Analysis Overview
SHA256
f1f72dc070609ea57ed4e3e07fab2de6770f9bcae6b85ec395184f9fe2cb2cb7
Threat Level: Likely malicious
The file 2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch was found to be: Likely malicious.
Malicious Activity Summary
Clears Windows event logs
Reads user/profile data of web browsers
Credentials from Password Stores: Windows Credential Manager
Power Settings
Drops file in Program Files directory
Browser Information Discovery
System Time Discovery
Unsigned PE
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Kills process with taskkill
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 10:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 10:25
Reported
2024-11-14 10:28
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
140s
Command Line
Signatures
Clears Windows event logs
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluNoSearchResults_180x160.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Media Player\wmlaunch.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sq.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\CSIRESOURCES.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\freebl3.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Templates\1033\Word 2010 look.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sr.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\WATERMAR.INF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\sfs_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\ReachFramework.resources.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\pa-in.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\framework-dev.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\svgCheckboxSelected.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\uk-UA\wmpnssui.dll.mui.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\uk.txt.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\INDUST.ELM.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ul-oob.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\PREVIEW.GIF.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\plugin.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\PushSplit.jpe.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Primitives.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms.key-KLWXVWCCSJYM.0xc0f369a1f2da7 | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
Browser Information Discovery
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| N/A | N/A | N/A | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{57523D96-B7F6-4D2C-8AFC-BCC5F5392E94}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\tn1036.bin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR it-IT Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\it-IT\\M1040Elsa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech HW Voice Activation - Japanese (Japan)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Traditional Chinese Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\AI041031" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hedda" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "French Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\de-DE\\MSTTSLocdeDE.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\L1041" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Italian (Italy)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "MS-1041-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\de-DE\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\VoiceActivation_es-ES.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Cosimo" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 aa 000a ae 000b ah 000c ao 000d aw 000e ax 000f ay 0010 b 0011 ch 0012 d 0013 dh 0014 eh 0015 er 0016 ey 0017 f 0018 g 0019 h 001a ih 001b iy 001c jh 001d k 001e l 001f m 0020 n 0021 ng 0022 ow 0023 oy 0024 p 0025 r 0026 s 0027 sh 0028 t 0029 th 002a uh 002b uw 002c v 002d w 002e y 002f z 0030 zh 0031" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\fr-FR\\M1036Paul" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\ja-JP\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SpeechUXPlugin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; address=NativeSupported; alphanumeric=NativeSupported; message=NativeSupported; computer=NativeSupported" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Speech SW Voice Activation - Spanish (Spain)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR ja-JP Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Hortense" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "410" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SW" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\fr-FR\\VoiceActivation_fr-FR.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\r1041sr.lxa" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\ja-JP-N\\AI041041" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Helena" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lts Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR fr-FR Lts Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "È stata selezionata la voce predefinita %1." | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "English Phone Converter" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Stefan - German (Germany)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_HW_en-US.dat" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\it-IT-N\\L1040" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "SR de-DE Lookup Lexicon" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\es-ES\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Ichiro - Japanese (Japan)" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\TTS\\es-ES\\M3082Laura" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Discrete;Continuous" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\de-DE-N\\L1031" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Zira" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\it-IT\\sidubm.table" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = 49553b76dbc112bcd96e2ce32f82aa3750d88abb05779f5fac65e84c5363077e | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "DebugPlugin" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "Microsoft Laura" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "%windir%\\Speech_OneCore\\Engines\\SR\\fr-FR-N\\AI041036" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "spell=NativeSupported; cardinal=GlobalSupported; ordinal=NativeSupported; date=GlobalSupported; time=GlobalSupported; message=NativeSupported; address=NativeSupported; media=NativeSupported; telephone=NativeSupported; currency=NativeSupported; url=NativeSupported; alphanumeric=NativeSupported" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xc0f369a1f2da7\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AMSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl AirSpaceChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl FirstUXPerf-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "General Logging"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl IHM_DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-GPIO/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS-I2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-GPIO2/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Intel-iaLPSS2-I2C/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceMFT
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationFrameServer
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MedaFoundationVideoProcD3D
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationAsyncWrapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationContentProtection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDS
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMP4
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationMediaEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformanceCore
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationSrcPrefetch
