d27238698c7953de7434c4a182eadad6e7fc908de4e5babd487f9dc917fa3ba67ca599c5889804d948da7fd1fd8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15

MD5 1d3c4e80c24cd236fa76a27435926362
SHA1 7dbb5cdcac2ba68296501209c9fe98edcca2d35f
SHA256 dbcdcb3b5da2fff40a182288466d41e376b9c578ffcae1c40e53e6b2b1162b2e
SHA512 b871c72d59f3422ef443502bdd0c955be46f34f599efb063dd5d8701902c390f8397df4d4d04699a03cc3326f4761a4d463df7ee8f7a32559ae0b0e39af41acf

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}

MD5 2e455b88290024ba91a90deb1f194a19
SHA1 d17027449bffef8c398ff1ffd8fbf078171805ea
SHA256 65afc3f47f89f404bb847eca3c445bcbb15af5fe0905fc050fcb6b6d2f6d00cc
SHA512 1cea9d5922894fe900df5b186af735997cdc2132ccdce5690681f4e55608c5c9dbfd5b072c81453ac7456df7fe6577f55e5f86900363fd3acfafa78dbcd6ac5f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}

MD5 6ba483c92ecc054466753e522db97936
SHA1 f46a0ed2d9d68a979241974f1588d076f64f68aa
SHA256 25b4c976977835c431d466db710ff3d5861cacc4e77683ec6fd4d5c9d5ae0afd
SHA512 ba9fcc6b649ba53bbead16cc9e47741fbf4abb3d115212b15931d7e759b07a3ddd926042ebc93dc1887dd25dd33044c44bae4fcaf2452217d7d1180b1b269f0b

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760536280418433.txt

MD5 190a3a38fbbecff68c090688e6c8ba20
SHA1 9afb677325a0456575b4fc3327daaca9ca392d32
SHA256 cf0665cb7354dbf9b6ac678bfd496e4de678aad8e90c34549c2a6c9b5e63ef5b
SHA512 5957ff1e49cf3b12474dd457e1e0a953eec5fa6e3f28989ce6338ab724684e7b1fd0423adbed1ae2f15ab18fc9918a15f81657cf1a41bd7dc02435b2e479ecb7

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 10:25

Reported

2024-11-14 10:28

Platform

win7-20241010-en

Max time kernel

141s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Reads user/profile data of web browsers

spyware stealer

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre7\lib\calendars.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\it-IT\sbdrop.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-cn.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe N/A

Browser Information Discovery

discovery

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b C:\Windows\system32\reg.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1736 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2424 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2424 wrote to memory of 1456 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2424 wrote to memory of 1456 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2424 wrote to memory of 1456 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 1736 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2192 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2192 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2192 wrote to memory of 1984 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1984 wrote to memory of 2220 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1984 wrote to memory of 2220 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1984 wrote to memory of 2220 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2936 wrote to memory of 2912 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2936 wrote to memory of 2912 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2936 wrote to memory of 2912 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2912 wrote to memory of 2956 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2912 wrote to memory of 2956 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2912 wrote to memory of 2956 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2040 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2040 wrote to memory of 2004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2040 wrote to memory of 2004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2004 wrote to memory of 2008 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2004 wrote to memory of 2008 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2004 wrote to memory of 2008 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2256 wrote to memory of 2324 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2256 wrote to memory of 2324 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2256 wrote to memory of 2324 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2324 wrote to memory of 2960 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2324 wrote to memory of 2960 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2324 wrote to memory of 2960 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 3068 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3068 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3068 wrote to memory of 3052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 3052 wrote to memory of 2932 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3052 wrote to memory of 2932 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3052 wrote to memory of 2932 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 1736 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe
PID 2480 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2480 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2480 wrote to memory of 2896 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2896 wrote to memory of 3032 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2896 wrote to memory of 3032 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2896 wrote to memory of 3032 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1736 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"

C:\Windows\system32\cmd.exe

cmd /C "reg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f

C:\Windows\system32\cmd.exe

cmd /C "iisreset /stop"

C:\Windows\system32\cmd.exe

cmd /C "NET STOP IISADMIN"

C:\Windows\system32\net.exe

NET STOP IISADMIN

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 STOP IISADMIN

C:\Windows\system32\cmd.exe

cmd /C "net stop WAS"

C:\Windows\system32\net.exe

net stop WAS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop WAS

C:\Windows\system32\cmd.exe

cmd /C "NET stop MSSQLSERVER"

C:\Windows\system32\net.exe

NET stop MSSQLSERVER

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQLSERVER

C:\Windows\system32\cmd.exe

cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""