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client-Streamingux/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-AppV-Client/Virtual Applications"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-AppV-SharedPerformance/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Client-Licensing-Platform/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-OneCore-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Admin/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-App Agent/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-IPC/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AAD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ASN1/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-All-User-Install-Agent/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AllJoyn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/ApplicationTracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppHost/Internal
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/Packaged app-Execution"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-Runtime/Diagnostics
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppModel-State/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppReadiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppSruProv
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeployment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppXDeploymentServer/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ApplicabilityEngine/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppxPackaging/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccess/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AssignedAccessBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AsynchronousCausality/Causality
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/GlitchDetection
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/PlaybackManager
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUser-Client
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/HCI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHPORT/L2CAP
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BTH-BTHUSB/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTaskInfrastructure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Connections/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Battery/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-Driver-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Management"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-BitLocker/BitLocker Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Bthmini/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheMonitoring/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-CAPI2/Catalog Database Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentInitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ApartmentUninitialize
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Call
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/ExtensionCatalog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/FreeUnusedLibrary
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/RundownInstrumentation
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Activations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/MessageProcessing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Cleanmgr/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CloudStore/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Compat-Appraiser/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-BindFlt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcifs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Containers-Wcnfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Operational
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreApplication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CoreWindow/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crashdump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-BCRYPT/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-CNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DPAPI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-DSSEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-NCrypt/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RSAEnh/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAL-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DAMM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DDisplay/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DLNA-Namespace/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DSC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Data-Pdf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DataIntegrityScan/CrashRecovery
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deduplication/Scrubbing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Defrag-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopActivityModerator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceAssociationService/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceConfidence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceGuard/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSetupManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Devices-Background/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D12/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3DShaderCache/Default
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectComposition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectManipulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/ExternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Api/InternalAnalytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dism-Cli/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dot3MM/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DucUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-API/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Dwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Redir/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dwm-Udwm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Contention
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Application-Learning/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-Regular/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EDP-Audit-TCB/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/IODiagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ESE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasChap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-RasTls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Sim/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapMethods-Ttls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/EventLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Energy-Estimation-Engine/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FeatureConfiguration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Catalog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-ConfigManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Core/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/BackupLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Engine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-EventListener/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-Service/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileHistory-UI-Events/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GPIO-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GenericRoaming/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HelloForBusiness/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotspotAuth/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Guest-Drivers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-Hypervisor-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-NETVSC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Hyper-V-VID-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IE-SmartScreen