C:\Windows\system32\net.exe

NET stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"

C:\Windows\system32\cmd.exe

cmd /C "net stop MSSQL$SQLEXPRESS"

C:\Windows\system32\net.exe

net stop MSSQL$SQLEXPRESS

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS

C:\Windows\system32\cmd.exe

cmd /C "net stop SQLSERVERAGENT"

C:\Windows\system32\net.exe

net stop SQLSERVERAGENT

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop SQLSERVERAGENT

C:\Windows\system32\cmd.exe

cmd /C "net stop mysql"

C:\Windows\system32\net.exe

net stop mysql

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop mysql

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlservr.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlservr.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlceip.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlceip.exe /T

C:\Windows\system32\cmd.exe

cmd /C "taskkill /F /IM sqlwriter.exe /T"

C:\Windows\system32\taskkill.exe

taskkill /F /IM sqlwriter.exe /T

C:\Windows\system32\cmd.exe

cmd /C "Del /S /F /Q %Windir%\Temp"

C:\Windows\system32\cmd.exe

cmd /C C:\Users\Public\Log.cmd

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" el

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Application

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DebugChannel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl EndpointMapper

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl HardwareEvents

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Media Center"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl OAlerts

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Security

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl Setup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl System

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSetup

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" cl muxencode

Network

N/A

Files

C:\Users\Public\Log.cmd

MD5 6a2f870841e0126632f5b9bf0d000d6a
SHA1 51689e26641f0eb054cd90553a21a472a2e79148
SHA256 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f
SHA512 de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0

memory/1192-5-0x000000001B230000-0x000000001B512000-memory.dmp

memory/1192-6-0x0000000001D60000-0x0000000001D68000-memory.dmp

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 d64d030b061b0200af949ac43e7e70fb
SHA1 5f3f4f427c841de9eb4aa840aacc61874fdaff85
SHA256 3f046ff85377f8ec7d441b0afa9d1fe7b5547b671c59c1f75f552f1f112a143f
SHA512 997645c6570da4808d39bdd1220c2184d82416e8ba7409e09ea769541c271f8aab57b281d446022b15202c93480293ada97207dd8b311b4c96a31af4b4a27ba7

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 36fdbd03572ce79e51df5d4700bfe3bb
SHA1 a01867df5cd1861a77f95c24abf90f4d906dc21e
SHA256 0ccfd7b91980f42dcc159fb0d277491d60a16512de0c89c5f841a9933084b605
SHA512 1890e0f87c6acb10e041ce59204acf087fe00bf18d5a3dae864ad5c0a8b8dd7e82dc84b472eb26c9bb9eacedda7adc8f128b1c2085f571a9069c826db58f4b70

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 138ca16c6e3a7a212795388c0c8e91bd
SHA1 58965d7d8ac6fc0987aa5b2006d7c53a83f70f04
SHA256 2437a6f2f341ed0d6cdba0db6bc3080deac5f5a8bf9bd64b0ba1a06f953ee139
SHA512 ff16820c75cb2862bdde9756c35730daebc2ffe534dfc92019f5a6dce301bfac0ba1bceff3002015f5d47f563f47793bbef8b8f9458ba9df27b1010549af531c

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 d28cb20d7a13bebe6c74570fc69910f9
SHA1 bc4d2381849fff80118dc3b465ae7ff00189b438
SHA256 db9f928e5fdaeaf81c96b969ee3fbbe06e48602ab7497192fbd16c0e3d12a5c6
SHA512 3a7cf7881b1cf0145ebf1a664ac40071202c520f90832837524378d8ad1f611507f70ff98b6eb77fb65096afce24a89b4308cb5625fad1fad70dde52a9f79905

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 1060bdc5b66203a43f502f8f2358a97c
SHA1 d43738dd8b35ff1423801496005e5842183c2584
SHA256 e44f75612ddd73384ddc18ad98cec1cea64549cf9604240c151ca026c4b2fcbe
SHA512 4759e2bb0098fc83387204e3a768224fd1d44d958b2544884806953b19c0cfe045e6b46e722a063a66529b09b08a493131c0c2610883c4ea185ea53849fe5553

C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 7866e2844ac0cc06b8f829a2e82c77e1
SHA1 e603d2cca4d8048bf911a1e89254e4e4d98c14a9
SHA256 dbdbf83d9059ba06a08574bb47e46ed636b917345e75080378e5f729b9d25b97
SHA512 10c8d0597f501098d07a3cd2f7a372c3c567b8a112d0de1ed3365ab568bda5167e54e909d329c58bdb03b4702518791b17ed9d6cbc6272aed08c5a0ccafdef52