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-Broker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CandidateUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPLMP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPPRED/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPSetting/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-JPTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-KRTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-OEDCompiler/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCCORE/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TCTIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IME-TIP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPNAT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPxlatCfg/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IdCtrls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Input-HIDCLASS-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-InputSwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KdsSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kerberos/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-AppCompat/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ApphelpCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IO/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-IoTrace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-LiveDump/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pdc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Pep/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Configuration
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-ShimEngine/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-XDV/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-KeyboardFilter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LSA/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LimitsManagement/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LiveId/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSFTEDIT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/DMR
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Media-Streaming/MDE
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-Performance/SARStreamResource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Minstore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Mprddm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ncasvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NcdAutoSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NdisImPlatform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ndu/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Connection-Broker
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-DataUsage/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-Setup/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkBridge/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkSecurity/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkStatus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-RealTimeCommunication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ntfs/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLE/Clipboard-Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-DUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OcpUpdateAgent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneBackup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OtpCredentialProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PackageStateRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Partition/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionRuntime/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PerceptionSensorDataService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-Nvdimm/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-PmemDisk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Certification
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PersistentMemory-ScmBus/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PhotoAcq/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PlayToManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Policy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Power-Meter-Polling/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintBRM/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService-USBMon/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Privacy-Auditing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ProcessStateManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Proximity-Common/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Developer/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-InProc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PushNotification-Platform/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RRAS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RadioManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RasAgileVpn/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReFS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Regsvr32/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-Rdbss/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResetEng-Trace/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RetailDemo/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Graphics/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Networking/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Web-Http/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-WebAPI/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/CreateInstance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Runtime/Error
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/HelperClassDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/ObjectStateDiagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBDirect/Netmon
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBServer/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SMBWitnessClient/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SPB-HIDI2C/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Schannel-Events/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdbus/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sdstor/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SearchUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecureAssessment/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Adminless/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityStore/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/KernelMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Mitigations/UserMode
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Netlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP-UX/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-UserConsentVerifier/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Vault/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SecurityMitigationsBroker/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SendTo/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sensors/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension-V2/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Serial-ClassExtension/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Servicing/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-Azure/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync-OneDrive/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SettingSync/VerboseDebug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupPlatform/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AppWizCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/AppDefaults
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/LogonTasksChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-LockScreenContent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-OpenWith/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SleepStudy/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-Audit/Authentication
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-DeviceEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmartScreen/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Audit
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Connectivity
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SmbClient/Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spellchecking-Host/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SruMon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SrumTelemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StateRepository/Restricted
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ATAPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-ClassPnP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Diagnose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Health