C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 8092005059988c39c96a07be09802a82
SHA1 113acad8e88b6f10029dd62e369cda7fe7028dcc
SHA256 6328605a42669b43acc68fc11c0194d640fe5133e2ffaf3daf1915b56efc719b
SHA512 9a3791c1f0946ee7f10f0c57a5c1f9f3473f73e7242a9d3217d9a54840663473cf7a34d7676e984d7a7d99e25b7a9130eb9d0c0776b5448402ad9a223950d151

C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 5a6f13425165848b9a28f36de9aa0ef2
SHA1 9c27fefd16357ad6c909b73491487d72d8b24160
SHA256 7db3b527e2e960ac12f602e54c604bb819e27fa8128ff82f5a5d6edb3e5ac95c
SHA512 857939165393ff4eb10b8772e43b79334a51983d3c6a171ede5a668d1fb0eded15b7c15bf9f81bf7db2cce0687164e07bf7776f5adbf485e44acfd7fcacf2436

C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 90c41dbf3dc37be2492b8fe2ea06bf1c
SHA1 da460ccfd0ee1c9910fe4eea4d7e210b862bbf08
SHA256 e0e7ff7255d163cffaea316409f2de306bfe3942d03c262070b3cb8d17c3ae4a
SHA512 7fe376e5e156e02ede9f9cae8ece3d644a10985097efcb6124768c361b50e759a1ddf288c9bb94ac40906b65451e02c26dc67d715f4d2dfd399e9def6aa37e34

C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 ecf7c78d91faa77767ea785a8a50ad7e
SHA1 989ad657fdb0068ab603221233e46cbc8553dea5
SHA256 536c5e711c3806cceeceac3ef84e9a009a6c5b3aa06fb4d37a2d839ca3ead7d8
SHA512 c66033474861ceb89b210a641984faf11794849adf99fd13917880b85bde1588b468d2c3f091d4ac811f05d181d6bd1ded8af2320113ba83eb626d1be83dc40b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 b2b0de1ed10bac0babe16f15e62ffda0
SHA1 fa0a516a68eadd605738b5672a2d02a62101a362
SHA256 e211975b486d87eb356dd4a620396043fc250bebe766e545bc9c4093515e43ee
SHA512 7d7d4f0881a7b43e59f6862b654621fca04f6d7f04fdb10c8f169f5d25aea20072abdf6713a85dfe1e9be2641b13bf7bf5a176b18d8ec8a364b00161d511b8f2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 b772bb53b07d73e1ee0779d6dc15a333
SHA1 2009804f64dddbbddcc9fc1dd159a5063d07a8f1
SHA256 29379bbe38d6a8a16193394b64e51b9412f0d13d4530e64d5b3755e2b82c69de
SHA512 2d40f3d7f3521a7c0adbe5601f484d07e982e7b063a731fe3d11a64cca4977e9f13cb06eed8f8c44bab08252d4e8e59a503ff01d94cd2095f15593da8ae4fb23

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 3d0ab06cca099e1896d76c1ce17b0624
SHA1 9521b3ed8953aa70f3d4089833470b763ea26b1f
SHA256 9be26140b970f5c353c0f440dc25d7c29081666a07f5c964ec952b239dc42c48
SHA512 5aeee4b0d9422b031fc208162da6f835d74c47d447e079edd67bdceff42d55089304d684f664f38fedaa3d64c1e61239238e9d6b82acf288a0e58c79c545e7e2

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 66a1828c4b2980c43ec3ccdeca5439da
SHA1 4ef1561800df0a00935a1eb73e72abac3a626b36
SHA256 fb1af86782b92ae14c0a8e8b4c8f77c07f10a64c1507c7d1411708b4a4739ca4
SHA512 84ba044057ac07083ddb8d51889177517d8aed56fb3d1ecb677f9a1240631824199b27759eabbb993df13664320dc0232ceae46940882c7d640c2db243d1795f

C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 9877683f54af94f981608a776557e99e
SHA1 4d9a59f5f6e4d504e7f7e3345cca4d96859fb57e
SHA256 08eaa1f2885f0a290c87ffcbe1648b3caccd75d3b65c4084166e12b4f9b66724
SHA512 a038fac7bda3633bd6b3f9f12c3e2f327cadbb01c9dacecc455cf9f2e40da4749ccd05f51569d9b74f34954ffc81c8878ff87def85e0f7d816a697a3201fafd0