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Storport/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering-IoHeat/Heat
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storage-Tiering/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageManagement/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSettings/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-Driver/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-ManagementAgent/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorageSpaces-SpaceManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Store/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Storsvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/PfApLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysmon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-System-Profile-HardwareId/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsHandlers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemSettingsThreshold/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TWinUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Maintenance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-Printers/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Manager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Tethering-Station/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Threat-Intelligence/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Time-Service/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Troubleshooting-Recommended/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UI-Shell/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-MAUSBHOST-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-UCX-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB3-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UniversalTelemetryClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Device Registration/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserAccountControl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceInstall
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxInit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VIRTDISK-Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VPN/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VerifyHardwareSecurity/Admin
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
memory/2684-6-0x000002C1ECAF0000-0x000002C1ECB12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_scyoedrq.boq.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2336-31-0x000001BBC6B50000-0x000001BBC6B60000-memory.dmp
memory/2336-15-0x000001BBC6A50000-0x000001BBC6A60000-memory.dmp
memory/2336-50-0x000001BBCED80000-0x000001BBCED81000-memory.dmp
memory/2336-52-0x000001BBCEEC0000-0x000001BBCEEC1000-memory.dmp
memory/2336-55-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp
memory/2336-54-0x000001BBCEEC0000-0x000001BBCEEC1000-memory.dmp
memory/2336-56-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp
memory/2336-58-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-57-0x000001BBCEED0000-0x000001BBCEED1000-memory.dmp
memory/2336-59-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-60-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-61-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-62-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-63-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-64-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-65-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-66-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-67-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-68-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-70-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-69-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-71-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-73-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-72-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-75-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-74-0x000001BBCEEF0000-0x000001BBCEEF1000-memory.dmp
memory/2336-76-0x000001BBCEF00000-0x000001BBCEF01000-memory.dmp
memory/2336-77-0x000001BBCEF00000-0x000001BBCEF01000-memory.dmp
memory/2336-78-0x000001BBCEF10000-0x000001BBCEF11000-memory.dmp
memory/2336-79-0x000001BBCEF60000-0x000001BBCEF61000-memory.dmp
memory/2336-80-0x000001BBCEF60000-0x000001BBCEF61000-memory.dmp
memory/4272-84-0x0000028292F00000-0x0000028293000000-memory.dmp
memory/4272-82-0x0000028292F00000-0x0000028293000000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\19WRGS2Y\microsoft.windows[1].xml
| MD5 | 19789e21b4ea52c8d201e3c25c0d5b36 |
| SHA1 | 245d5edae8c0372b5d412f2780762a768323ad96 |
| SHA256 | 8b5c7163511de2d78bd7e9a877bba7ef3c09b5808c37bdf63f68aa796326eb7f |
| SHA512 | 76b2144794aab885e18eb8064af14d43a6d6ff3e14ba81389944982bf6890c6686cbcd4130c4452cf369eeb7cf38620030521e4a6bc6c1bc853577dc6ecf9acd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | e4f108415f443eca2a8a4065c5e6bd20 |
| SHA1 | 6125c94738020b824fc84af8d6999d02ca388959 |
| SHA256 | 2af169d4a1705956c9d4e20c5fe2e2ad0fa2f1e40ef679c1b5ce10a4ebefed06 |
| SHA512 | 0b0f7fb336cf6f6fd1d73715eb3c3fbd4db5d993f7d4561db6b75b16f5e14878ab10d738ab6e6e8dac3faba8e95915a62c6c6396770e872f11e8ac4601c7f7af |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760535428627545.txt
| MD5 | acaef159923856ea5385473680463f1a |
| SHA1 | 8c961466b14c2070162ba4c62e1a6a7bc125adb6 |
| SHA256 | 43c06c4ece982a6d6257b4edb81f99761aaa6da3900bb1b3960a76796044d7c8 |
| SHA512 | 5a2ce71643926da5478125474593fb0a814025d4a09c29f96ca7735b4a7cc27d7e039d04831928ddb56b1bc820fbe36cf283c513a9c47e75050a2b1239ca3edf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | 561b1a8e2d01cb5c63fff21d3cdd682b |
| SHA1 | 94a94afe676eef15449110636632c5576ab48ecc |
| SHA256 | 6574c3491ebb28df4f21497239ff59ec21aa9214bdaf0e15b46ecbbd8b103311 |
| SHA512 | 5791b59527ad321deb2b2d972f6192e7d6895c76bafa35928bfeb89317fa527d4d167de5cf3a638f730c9f36696dc3756efefe41054cecb7ff5c237d891948d0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | c984fb655e464aa34c99e3ae511f62dc |
| SHA1 | 510034262528a95a5bf3a331a56aa490e48cfef7 |
| SHA256 | acb7a319404607f17744729c639979336b17829997903903d59de3ba6eb04be6 |
| SHA512 | a555f1be9748d93391b994bc3f8d1e9ae2bd1fadfd71fa8c24a975c7242adfbaae2bf08f6e6382b95f90fbb8f4af26b60e6996720c2b2048a2c0ccc163636958 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
| MD5 | 8aaad0f4eb7d3c65f81c6e6b496ba889 |
| SHA1 | 231237a501b9433c292991e4ec200b25c1589050 |
| SHA256 | 813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1 |
| SHA512 | 1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
| MD5 | eab75a01498a0489b0c35e8b7d0036e5 |
| SHA1 | fd80fe2630e0443d1a1cef2bdb21257f3a162f86 |
| SHA256 | fdf01d2265452465fcbed01f1fdd994d8cbb41a40bbb1988166604c5450ead47 |
| SHA512 | 2ec6c4f34dcf00b6588b536f15e3fe4d98a0b663c8d2a2df06aa7cface88e072e2c2b1b9aaf4dc5a17b29023a85297f1a007ff60b5d6d0c65d1546bf0e12dd45 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsglobals.txt
| MD5 | 931b27b3ec2c5e9f29439fba87ec0dc9 |
| SHA1 | dd5e78f004c55bbebcd1d66786efc5ca4575c9b4 |
| SHA256 | 541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e |
| SHA512 | 4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appssynonyms.txt
| MD5 | 06a69ad411292eca66697dc17898e653 |
| SHA1 | fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d |
| SHA256 | 2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1 |
| SHA512 | ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.schema
| MD5 | 1659677c45c49a78f33551da43494005 |
| SHA1 | ae588ef3c9ea7839be032ab4323e04bc260d9387 |
| SHA256 | 5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb |
| SHA512 | 740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\appsconversions.txt
| MD5 | 2bef0e21ceb249ffb5f123c1e5bd0292 |
| SHA1 | 86877a464a0739114e45242b9d427e368ebcc02c |
| SHA256 | 8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307 |
| SHA512 | f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{02c57d8b-e84d-459d-a8f4-263c607a3e36}\apps.csg
| MD5 | 5475132f1c603298967f332dc9ffb864 |
| SHA1 | 4749174f29f34c7d75979c25f31d79774a49ea46 |
| SHA256 | 0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd |
| SHA512 | 54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.index