C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 713af64f2a66eb1526d498f7c7b12a7b
SHA1 0a9b5e2b2ba16808206176470e2fda1f92c36046
SHA256 20def8fb12c615c956854fdead1a78bc9eac3aa3f60773fade9a376b9ab024f8
SHA512 942cdd14630e528dcdc75a579340419eed2e20bdec665f33f9c1f6d3489a32e16ad497e7c8cbadaa8bb583351e12547436a2b02b2720ee8c0583e99082008257

C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 a0b9a96178c73a33a0c11b70699631e6
SHA1 212dd4696892719b0c937913e5593a96d40e5215
SHA256 9a6864a02470556c0f3020cabeefede073cab64a1a6450c5e3efe1a68a507932
SHA512 9839521680f96945d7f5df133b63f30c2223a41c4517923f630fc4187c92b856af0beb70c15b8ab3cda7431e765c90c67418877c24e3385f063673596ee52615

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 b82a86643ec6c1aa164115dd48d50175
SHA1 91124c81694abf18e40ff5df8a835ee6d867e6e8
SHA256 170022934e19c0014818830e73c19ec8fcae268e4b05a084c632ae1a63276fb3
SHA512 6d671f1800789e90302945ee34ec625efd2cad8cc41f7399637d2d82941c154e63b9e54e3e62d3df5c8383319467739dfaa8681ba1793fb847ae8cf653d9e683

C:\Program Files\Java\jre7\lib\zi\HST.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 dfdf83f73bf308d88290ea3ec38ccf3a
SHA1 b03425088158c1904bd19134bf7122566a3ec724
SHA256 1929e6819b42c8c197cdbd069f13d27bad8d3e9649f94445e9c1adf3eaedccf8
SHA512 69af3b7fabdb2d3529d5895758d5913ab7a5ef71a56afcd759257a2d725121f0835c7d77031d00338a56ae25ba027befae89997ba098f619e36130578347d6e5

C:\Program Files\Java\jre7\lib\zi\MST.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 87950f5801f345c4e97d57d42b44d39f
SHA1 7ecb77f6344d1aaac21b1e10b40aaafe8ecf3eae
SHA256 ff271fccde06cb66a26f12ab598619cb860cb13aa1b5429cdb199a8ac28e5879
SHA512 030f16e7fe95ccea0d07860b433cab6834c5468649cd333a6cb7b75989d0d95e018d5a4093d0849171896f4e526297d618f55500a70cd7c3e191606515bd2d02

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 2511a7e76ea7362b772d7236b41c9510
SHA1 c94ebb9cdd5eebc38f73e99de69ebaedf8855f35
SHA256 95ff8d2787e7c53f4d9e24daf82177e66ab155543e89491f95638da87c3067d3
SHA512 e74d545bad1d04367caa5d447fc6e9ae27b76fd8aa8922d16c485de3b4783c152082bd0dae4681d5922d210d6a6c537d14539e298a471acb6b8b87c25bf166da

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 b85dc75f2510eba19b42816b2391779f
SHA1 68c19f840c25fff934d7ec9b1a2b4510ff11f2cc
SHA256 2cd75ffbc8bc9036486ab72b0a9a233027a9a2c84c37aa5f2f89e17670a3d049
SHA512 418becf37185c7c1c93352d39eaeb9557b2a074f04e831a9e118d7e0cbd9ed7ec643be678c518f943b13299f24b642a3f35b69a82c12aaf63512283924a9db5e

C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 81cd39af114dd719964b568d4d4d5d36
SHA1 4d0a048b4d52d322b40bdec0147d09939978e02a
SHA256 6e695b84a8a54a7596176c38a8b699e5eb60ffbc351764be5a72bc2e5eb2bdad
SHA512 d5d79252f5f6db7476ca13bd2419f41e7d780a10cd17b60538431186b47cfacc753c8693c9abedaa42fb233dead2da101dc697c500c2e2c03bf894153ca91f4c

C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 64fd39dff664a3f7c6115cf329780a77
SHA1 184a4a38a07b6fe51bcf7c33f54b01cf11b11d9a
SHA256 f3e4e4c485d415509b996a0207f80cea4af956836df7f72d7fe38774fcb7d12f
SHA512 05811fd04c415cb3beb8aa7bbfded944c9e5006922be1bd0fadb61087aed709c6418382e8cef2964b76b31303125bf674030c0b602e7ce8df32abbac54546f46

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 55788b7ca9b07af5831d1680cd4dbdd3
SHA1 5cacfddc549a6dd7d4ea20523eb8507f18c2a51d
SHA256 21d3ac620523e4e4277eeb046b8e3118f7fa57c056cc2dd1321de217548cc447
SHA512 cf56668c7bcfa6bb17c438f1cedcb4c84c44d2280465f497a7a268bcc57a3e845fab4e6caf948db1a3e577e83b31b805066545522f89ffe3a3d38b0fca6476d8

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 4b005d5da246ce2084e8322e9a8d5623
SHA1 148227721d008a60f3aca4ad563acc399370a2e9
SHA256 283372763d4747d9b1c80686becf4ad619fc1b0c91999e15a572838f4fbf9a79
SHA512 d52b6d686e7713d7ed86c1ff90cfbbfa53ab478ba72ec4c4a5e0a6982ed185da7431f3ceac19071ed103ccec94c12dc7c40c968a07e3792e9ee1a9395beeeab3

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 f5aedca57bb0ea123c185f67724b44ac
SHA1 cc447594fa6ca0a86684b279535184f5a96f8368
SHA256 1e2b63db93eae148f3227d9829cc3d06c849130852e2ee4ebd05116ab09d087e
SHA512 bd4fd81baae5bf16896efd2a78a053da795d30bef784cbf9a8443615e550ac57f76ec3efcaef88ec1a03de6aad9a06c2e378818dfb75b7ec23c2c8b90cf4585a

C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 32b4b86a3cdc0c42c0dfe8dfee233063
SHA1 0ec4888e98fdc4450012f84e2e0c8a2d77766c01
SHA256 207bc11aa9668231bf1cd85dc4cb6ac1030834f1bae830386601a1df083ce4d6
SHA512 b8098448ea945ce61af7b9b48e76c6f80bd034bc32a0738342d9551c943f812878cd2a385d904260cf611bc160fbf0a564564583dcce7ac3522512d5b79a7543

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 9e78e7cca3f3575587c1d3537c835a13
SHA1 84117d8f9ec72e498647be70357363247b9c1374
SHA256 8385a1da2d82156233e9d06d14ed647d9e1a1bb99e95c81f457da487eb165ddf
SHA512 09c99ffb57ea3e5f05cb0c039aa65844cf8b2d1c6741fb334f864bfa8bd6e0a9ffa88d0b5330e1622c0be566c9cb615af2c7c2f49b0ad425c34700994812563a

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 3bf894012d3fb2785be4ad0ad685afdf
SHA1 64e57ccc8c795b2db1a758b842213a3aa30ebb85
SHA256 26aab55106cdb7f877e69ba7494e7b101bde41ba2411365b0b52059835bc36d4
SHA512 3404cb3782c329166ec426cfd653ba41cdf5cef51b16923905a5cc8c7acd341dba891b218b52f05e56b96418fe657383a098964026b134c3366f749d65153fde

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 a2707f01c4faffc3329991304f001c26
SHA1 319dd92d0bd6433ba3bb61670674061ecc9d9b01
SHA256 ff5ed938a3b8fdcdc04721a2dd901fa0dae129955b68579b18d3b2268485b75e
SHA512 68cffe8ef81586cbceff04a50d04f5f790809ebea938358ccd2a0d91d42048d613145eca9501329246ee326779492588e91a351a32f47b2472b01b6ec281bdfc

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 087c20c7b8a25ba3681132be6fdbc6c6
SHA1 81f7c5387c6d3dfb16750b29117135e837035196
SHA256 a2d266ebc42ed3aa29bdae3f5c3a13c254a3e4e033b1fecb31ac8672a0405563
SHA512 de8bd2da7ff37863957bdbefd186506d2fc10dfe8f97e7d54572ccd6d6e75f69b80393f04953a676542f9b51648617a1d4fe09fdf9a0220015ff0034bd7515ef

C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 82915d8f74bd63ebb0a155d7fa3c8808
SHA1 c6827ae444e5d206e445bfcf65f364b5e330b345
SHA256 9175eafd8935aaa2df349dc201fb5037ff1ce9c952179f7195181f9b3cc1adcd
SHA512 7f8bf0dd134ab65a3c791bf980df5da8bbbed5e56732682c6a2ba1fa0fbb8085de11d436e9a996176238cc91c22af166b88d0abfc2a5dfce1e691d4295768f46

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 c8c2ffb90fd7007f97faca2ec3eb396f
SHA1 223bcd6edcee46350c502c3fa051e9bbbd0404c5
SHA256 1d7d897afc62f64bf5df2ede3b6c6b93df47a3cf67529b88eba53ff6fe9bc46b
SHA512 164c7801448e36944c8fc3ce1ff5d3423fdf615c057c3daa93a2c6778a41cd136996df91059eacd8a388189018f53c1626504e052e169a50af10c2bc9eaa4fc7