| MD5 | b2cef728978026d476329fa104dd233f |
| SHA1 | 9b7bef0b534d8e617dea0720c6c924278f14e684 |
| SHA256 | 60ae00e7bc8fbae18202e651929861d8860a4b6cb6ff7ae782e120468eb7be32 |
| SHA512 | 33c0dc6afebd4a4a5af2480af84eb589d5776eaf12c2ba5ab4fd3a7d54e35df4cb6abfe06e6c5a370fecdaa9f45f57f6980f7f36088ceacff03a4db61d79013e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\Apps.ft
| MD5 | 21de42414cc2933affe1828f1ed2a29d |
| SHA1 | 1e12e4c389cfc585798e6098eb1fc1dae7f06afa |
| SHA256 | 0f10432bb37db721342c227cab39b2309b007c8a1cb7eff2b9b76568e2c69c92 |
| SHA512 | 1e2607e4fa237e88858e9733ad7adfb2d2fe0f861611f5a2d9e04b8cbee83c68b1ccc30d6a0740a5c64ed55fe62786c489dfc38d8396cfbde56c46b34bc6cec4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3648baab-9f22-4446-bff3-785dff7449dc}\0.0.filtertrie.intermediate.txt
| MD5 | f66204ddc2e55a4ba416e9768bd5aeaa |
| SHA1 | 0ebb17602b92ee42cfe273619c17c043402cc5dd |
| SHA256 | 232204c0488a893d3f9e8efdfbe01e2fc85561f8776449c804226717c394c631 |
| SHA512 | 89df48f41251e2d0f4e6d0aa27a5edaa83b8d2316e9ef6249ac81c176f240106174620a1a70085e88dff6141319f2cff404f2f493d2240ad90e95bd812c9ede6 |
C:\Program Files\Java\jre-1.8\bin\plugin2\msvcp140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 297606869df1d5805e620b380e77b0c8 |
| SHA1 | c5d8351e303d986ee9590695243a80fd00085c90 |
| SHA256 | 64fc01fa2fedbfa2a33dc7ecdaa0316242c09fb1e9bda8899afd9d159cd6621a |
| SHA512 | ab211bb9be2f3f42f2035934d6470033669b542119cb291ac37261268467c0bb13ed4fc0eda33951076b098926d385cd9d46e87bd549b5b4790095e9d3fc3f2b |
C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | c6138a1a9eabe5e324ddda4db2315d7f |
| SHA1 | fedc04d2d3fe024a89be5d2efd0182d84c298e9e |
| SHA256 | 83fed732febba7f4459c620a452d4cec7a7697107247f90cb99e614a3e10b0bf |
| SHA512 | 8e187c6c134e71e0f8f646315795a864f0290c04ec0d665dd7035365c2fda0b77003f8d53586b8d15f058a919f5cc6ae73808cd645267bd962c7f757e2f6a9f6 |
C:\Program Files\Java\jre-1.8\bin\vcruntime140_1.dll.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | beafa4681f36117ac78ba64a401bc581 |
| SHA1 | 6e4b1299a0e3aa28b0d6534796ea9a4212e4664b |
| SHA256 | 24d4a272ab5b328a511c9df4bd2b642b2225ba4b01b544a0a38dd6b8f9cab6ed |
| SHA512 | b316098ece41fab5ce90f6703993e6a205934a3d85d50d551a135d1e20e84f3da7bd6edaa49d14c9d3e1b5aebb915a79618fd59de9dc64a943c24e6dd650100c |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 05915e9e4a77356e56841a12b8e0f135 |
| SHA1 | 5ff7e208cb2d6fee65705936a8288864f284d356 |
| SHA256 | 2bf2769411bbaf7293a433129f2cf551a8743ecd9b18d5bb7162ce168068eca3 |
| SHA512 | 9e8a84a62fb85151acf44caa9c0bf0260774861bff319f4faf4a4816efe3c76e7cbc9994d938322adc81f84e08638e236c737a25ca68de156789d87a00d1696c |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | d3ebe6c92b76a60295262fff2f05267f |
| SHA1 | d00ef99c1d3913da3460616f910a5cef1234f2dd |
| SHA256 | 41f1cc68f46d1bac3c8e66766786fbf48f9f910dcb42727518c30ba7a5e8ba77 |
| SHA512 | d6b1c4e42b1cf31112c6425b9d7539021f5e8c9361405d670b11dce308d755ba2ea68870c257c19301f3344ea5c5c2560f07c115a9fc0381bb738dcc46ef6025 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | fee17b2ef92a4241dc0b169c292304f9 |
| SHA1 | d07f2558bb81be67e71437153add5041b0d91f6a |
| SHA256 | 43547106dd3568741e174d82182b438e5bd0c98edf1667776368709db4b7b8f6 |
| SHA512 | 680964e01a81c65862ca41dc3913551d913660a1a6e2bb1ceaefb0606e865fdb647e68f784234b9b864cadb0a85bd17066e7a4f4a1af03765cf78196b61484c6 |
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | ab83ad1e2ae1380872edfaabd1a774fd |
| SHA1 | 7d414ab93c4bf1c1218cec8c97a215119e4d9b83 |
| SHA256 | f2a24d8ab23eb52cd2ca11bd3f874befd90c4b35760a6e8f9c15f4e6f86445cd |
| SHA512 | af16b3afe3c17871b3d94fcdeb811c207d1be0822666c3c86ce2bace89fc5bf787ece7f765601f7fc761c95cebd497761ed9dc91beab28fe8568934ca8e3a763 |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 6b36a2339381dc98f79ed0c2a844486f |
| SHA1 | ae6028e9d4fb95eeefc60638dba4ffdf4489b9d0 |
| SHA256 | 0b36219859a9581883179f431436c0f7f37f6d25fc0cb1a91f7722e7b33210f0 |
| SHA512 | 9a0181c099589d07e00edfecc8306741fdfb67bf63e8339257616b7984b3ba2cfe57a29c9f08f680a8a52ae870472d7dcf6a379a63a6cd28c098e478267314b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | e1c5806254052d79ab497a16811dffd3 |
| SHA1 | 96d4c563bcf0407ee91f6f4b39edaa6c92398190 |
| SHA256 | 4276cbc3c89e673755715e5c2990e68fe25dcd7c8f07e9624eaaf240d30432cb |
| SHA512 | a1c9687ad8cb950b5a1230cf8e72540639164a015eef29f2ce654ac0317949208f2a926bbf024675b42e5d9fe3ceda2c9944fc1b6bbb4ee2e60f0bd3b9bce908 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 4f99dd2c1d65234b3a46897abfe8050e |
| SHA1 | 38a9bcefcb7fefaf76d513f203a408d731e544df |
| SHA256 | 65e57a38ca30ca7555fdcea43bbc610dcb3552bd8e039b847ef5cfd56770cccd |
| SHA512 | fce05ce3f3934df1b6bbbaeb0f50538529dbfbd1b4168ad12bddf55fba38fcb74da07e62d0e3f95735390f1be044a48f0c464d0b1a51737d1a2bcafc9ec201b9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 32563260724f4ca2582dd7722d03a4c2 |
| SHA1 | b7f99194c212e34770e5dac0a848f4eb59b4298d |
| SHA256 | 325437fe006e72fe7393aea2672d1e0debd3793708dca514d25606b954d64f9b |
| SHA512 | 0b8e280e433d1af8a565a75af577e514eb39b89b9f31e20e36fb5cc16670d48fc8102314b88463c4331652ef3ffedef40d2d6a040a515f8bcd93fa6e0ca58202 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 13be9a0ae299e2f0e1120b2160273588 |
| SHA1 | 1d1a22576525e57d4bd05e721b4190881afa784d |
| SHA256 | beb445d1dd5d931c8a6d990fab6ff22176564a7e6e6a789e8e5afdb25f7124ae |
| SHA512 | 7bc1688c69b11e2ff0cc0418fd0cb31ac7bdd29dd22de7f964698f9c992a1a1e6cbfe895e54c8717018f13827e0d9034a7c7e4f60038638a08f65fd0ef90066c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 9e7c3dfb3305640ceda7790cb95503cf |
| SHA1 | 487a2445c87faef18bebd3d8c3d06e3161b087af |
| SHA256 | ab4886e9f7e505d10d57c10a3e73b788ed2cf3554c0f3208166022a89aae68f3 |
| SHA512 | dcb9fc632da8f07e5a1cf289f2887aa2d04acf04ba8d831b0074a7350e179cdeebb9c92af1fb2f5c0c86fb23831f315f5380e08a9eaee37decc4944ff9a0cdca |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 5807e85471707ec39982a045ae78a31e |
| SHA1 | 652feff53d46afdc31fc1071a3c2658be1fc86f9 |
| SHA256 | 48eeaf493217a4848a1c1c44cf063d25c2402e4614d89677f2714270f1b39a76 |
| SHA512 | f2176d15ee2c2dad65fbe99ee8ba3f68c926434871ffe18d8c6001f206f47fede5e6295eca17e96cf1fce2054135885dfd43524e33b47a8155b70cfe7dcfd6b8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | f2824a248b1bd3f4319eaaf5377a8398 |
| SHA1 | 20765216bd943c21ee7933549dea617c153b6895 |
| SHA256 | 1a1e9b3b05070e1a0210e9ae8c022e22380c4451db69f9ccfcb4f56d8f3c8780 |
| SHA512 | 581a04f7fdadb10583646047eb6b6e9f759d2fb614971dd217889f35b4fee2a1a99dfe72ef772db379b64e430d3509143c851c99c8eb240058c3e1496208587f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 721bb99a78d520115e9f55f9fd1553bf |
| SHA1 | 2912a9ebc6804a3b5b9e02131bd62d24c999ac7d |
| SHA256 | fba090a9d60e499f57885a6ca4eb644b5ea0de353f603b4083ef5cc1a3f734c8 |
| SHA512 | a3e2862449ca3a4a9c6bbb855bbab76f316ed33bf05b123165e4c46b975a7504a138b957986526ff61e391016201df426d7026753b665597436253be6c50e682 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 6f0ce026e9f3726aede477c318286d3e |
| SHA1 | a7e568cf7c170e257b999beb9fee5bc1f9e60a05 |
| SHA256 | 043e65d570c88651bdae3ef82fa0206ca2f12e4a1603b73df1ab572dd8ebdc79 |
| SHA512 | d559c0ecd1bec9d760cec7603feecd22a8c3ba0505052f49f036301ac07b3aceb8147d1b0222297c077479b1563d671dcd50266b5ba3a8b07e72c47da7afba9a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 0ac26e5d355f08cc270b0ebf5ea44b2b |
| SHA1 | 1b117a2483dafe1b53beab6411d7e68ce67d7b58 |
| SHA256 | 7484c423911a81fdbc1b5c9f072a8fdb953f55e3a5ef4011ad2b0511531a850e |
| SHA512 | a307e9d2e20fb554eca93a7a1ba2dc5e5766205a276974e2b6861155ada5eec264964c3b115c13bc249947756bcf5f65b8a3f4e27f58a38aa457e78a74ac9cbf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 0853218977303c318c2c2ab65ac6191e |
| SHA1 | d7b898be7a2bfbcc744954067a6c443c318cddb6 |
| SHA256 | 3785cb2beed1dbe3fbcfcd41fc257085e787e3b34b3469dd8a1af8dfd665a4de |
| SHA512 | ea1b039895dda66d64f09dcbcb4cf796c826598214319a6e2907be965327f890f53a8fc4941f8193f4629b70530b7b396d3601544badc62e7ee221f468f78bba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 7bdbd610b89a62f113a5c4c1cd1baf81 |
| SHA1 | 687d4fba732f9107a353fb5fce02502b428f9d49 |
| SHA256 | 9276f0a4747babcc20fa6cd216a2d70c6770545c48c28fd52cf865fc0d6c0922 |