C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 828cbe0f94e5f9542f13458c09ef3787
SHA1 63de8e86dcb4ce76cc947f4c7459b7c46bf7fad2
SHA256 f8dd87e1163d3dad2f60d49436216b657740d71d26716c215d48b84415a08fbb
SHA512 3ec3c119733b6b88b28e7f507258680c0d77278fcc59ea43b649db556145cede5d21481ab2c533c70ec819b96d4e2e19957ea87de3de258042a0ac7bdb970cb6

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 ae87d7631b243fe81a5b721f02904500
SHA1 09d865f273589f7b27c2618c1be2f12f2360b26f
SHA256 87f0d54275e01153c42ab9df9c9c3fe2f8a3b2edfd49e433a5578b840a1ba84e
SHA512 995a4d8e4862416ce9a5695c60b972b5809e340e943b3f144c61f4e9862eaf12b8bef7df98361cb08cb69d86fb54e7da4c65b50fe1059139023636546bd21c21

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 a1e08e8067ef86c7ac8b0b2578e551c1
SHA1 2203fae2e3f572435d16889fc0b8ac1197f99956
SHA256 703eda008dc744a2be66d585a608c10a350aa65428116db7c9ceecb383fff400
SHA512 c5c3ea69558cdc79e1dd253692499c9efb3cdfe7a7a0e8bae2f5ef15ec979606536ae0a777390a6847926b352bf8917aa3a13f53dcb162978e4f1e79c4ddb75c

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 d61ee4313e6ae1127df228c8c0cd569e
SHA1 359cca37bc790ae515e64a035bf9491e5c82473b
SHA256 80d2ff26fb5f24e6e8112fdf02cf972aaec91090fb7b3a836169499e3036c14d
SHA512 7a467fb734efa75810b6aff6db45786ab1303f9a0afc74271ad3a7b0aec2a8613f9be868b90450771196f23c4aabad3a3bd9fe32c12f8261d28c260b2168f62d

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 71f25e78db90d3cdc34666bcacf755b5
SHA1 4e9c79563b8cc1320d17648cbcf70d37eab70871
SHA256 331371b15ef3f0f582572da8d992538844f6a7aee8cdd4ec3901178ccf214c27
SHA512 0aeb7d80f588f664f19c98fc3cec3582ccdaa9fa6db7d3449e56fbb24c217658adfea4ac6e8e5fba727b4f6d9400dfac37d69d2fb49352f00418dd2887d70cf8

C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 0bd1bc23040588f0f905824b9ed49cd4
SHA1 3e94cd0cef05acf721dbf77ec1a971cb9801e646
SHA256 7a91c3a84eeb711be37ce13854718b3e0a58bc581c12e1e7f7f8e96a04825e75
SHA512 a83d54f7b3249b7d10b228ddce0dace2216cbd34f331b374e2964c0bec210eb5655a797a92181a9490c04fce822a1951ffb01edff50ce3af3c04b04e57b83676

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 f1c2978246511072175bb2824dd5f213
SHA1 371c84f27d0ae80358970f060b9114d58304d66e
SHA256 ff20a942a6e936194a84316a1e664c141c11f99e4a1658a1f2892b97f543ebb8
SHA512 f2d8089f5badc337e671fb73c95594d3cb0980997c634aaa860f05d92d7b433ed39aa6aae9b21e33a1dd5ffedd724da0cab06a7987a13f4ddb53ca688abfae0a

C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 88d40c25e2e2495be0f58eb7501d183a
SHA1 489397abe0229b91f2caeb21a7509e0a163c710f
SHA256 3fc33565cec410f223dcc4c9d954d977a25ce5ba8b745dc1aca2b8f934dc76ff
SHA512 e28ae49c64d0126e5936145124ee68705dc00bdfa0b59de130364d4f8f670493331bb977200e6cd37540a9ec2849855be4ce95de71b5b5dcc93197186154457b

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 088c9d2ecafcaea3636283e768cb3a2e
SHA1 db8003e62a1476adc4b69889caa887d7cdf12fc1
SHA256 9ad32211cfed13b17e78551c7af4bdbf0d0d55d26b9484e2553239be70f0309a
SHA512 bc61ff659d161a3d87cb1ce5a1e7ac99193ac6ec52d26a2dcc6f7932d8fe83968ddb8586dd4a18de18a4720b9ac544c6fc2c616abe982f20c0f5ffcf8741e7c9

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 392872261c29153a2e29c43a9f2b5466
SHA1 72c81941a72c646e972186d7696c877f992bab50
SHA256 d213d3f018e03cd11e224e86ed16055b90aed917c506a0399c10738a1e56618a
SHA512 47d609c3e870e5292ba3bfc8342b2eb2a715e682df86b60405588a10614a7d44c6c27d9237469844fbe13d59b7ee807455f4e45a41ae34893b63ba4e3b565e76

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 6a375b769da673fecdf21d8019be00c9
SHA1 3975138047b8674c58e006eef4e1a99f663ae930
SHA256 aae6996ee257879c063ab5a8884bf64bf978cf1cade43ffc1d0b99c52a329e07
SHA512 e026638f60d20ec5f3bd976dabaac53e15a14791f567597bf8d05fd307aa4edbdea2da1392c0abfe79c378e6650df5195e2ed179e97f945b5af6f9b407426326

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 95b9d18b99481e78be94781ff070c1ff
SHA1 791a45fb28d478c569c54f7ea20a66efc7dc34e5
SHA256 105c111ace325f37f0f3f0c846565044b5031b4d86cf9a9b58d1653ce996efd0
SHA512 738f511d796c64c2675cf0e07ffaef315f911aec53bf5ead2cf071ac5a04f0fab9a5451ee87c602c85250797bf3fd95279b1103886adfd5bbd5dedb06496837b

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 827bcb84367207a2d304565690256aa8
SHA1 0fa96680e62aa4e4541f2dde01c7e664b27f220e
SHA256 18ef6b3a17d8ea521c2ba34931f4d28239ed461fe1b35a4dbef4079cb1fbbcf7
SHA512 f70db8ea133d44cb502d6afced78fe9b69f76883bccf837e6e15e36532f53a94bc3a0ae134e6c9f9c04cef69d70a44bd097042467078364b10e4de1905e9e27e

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 9d704e7ce3242e57e559d467f3658fc9
SHA1 613d09c620a01fc195db1cf055c8039dcf745695
SHA256 a242a0f91a83032cc03f0c72383635d124ec6a14711352bbe913137fb134385c
SHA512 0383168cb2c81e9fa54e3639a9d81550ddfdd35b10d52618ba6b4014c3a1cecd542388ad4421fadff9444a18dac84b467ea162f33d3c41ede95036365d3443ea

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 8ea160b5067724a94401bef03e976749
SHA1 90ee0d3a40e126493eea3b79e2862f05250b5005
SHA256 521fd670cbfd6e3c1c1838f22e844b0915e74c42431a01ac097b70e6bdd658f4
SHA512 cb42c45f3e858b078b42a81e22872fea03fff04d8dc64386fccba5f36fbac3b6ae984c732f1cc7fe29caf27fef73b7f881e4e40e6313a3574429fd3250e0901a

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 ff4b32d2d09223dda8ddc90fb9a9b3a7
SHA1 cb5b6829e86c4aa55689c0d24961ecfb469f13ad
SHA256 7f720c22ed43228804eb3913af85406478268a04b13d700f0f422ec04767d763
SHA512 da2718c827e70c00147b2a0e4a46798bda44d18ead87ecf8703d08022ef37c82d1867c6325d69ba63f15e4b298dcf323afba7a8b11bae878f587222d88a17ed2

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 672fdff15a306e013b0683e8ca1c9217
SHA1 52e37fa8c89977bbb9aa0b79dd4379551f2c08e8
SHA256 85ea1067c5de063e5a38657a831e67b25fb55e7da49bb854676e039d061c7c30
SHA512 d6f46ea993d7465d5ad7024fa7457834069eb32cc438d4dec26e97904998ba3d090d83f695c280880642a4899d0933fa0c3fbf09c756d5bacce0b2f826f58227

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 be01f8c1d86d272256ea05291755cde1
SHA1 b61ae6bfd2c0e724192f5519f1f1e1b4b033da5f
SHA256 27b4923cc6fc7b0938a1f100cd13817f8c5f1bbc3deefc11d231645f256f33c1
SHA512 a4e68db6abd10d8b6e590079006d12f93adb805a7e0e9ada753023e5fa215f335e3bf57a1e367b8b1eb023513fcbee7d4865a065bc53d7b7236ea80c523e6c03

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 1ce3ea6b9e2068f2e748c955669759d4
SHA1 2cf8e2be79c4ec5cd96e60724f5908ed32147a2a
SHA256 4a0202c8224c87027ac27546a16fcbffd6a701923a0d87df2df08c87cd0ddbf9
SHA512 2dd86e7aa18c6875a38e8095f00e33184585446b1f94f0f03d32780ecd6a797e3ebf2b642a45bea7342a0275421ce54246e9103ae9c40646f581c1fdd80219c0