| SHA512 | 6327ab384282a04fb863228ec86630c8c06d0806ec2229b44245fa9e3b9d98a7b660a15310649cf316434883042e535dd73858c5c5bf13434387f2c1cfa405e6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 98a1b5d363174f6d0d1b521339b908ed |
| SHA1 | b2bcb33d8d698471b7ce176cbf0bba2d91d1eec7 |
| SHA256 | ada6b34aa1a61b36382684a008fb51ace958d83e313f4abde0206d34eda4525c |
| SHA512 | f9dec702242a4f770a4c2113468b84778ae5c87ebad5df8e139d3f3cdab8d02a5e872047059d6ca2a574eef9e972d1df5e9713dc4227b8914c23e726120f4540 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 347a8612f84f467b75a6e6d81b42232d |
| SHA1 | 22af640d6d9b446e250b54406bbc802f53944ca1 |
| SHA256 | 80761e868fea965222db3c5749604d66e697721648feee48a82185637dcd751a |
| SHA512 | 3fe23003ad21c5917ca3f9383161a9de623311fd06398ab616b27079168a717abcb178f250e8ac568c6c02f66989610997b426b1dcf8061d3ab93936c8c58b68 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 1ecc69d55b8c20942fa1b1ce62cbd8bf |
| SHA1 | 1cebc606ca8b6262f05b4cbd333fdc8c810cdb44 |
| SHA256 | 8175bca5c3d6e69cc0eb5d3240f71aac6587da583e85b42330d2cebfc28daa2b |
| SHA512 | 72238325c70a7c770ede71e8be7445aa4711899706f2c04e6e6a865ac974bb9868b41b52c61bf1df760a9dca1853201beb170f085e6394d41bd912fd3783a23d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 45757b6888387c8af57693487641f2a8 |
| SHA1 | 0666c595782bfe7477232dc85b6cc8f18a35ab89 |
| SHA256 | 9adb9ff28f92a65a160a809677769e2c3a07344f57bc83ada38a439def0e64e5 |
| SHA512 | b17a9f7f0d3ec9eef7d7d8442fc50c7fe1e84531dd440e3e0970c0ebdd40ee367de274f3ad2ac5e876bf6427816ef38e1510a41a17ddf6cddcce6c4e7e34c067 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 819cc6a12914ab1d6832849430b1ba9d |
| SHA1 | 77b4f860c5c16de7888cef4572a3c73f3e70a490 |
| SHA256 | bc216240c3e551381369be6aae402d5c22c910ef385f243ac2f3f32392e03142 |
| SHA512 | 38d221fc6dbdf431943ec613c6fd7f636b74e032565a3dcdbae9b73df351dd162a1756b41a194bea52121784052f37ddbf180069c6f92bc6674da7a9a9e3ff70 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | cb1a970a192ee0eefb26aac99c8de11c |
| SHA1 | b1a99e72a9dd5a7bbb346f6851a6b473b1008da3 |
| SHA256 | 2194d7c6d49d375d2e9aa6e2252197553c6d15249338ad7637ab1708b08326fe |
| SHA512 | 27b3fe74704f847e54122c8d8eeede0f0cd18da3b1638f8dbb0f27bba6bf2dfc23cc9a6f91a3cc3a719b00bbdb679ad581ba8a2322314ff447eede0be4071c65 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 86ab6628ea3490ea67f39da1b028eb4f |
| SHA1 | 0379f88e767b9338bd16fcfd235fc3cbfe976013 |
| SHA256 | a0935d1c05854c81fbb35ff52e470f3232e510ebb2762df7b6b233bdbf1e5346 |
| SHA512 | b2359952e12a8d08f5fb44021d69a729fed58958a5b1df69002ad47edc03fd1d09073be9cc5c0850d7fe00b963d97629342995f5d90acac6d27453cc30037bb8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | cf17349995d55a3c9f11eb789dd7f905 |
| SHA1 | 1087673d3812028203ebb4c2eb7a596d9ba5079e |
| SHA256 | 42ad98e7afbc65fabb859e40c45a1d7aaab7e3f225d8f5a3753cbb9aac98e218 |
| SHA512 | fdb80f3d0fc4525bed60d3465a77ba7e0d2ad6a9367a0c6de4886a9cb92549e0e56bc10fe6693a00bc672c15be13b8fdfb7e63e3d9f793533f99e01a263f2ebd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | e071ac37bb1bd5b4dc09522fc15550a3 |
| SHA1 | f43f99a1b5f63fe647c124aae2a0b1d58e1c5e40 |
| SHA256 | 9649b0690509b61b5f3f947482c975a863e2fe4ac437f06b3c47bbe03182cae2 |
| SHA512 | ab180aaddd084689def28a729079070ff6bfbffc3b460899d1a03f1f871555d2cb0954d341ba85e62c1c9a9a514fa6015b5e22bedf606d4bb7fb7c9ef0294fa1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | e87e3f2d94ab471c0082b7f266268c03 |
| SHA1 | 179d7816a07cbb49b6f621aededb1e0147ef97b3 |
| SHA256 | 76b4f0288ac1869abf3e27bfaa05f16ebec24708d848d59dbe1ed16358fa3d85 |
| SHA512 | ec2aa5378bfcc994608674a1dbd60d7b3c7580bb7b28ab2ff51f858baefaa55e511af3d679bd4ecc446d50c52a0cd9229d153523508f88aa0e469165a275560f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 484f2d0bb3ead025c57530bf492b4263 |
| SHA1 | 4072f4035351bd6e7eeba06938c9eb3f9ee25397 |
| SHA256 | 947c67f4abed23368af18d0bd304bf0a323e89f5181b428bf30fbadcf4c375c3 |
| SHA512 | 6b11cd282d32602f63f2377a6b38901645325f1d0d7e97873fd9e28f504abdb89905cda10dae38adc59c3107d3e4eec6799845041ebec4ffad2b400a238ab815 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | b5bf5b2a075b2b94fb706c13e688d4c9 |
| SHA1 | 1778ee2e179b9f13e24b3acf0835ff69c83aef7f |
| SHA256 | e1df4bc7b15c6dbab45544394bd90c796a2d79d12acc4c320b0b0e93322cf8ce |
| SHA512 | f0207f671297512b16c09e9da032660060c6ea8f7b0bcdcc7a90c7c21e32de3c81d07f50bb2b7b2478c9d87dc882614cbd74bebc1e95493ba52eff69bc524aac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | feccee2b5da9e90828bd157f2faa1c28 |
| SHA1 | 990a3cb8d65d2d91fa31386070e0e856a9a6f295 |
| SHA256 | 065262a9d9795567df892a906bdf4cbebf3351d21d82ad307c9b376fcb4bb617 |
| SHA512 | 2bffbbcc0b330e1e884e74bc95eed82cc6e96512b0fe8bb2dff296c37187a6fde0c7c7649eecc87b4d9e30396591c8db15526ae842bffa6d8eccb9b3127721ff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 8f90dc177f9c67b09e2d86c2b10c2022 |
| SHA1 | 82da3dde037dec2c29d8e5cd65fb1eacae9555ad |
| SHA256 | 611b8b82652cc8b3d6695d4359b282658cdc9b9a62162f095fc49c6b44293b0e |
| SHA512 | d4a5045d442be2000c07d02d0901a83f55611fb640628871f8912fdcc9ca7e82d282ae3bf12918362200184da79a80cf71506bbf357221c47f4c46421da0718a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | d3527aa13341f3878c42480207a4f646 |
| SHA1 | 0500a6b18b510712e2dd3a41d4d418f26617511e |
| SHA256 | 44dcd42b2080a696b3d21f6b46fea2ce4534d84c0338d35c3e061c69d407855e |
| SHA512 | 1d6fe6ebe11cd3ee69a7c3fb62d5f969d631fa7c11f158790712a97031d1e480f29fdf6bac14d943dda9f0fb6ee7e6f94f127e155e14a338d858066e5b2e4c7a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | c366726dd6f76b9f47644d41959219c3 |
| SHA1 | bb12c5e6aa3853d8e01798fc53240f833dd83793 |
| SHA256 | 4fce526f580582da0e58e0a1d3e1124ef43e797f2b625083812ea11ac73b1b0c |
| SHA512 | d947b3d1fc52544af8853bd421f1f96796d7b1cd041abb86eff5fc2e01a9cb77d5446b9e69ec08dfcf7a0cf5ecda4335d3aa7dc28c581e592bf62398947a8c2d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 06d3fb84ea85a6a6ed054e9a0fb72f56 |
| SHA1 | 115ca7133579c2afd5846f55e55903cf425026e2 |
| SHA256 | 099c8a2d0c90a7bfca5447b52e3bb59825a888226fec41b3a1e620ee304ed0e0 |
| SHA512 | 9984961586959f8d5ca9a104f91d5d73b77f0fb6c5b6ba3121317fd655967f8db45cfda31f822d8a95afbd9319d59130f681e52e19a174004e99369c1f9954e8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 0f2d06fcf471c66af33f5904d76ffde0 |
| SHA1 | efd7d55e939549e8baf448471f7357f4fa886b23 |
| SHA256 | 3aec4099f8a820de66e4a71f8152ff2d4925b31e414892985ae18bd9444617b8 |
| SHA512 | 63f08e586713e497deadbb0851fa30730a6603d6795962abed45305dbe373270382eb4fd5a50607227a4b3dc3d85ac43403d0e79792c299f26a045ebced60b58 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 5bf397aa9176de3cedf8d29a191f084c |
| SHA1 | eebde2f3dfd247d22045d3ad448b0e54f5b1863d |
| SHA256 | 0c4ad6b53509ba4c997dc208c2810876320931333dae4a86e0d8c77bfee35be0 |
| SHA512 | 04b3baf0d80a74f318df2d71cf7a8ea02a4703fe4923ec69e90ad168bbb990f10ace8a935b4881bda1c326af8211b7ddf942857029cc3811ae270e6d64c9faba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | bc09f0735d93fe04a85a9bf5b88ab4bd |
| SHA1 | fb0c9661f3002b50d92ac05ffec72e641013542b |
| SHA256 | 792a3faa342b92370dabee3ef4a99bbf37ff95e99a9c93fba97bcb17911251ce |
| SHA512 | eaad69b3754450ebabe0c6d20137e5c1fd13a626dab74e0fef45302dfed87b20263f41526aee088c9f6be19c38818e0a0b57ef655ea6dc8974da5dd1deca5a54 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 502c4494016ab309437d58dcd873089c |
| SHA1 | 28f3bafe7f158829e53f3af2ffd8e14c95cc0b99 |
| SHA256 | b66e5a44c0be22b7197c5ade84ad08510ba4553bb5aafafc1540ec632cdda136 |
| SHA512 | 40365944e8471e9e12afd26e11d012986de69cd79e4f538c4f32ad5ae0bfc34e80a5152c11bbda8306d71fec0179ef3f30c28cc1933685a56287c72d2d8c4887 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
| MD5 | e200c815632c89cf77c5582dc7334a75 |
| SHA1 | b4815fc6babfbb66072abee2180953d24c2725d3 |
| SHA256 | c10440dbe38a820433a790c9ff8086395dbd108d9b048b5572fe1a5de3339b2a |
| SHA512 | d5627dc9e9e2d7e221f8deeccc175f8d190b43ab64ffe032eab629aeb907de20c8339c47f7ebb389b94bacd0b374dad3463464cdc8a909a010d734861615d0d6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 83571b73771359002d59ebc9befdae55 |
| SHA1 | 404e41179a9105449ea6480ded696bc9ad777ad1 |
| SHA256 | aa50c1f284bd799c71c9dcf44e376edf56118526f7b8d386efa3a3a302741dd3 |