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 6c5004b31039c95d04120eb49732c04e
SHA1 746f7431ed0838ed0bd397e9ee4b6117ddd7dfcc
SHA256 94957e650b8469a9ef2d1a87160187576a83b56eaf066d5adc6ce5b22f082187
SHA512 4bd3d879347cb002180eaee694b84e1107c640c07476f4f36057b1601418c16a2aa3fa4157a8c5b1af93772d75049018b44c106f8881cd19310acf09ad31ccbd

C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 19d07675a96a08d0531a28f87c15041b
SHA1 18a5fe6d21328a9e79a484b35a9852dbe0e0e64c
SHA256 1eade926e09bcc22f5b106579ce57bf257b646cb04bff2cd35eea8d9bfecd5ac
SHA512 31d383559eb0f57196c199d8d2fb28cfd67f44feae5429a74c4bde57920cfe3f57dbb84e2203c91d66b65f05993acdd0e21a5df1fea13fe6c24ea929458fbe9f

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 ccb3c9016ad47cc749ba2e5a10d7fef6
SHA1 20f8a905240262823de646949d244e001e9426d4
SHA256 c86f74378dd1711a320c80c3a1443d0b666d20e080a226df1bdeeae873ec7f97
SHA512 3037bb5fdfa22c50df22f07004a7b91cad0e85385c7da255ba7c8f0ae70ac20e942b060536ff20a75441eec2d02b9ddf6116edcb0a1fba9bf95c7f4812b0df7b

C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 afb4516a414052edc55e47c7c2babca6
SHA1 d3cbb51f9cc99c107284139573e6256bc359285b
SHA256 19e92356c6920750b491550b3a8266cac82eae427ad5490ef3e03b5c9b5fb2d7
SHA512 3184c548f3051f70528287359f6b948209444c822f79d6574f7e055c5716a91985a54cd64289f4a8b92c00ff1151aa4357341c6298800dbd6496d5ff176866e7

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 986514c80ca072d1921b2ef6d2d80cb3
SHA1 4a2e1850cdb2e016d44cc621390635c7e17fd759
SHA256 62adb9d1cecbd1c904826243a1d1c7a61141ab3c705e4315e64310648304c331
SHA512 f3282611bff241400d0d4838e72d24ed6df728794c636614073c7897b102e2dfa6e90dc8e79c6a68997426c9ae9d12a4cea02de2c67cfbf8131ee001f65a2403

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 1605241a3b589821e57c78f3d1b840f8
SHA1 f9704396e74b4c08aaab6bf1cfd44a780723b83a
SHA256 ff5cb1c0e2744471e193a167708f7b0dec13eeb3417585993335e97cc12c26db
SHA512 baf73da9fc132f3c196048eb69860cf3488e5f869cda2a15662c6cc25a239fc1f87633159654c58b9ff1199f1feee24116349d99fef0dd3244257c57024bcd65

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 fc08c68ad937f4725bb8174a5d7f07c4
SHA1 6c0417b0023831a0fd0fcaab30196dfdd1159fa1
SHA256 a129ad53a0499c7490a020fdb1996508bbbc973a340bb4e3fca1f31250d76c3a
SHA512 b350c42d57d5b388a5bace651b328ba9127aaad923000003540132bc571f939bad69e633965f802661db178034964f12db030106db1aeb476a94876ac78ead14

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 6f0feee6bd9a597075d7cd7725ee4e8b
SHA1 7790ca9198b234e699e1af6a2c8883bcd6f6e35e
SHA256 2b0912a88885c1ab6767452477d27a1e501869b6263c8114f3144142aa48fe87
SHA512 fb4243f26be18b12f12ad5a7aeba26a4d97a350da6d85b5c9990dc919b17016806c8a0f5b62a3f7e75876f0963fc89b679e8fe9744b2e16be0cf5dd3bcfa0fdc

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 276968fddaf71989846554e52046e98c
SHA1 995b8a50d41232d685ba05aac61ef2c529e2be0f
SHA256 c665b406b92cea6ee6b872658eccf501c49de9f8bb72738a9d433808445738d1
SHA512 0bb21d63f91615d738cfa06ef159c76e3cb58a92589d1b5318d197b2bb30ea445594b55ff5a218fe92e67582e039eaa24c768c0496e1f7f7eaf685e60b0876bb

C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b

MD5 112e8b575026b23a0d26beed2eb2ef81
SHA1 a1efcd205575d9eeddd80aa9d27f53cbd152622e
SHA256 d46a2a8598cfa545aa50d87d2f9bc665a97bf3438bb6e0b2bcd03c64e7fa0d63
SHA512 88072b909108be05df4836aa10d87892ec9db183263fac02db282d3f1a9cecd6422015020ec120886dc51a7c3f286281455f6fde542893cb34187c90fb9be81c