| SHA512 | 8fe5ecb1acd3de4086fd46c8918a046684c4b95e8ecf37ee2b0f7e081f5973698c093e8e11bfd24e4757e51b8a9d3cea46140c0453a6323e781e8e7c0b37568c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 3824f479bb9eb12d3574558acd65a21d |
| SHA1 | b0927a17c40ff49d356e2095a59541d30b01b0b3 |
| SHA256 | f7f44bd28cbfe03b5467efa04bd2323ce0b55be75ff4fd699ede8b7520e555fe |
| SHA512 | 17f01814b2566c5ab99d55794e1422067614d8705aa5c07d707ff024017a630fa94ee2c463aff91c9c95e472dc724214d792dd04023c1234a813229d6ba9c345 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres
| MD5 | c90e0021700ff525dcb6e8c71b8dcbbc |
| SHA1 | dba98fcf84f0c8d55a41b90bf6a9bf9f4a22818e |
| SHA256 | 772a7fe743e8abf35b06f173526c6e5349531772e4f3ce9f89003bf3f2dc8e0d |
| SHA512 | bbb109b398fa0f99e7821a2e52ecbfde39a82cc93042a715ba1b589d81e2d4a0eebb9d4519dfc7f5cd54bb727df7663cffa2b8103ea7871a9a9769e6e7770f27 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB
| MD5 | 0191a80f1e300a5a7af5d6784231dd9d |
| SHA1 | 70753f21c7c81dccc1b63f59c559e50ac303de68 |
| SHA256 | a01b9af0190fcb8f7d8d0756fe99264d7206e1f4698919ffd634c4297d0843ec |
| SHA512 | 430e42a2d96aa4f4c84a3b61680b4b64854df9b0cccb50b7389fef68399d561030fab78f269b829e744d1b1e32df09cf7c974eea10e4f4b9b3a43b49f5814602 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\308046B0AF4A39CB;PrivateBrowsingAUMID
| MD5 | a86b5d0d4a6ecaedaee39c49dc80a3c1 |
| SHA1 | 0c686e5164d49dc1fe4cf3c990d21c047cf0829e |
| SHA256 | a8dc9ea66e36e8aa0a9620a12228bc62ba39cf632862f67ec825b7594cdb2757 |
| SHA512 | a75e786237d02d1ce666a6ef98e66db53ce696f3481ba01f6f311709ae42c299503d5b6c2cfed95c55310d0639f11038f7b0ecfb6d54bfc59045233006c15ed4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome
| MD5 | 3f0b6f9c120427797ec49194b7b2684d |
| SHA1 | 94b42d47c67f254aed67e13e0fcc3b1dc22763b9 |
| SHA256 | c47300de08378a4ab89911e77d5ba068651f04717e85a8d9304be5d9914facae |
| SHA512 | 7779115cd1f87e150de121b5af4fccf6ad8acd37443e67649078a53f1cf512a52a737caa2d81d5bd41a20d392f0151de202c609f97328cf748cab2f83875bc23 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge
| MD5 | 5998c2059f49770bd20c81c12805b08f |
| SHA1 | c85963f4c05b4ea9a18cdf054abde21385320ebe |
| SHA256 | c325f613d9e1f9e9df1d0bd7db8a3c59f7884d91bd4fa2078cf0509969c8d918 |
| SHA512 | 814f3a603bedbab272e942040390b285e559662cd94a52a91003ffaa2f5b7d6e4d224e37da9bb755484c659fda9f6c59c0c84fe10892d7df207185598219067a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{30BD9A02-CB9A-93FD-A859-09C8803F2346}
| MD5 | 8ab0ccfe101f2a223bf9fc11f910ec64 |
| SHA1 | 86a7cf51b399bb786896fb77f59ee8b4844f5afe |
| SHA256 | 8cc15be591c4f70f964d3554be30283f925747d09eb71692bf40b8125e2bb68a |
| SHA512 | b862068ea8bdb828186c2bc693b1e99d622a48a82eea13886090c44e17d132ad1a96bae4a96214d9a8abeb22f7c85f4ef25a000cc1bf977fd43e67bf1064a61e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8AA47365-B2B3-1961-69EB-F866E376B12F}
| MD5 | 9f1ff11e31c55a87372e85612ca3c290 |
| SHA1 | c94dc58d7e8f070d3eeff5bc8ecb3a2d7008323d |
| SHA256 | 0c650065d284a6a0f6a17ce2250214b40219b7082e940689a2cd2948162fd893 |
| SHA512 | dd490e167b4455aace73dda6d9ec6b90aee5e5994701c249a44d316b17c3f8a8f5e776e9ecb6d751dfbed8e74743a3f13d95edbbf3b09998e148bfcba1ef721f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{8ABD94FB-E7D6-84A6-A997-C918EDDE0AE5}
| MD5 | 93a41069c98050e3ea095a2185fddce9 |
| SHA1 | 92eecf90eb3e8235397bf0574acf0e7405541b26 |
| SHA256 | 0382664c279fd723231cbef1f76c8592dfa408b3b42dd8f343a21f4e77adc497 |
| SHA512 | 7a36bcf3ef2c41b5084c36404ce692466934931428f2dcaabb86c2a666cf39b53467161a6d13045eb7a68f31461163d869135aca4c744b9215fbb8891b36fc0d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{923DD477-5846-686B-A659-0FCCD73851A8}
| MD5 | 0705d6835877cf0e3c45fc7427647c75 |
| SHA1 | b03330cd06f821600bb0323e7c2277311f065f6f |
| SHA256 | b04759fee392d36cc20a319943c4ddac356cd1fbed6223a4961688689350a84e |
| SHA512 | 0faaf02180ef6ea2a8a74ab2be7b72be24eff69e5aecdf97bec838a637e7b3efb85ffed32c2e035b2100615e2711cccbe8afe231ec55a7245d00d6c98329d83c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BD3F924E-55FB-A1BA-9DE6-B50F9F2460AC}
| MD5 | e799eff0b7816a5587d146f9bb951f1f |
| SHA1 | 28f99125424d8e0647ed01a21c378362de181cdb |
| SHA256 | daee10eef8cdad237bee08e5429e529bca3b7a10c1bd76578588108a3a6b272b |
| SHA512 | 02ad638295b2a21c3b4367e7f3ef345b81e3ba8c62c61a97ef51b1f102c28b2fd6863f3ca1b3b87051ec95da92c42a8bfcd4e0adf18cebd3de0a2c27a388d563 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{DAA168DE-4306-C8BC-8C11-B596240BDDED}
| MD5 | 855718d0bd86e35b1d42ceabdcfc61b3 |
| SHA1 | 2a6698c8231e2fa27f93fd5141a252a4b06251b1 |
| SHA256 | 78c940de004462f42d6bd01aaa33cd73f2c3b06652730c385f1f9c4760ac9537 |
| SHA512 | bea1a7ac95e76b120c65bce325d87c27d385f992c6b95def100ba50fc4e7eaf13c61c10bd95231046885a17afa1aba3fc4158d095360caa46412ae8b136288b8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_MSOUC_EXE_15
| MD5 | 943dc823b68d13170c037022cf94d95c |
| SHA1 | 0e39464d007f8c35667277d3fa42f297a5d75820 |
| SHA256 | ee75215cb2025b29a28bd6ba4d363924ea305eceee5cb9c9afe68dd97c7b0415 |
| SHA512 | 4ae351553521d41e844f6de549f1c7a6dd3eb544b50976913cdea58edd3e3b8cb81d21b2461258c3af1c65815ccdad407ae193d220656a44c6f4d4f21200eaa1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msoev_exe_15
| MD5 | 7b4b9fd2b81ce798f3b31e585fefbd06 |
| SHA1 | 9b10727f132e741089047841df048fcadddcd9e0 |
| SHA256 | 3eaa9bcb1be1f9fb075bb3b37a54646e72b506fcbe1a3614ad01a4d98d8689f7 |
| SHA512 | 2e58940bdca873a6dd6056b6cde2b7d687498a12bc50649385f58727b43b7d7bf7bab7c530bf3c4e539b559c13c422172512a246e0edea392c021bc40b2a3d15 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe
| MD5 | 295e1773200faaaf90fde45e9756fadd |
| SHA1 | 8a2c49076f59739c7e69f19852d4ea0a772af2a3 |
| SHA256 | f795251afd7834282ad149d10bebf7dceea04ba56a960b7b9e3899e4287f1385 |
| SHA512 | f0cd5d2e0b82d40c7256b4560e461b3eefa73fe51ac6679f29928faab673276ba12190dcaa404b89664bdb38e4da04c968e1db694410c9fb68d5234b58278d14 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe
| MD5 | f4ebff482100da28a335dd2ee22e4a32 |
| SHA1 | bbe5f2c752b40641d02cbb43d5c0fb9c53889414 |
| SHA256 | 802308e769a49d907538c5fa0e974313fb6e3bf29cfc8c6d1d69dddd8cd124af |
| SHA512 | 86147c1a98cde8389145059666a7d241035f69558183d21f2d069a2f973de96125d5b3f3985732d47e556c09dd0d0acb75447293700e9b45feb798e145c5add1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe
| MD5 | 6f0d8710c462b5955d9d16745bdb1bfd |
| SHA1 | ed0545934a28799ef27dddcc0439d05dc40c47ac |
| SHA256 | 342f29784a85f25ec119d85e39267ec57a4c803fbc099f6c5ceb7761f8896cfd |
| SHA512 | 404085314a3cf37e8e66aecd314d63ea9711d05c1ecb714d531126e61b7bb9929e59e4a42cb736ddade1ac416d76477881d18b428bfd603fede3e9eeb7b6f8cb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe
| MD5 | 988d8f7a55d7a70d764dfa515a4ec6cd |
| SHA1 | 0935b33593ae55a70833624fbb1edd7208391ff7 |
| SHA256 | db1ddddf683c53435b987f49f5f5b3262899451c634298bafb3a0b122ceaa62a |
| SHA512 | 3ea0e33b836e1cd0b8d034f1e4d31cfbccad59332cdfd0cfbf08005c32204ff930c5578350fd1ac111f109b1ae38d3621394227cbb1da11d64af4e46735789c8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_NEWS_txt
| MD5 | 968e7d1aa993ef1052b35a95c51946d5 |
| SHA1 | c67817521eb4f70d692d3d29b32676b1871e3d40 |
| SHA256 | 719fb4e7016e1c4fff64166a8809a6ffe5d16ba0a40e4e8593ba7f664337e239 |
| SHA512 | 3382a01b518c38859c1ffc8799aacb941fd7bedd2cecaab4fc8e7fe8e44aeb6acf3997b844b9b5d8ddf4e72331e33972606cab1e9d8b527bf80ef7a9a0136022 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url
| MD5 | bad093419be1135cfe9694ea77088c78 |
| SHA1 | 76204c7ca72cf666add9c9931389d635c82e8af0 |
| SHA256 | 136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c |
| SHA512 | 3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe
| MD5 | 0e6ef93d5933046a62bc747ea00e24fe |
| SHA1 | dd78782d47f49c2d8bb903a87596b84cf1299601 |
| SHA256 | 5086deb58d1ef6e262c226c1c9f590280ba09484995da092ee1c9e0e5bcdc6c5 |
| SHA512 | e7db0b2a9f8d1c3dc26ea5360a34959de95449cc6575ec199c4d01e487af627b7c9e2eb60166905011eb53a96d4e7076530ac5e429b3a3c47eb610b63fb089bd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm
| MD5 | a62d519be58c4ec079cd825e04c1f4bf |
| SHA1 | 91c59ff74e1911d942cdb7a68ebba42f10dc3510 |
| SHA256 | 9af30e079cc36bdf17fb5fffebbe68b2275616f9513b07e99f15f7065a2d99c6 |
| SHA512 | 637a0dced1a940af17c47abcdf30dc1a2ab2c1a1f70b9199789670398e87d2c9ad445f82e05fd1ea84cccfb62d25c8253218426c1fd9784b14dd5c7bae881b69 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc
| MD5 | 5e2da008f38c7ad813d9fe8e669dddd6 |
| SHA1 | 3f4ed852167cfb251cce13be4906a0cbea58f021 |
| SHA256 | 0cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28 |
| SHA512 | 8d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe
| MD5 | 53397b08309ff534a07d24635ba224ca |
| SHA1 | acb7765998078026e0b6ffbe57e72d8d454bc54c |
| SHA256 | 5c62803659067e9c56afca377104d8f187d0393f629ecd6863fb165cff588ad0 |
| SHA512 | bdfd047f5678f72e612875b69f1944b9afd94cc6b61740ff32380a22e37b9b86ca59efe52b7a58358c15f75ae7c04221a48060d1c0f338cf40c156f9187501d1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe
| MD5 | 7794df1f7ea502f8b5a7afe7458dcbd4 |
| SHA1 | 179f413597c837600e87609de63ae9112e3e7199 |
| SHA256 | 75f6713e1ae6f0caa52d0b3957114d7653e2e002b33e1c6b173f6a584ead94e4 |
| SHA512 | 2a77656d9201c8684315c1fe8693fee206b13d072fd4164491b7a4c5fc46a3ba78216200c48b044bad221c27423394529173f8d84a5a38da7343231d0f7d9fbc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc
| MD5 | 7279e4431c96c1030f6ccefb5fce7cf3 |
| SHA1 | e6d0c93d63c00d14e2f40f5fdbf6c3fdc3487442 |
| SHA256 | 64472af7e48d716d113b1c8a8241eaa67737b21e29abd62b4a0bfb485363ae3a |
| SHA512 | db7febd66f65a486b1b77f13d8b32787c9d04e2b07003cd0dc90f4531afe70132ed9f165ab55c012b60857bd4e6f8fe2e78f7ff132bf64a95159d7138e5df53d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe
| MD5 | 7689c30d53af0dc638a76cdac2b6755c |
| SHA1 | ee74ae57c6c4867783c282b46cce4aaee6fcd5c3 |
| SHA256 | a05bcdcfa0fdc148fc7eadaa891e11d3646b84b04f793782b7257edd77015e35 |
| SHA512 | 6840a48e5725501b37455f650cabffc17086453b6d70f943ff379f2b5b1ff9d1a72da8dd27083c082c3abcaaca3cbcb36da2c7005d08811cf94b45e88392f38b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe
| MD5 | 4f0414c4ef966619b5cf9b740c9f1096 |
| SHA1 | d136f140bb9aa3d3d9b5aa5dcb413d78b93c71fe |
| SHA256 | bfedb922c2dd20626051ac2dea4f06021eb0a51ed53d901bb7fdc3c27b0c9cc2 |
| SHA512 | bb094fd2695d2ad8f0e1f5ea5652dcf1e377adeb597cc84836aed75685689aa14f622632575bfb59a37ab86610f0595b3897adc6db7278dc141e4ef9495deb38 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
| MD5 | 5e8789e07e5c0545251da36bd0c8e4a5 |
| SHA1 | 75a00b8758ec1b080c47dae3452977e4a61f0167 |
| SHA256 | 5682a3ff1985edd22549e7821899c00286687562c768c262de1d2a542b1884ff |
| SHA512 | 3a415a469a0c2f833f93a64c5025388bc83513502cdaa46f0091d11006e48eb67215fac01953bb02c5f304d21e0f487db1085260f0f603c554c4b19434e137ce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | 2a411bcfe80e1d37e92edab81bdfb3c1 |
| SHA1 | 7c88f9f2e4f6438d404cf9d06b0f9b423a4d21a0 |
| SHA256 | 5da20ef7ac791c3f4541d0e8ec0ccebd79bc8c5819b097ee16ce845585ec5d92 |
| SHA512 | 1fc2245df1f1d23b44c4063b5bc0d46fab4490da488695aaa66dd68aa4d1a8c6e51d5646c2c24f87ccfcd081cd1a6b48445c5854bde7956a3b35faff0d8c541a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe
| MD5 | f29ba4c9e82e3ba6f79cb3383cb96f79 |
| SHA1 | f8082d87ac238c237627b132889c9cb223fbb262 |
| SHA256 | 9e228359b717ec1507aaecfa380c6e8e24a810133f8e5bd11171e5f9cc905c84 |
| SHA512 | a33b9c6e094ba20e7085e42ced2de54bd74461575d581b859a36481ff8c65f7737d0ac52429bc9ead3ca67f197755c49f0ea0771d8606c7af8bab55d061f6f84 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe
| MD5 | a89988784e4640ac2ec71f90ce85b825 |
| SHA1 | 9e22ce33b9c1fbe81690d7d7b315ce815e72994b |
| SHA256 | 679f4056018986fc3f9329155cd3a826ef7bc664bd7cb6dec0ae07a7818ce57a |
| SHA512 | 9b82109d2fe226f99d2919672734ca8dfca74b3bc2032b406519ae96e37d33a6ef77be655ae0ba5c54036e3ae3510efe767e5881b17e85b04292b1558387a919 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe
| MD5 | 33cf1a9ad7e502fd7c2de69a7da48801 |
| SHA1 | a71f1a144616eda1ca60886843fae98703417a0b |
| SHA256 | f160948153cf32d47d35bea85eccd51929566e662c6eca6f838515b0860704c0 |
| SHA512 | edbee4a88c5e5f049ec86a4b8beadeac89f4eec81f1176ea35f2f689fb40f335ee1f85df856d02d224f5fb95e4ac1e9a85cf6d54b4c436a50e478859ec9fc517 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe
| MD5 | 406347732c383e23c3b1af590a47bccd |
| SHA1 | fae764f62a396f2503dd81eefd3c7f06a5fb8e5f |
| SHA256 | e0a9f5c75706dc79a44d0c890c841b2b0b25af4ee60d0a16a7356b067210038e |
| SHA512 | 18905eaad8184bb3a7b0fe21ff37ed2ee72a3bd24bb90cbfcad222cf09e2fa74e886d5c687b21d81cd3aec1e6c05891c24f67a8f82bafd2aceb0e0dcb7672ce7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe
| MD5 | 3ccc6610ecf9eb036fc50fda1f781d21 |
| SHA1 | de7db115b3bd1b926ae0b2a795e7d0feac621851 |
| SHA256 | 2192613bbcf96dd824a813b59c598c486ea713a05c82fb1184eb955bc3b84839 |
| SHA512 | aa3a6d68415fc17695a8dc35271617834a84b3485af974cf34f2ff2a065ab6217db4a19e08abd22330dea9d9a44963e0aa70feda061db2ca6c0c29b2f4c6ca42 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc
| MD5 | 92e39e4bd3e216cf76a2cf3d93c53fdb |
| SHA1 | 6b3315770d169c632712e5bfa002610c3917d99c |
| SHA256 | be2529bc70fad82f5a753a3c4083d9ae5361c1e95a2c5fce51df6feb442de615 |
| SHA512 | ed9c3732a6f54efba8313ca533eaf6e9a5eac80977ac8028452fbfcb1429e46de192ab2afcf7f1d3bb1f0a1a8f31f00782424059d82022f660bc44fe133e3b6c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe
| MD5 | 0d19bea6f0b22383fff2d13e0e6ff0a2 |
| SHA1 | 416f9bd9d2f0deacc06490fbefe77a6ffc2064a9 |
| SHA256 | da3cc596513ca5729f367af635df99081509cf5dcf9f5744090c7cd9fa8e0243 |
| SHA512 | e9ee700a8b17396239bc5ea79f384c80e34c7412f5877e4b6214e6748ea291341599880aa5338a9e68a3ab86f2f5263b08193a543be72372eb01da0432ae3308 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
| MD5 | 9b55b8a492df2ce8fb6e9b0565dbcdcc |
| SHA1 | b52570ebb2a3c3aa8cc3ffc6ad0955078abd5235 |
| SHA256 | e73573d120f91a45563e277015e3ca72f05ff1b18976df5c81bd490805020f25 |
| SHA512 | a8fb3c061f4b6fd17167cd8ed9f92b34b90e826b6dfc036db33c72f960052e20c4cc0fbef3988032ebc30449aa310149e81187bb7e6ff87f6249202f2652cc5e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe
| MD5 | 2bd136eb4cb4539c66599b66221dbbba |
| SHA1 | 22532c9b312cce5d6e593955b795cb2ba2857124 |
| SHA256 | aec7c44a6c41813e7a0df059f38d60c3a4fbe51683d3f9d17e8daf67c0a5c8e6 |
| SHA512 | 22ef6a2565c30912f65e7b6f5e53981d514f3881e457dd7761bb4e7e286f22bba5e3ce6d0a2f7c02971d801a4e999e0d6ca4aa6b7bb935249cc947e2b3d2766a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanel
| MD5 | 744a0320026eb91c3f475b4ceb3a39a9 |
| SHA1 | 65f61bf6a7e5094f68656494a59553c1c64123da |
| SHA256 | b003c371a0dc78f40822f9959e084ad23cbb605dc362f04fff880459bde1b63e |
| SHA512 | 1e961b5c1d77c81ec0f326608a1e12511a4a0041a458b4551c17859b3afb83d98ca3c84cd8ff771684a6747f6df2ac82fe5851132034c1c42c8bd1029f4734ba |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop
| MD5 | c29ef40b14d06595314ab1f6634ee474 |
| SHA1 | faf7420e380424794dae3192186f4e5263d1ec1c |
| SHA256 | 4121ec51b50f6b8d459c56d92058af3ac611b00d7245d7b39145d47445e7273f |
| SHA512 | 60a472a5867d3fc79e5023ec260fd00dd48d207423b336a9c7393fd8a7303e88b2aecb005f652f2a983d522ec878011dbe797ff56bcf9079a43a4e971f8f4531 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32
| MD5 | e1aa86a6110404c34e05c063601112ad |
| SHA1 | 0680868aee468fce12215d90684c4c7cf7769b34 |
| SHA256 | af63b4e541130d09289a3c6852de203f2723792bab7464559459a732d553f8bd |
| SHA512 | fce875b8ab57ae028c3bdd3adc645075babb7244a9c3338abf2ce871e56722c895610ed2001c1c84de34c2837616ba3664839e0985f42ff164b1549e909c07c0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15
| MD5 | f35b45b5028b3b64375cbb3fafb44044 |
| SHA1 | 24ed8611db1e76ee699152e10be6c96c60e8a7fe |
| SHA256 | 848a25007192b687231de4053ef7ba80b6df0e70d52342b4b1fd4abb14ec4c25 |
| SHA512 | 0d7ddae93245cea32af0bd89bfe9f841bf905b97464fb87aeb5158190e0a166b69a88babc7498b88eefd41838696db2c6245ea63a3d5c5d8b78e702972f765c5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_WINWORD_EXE_15
| MD5 | a03a0988894c00b0079df02367d9825b |
| SHA1 | e7c6203741bc7b729f4ea6b7aa0afac1fcaec277 |
| SHA256 | 6f37c8f98b70b89c2cc380d0aa38b0262921202d0ee63561f57a3304575236bd |
| SHA512 | 692a6dd4619f7e05c06480d7a65fbec407a31d30087ee89efe8eda8e8a578e7a285f51af58ddd9e2c1629b9b9b32c57c8031457587b3c9a7088e21b03ece1b35 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15.key-KLWXVWCCSJYM.0xc0f369a1f2da7
| MD5 | f7c68aeb068be0b1676467034ec1ec2e |
| SHA1 | e20d93b078d12e810d3acedd043a0732d4ffc0ef |
| SHA256 | eb436308ba9a771a091998e4f804d999355f285737682273a6faa98dcbf3b3e0 |
| SHA512 | 1b1cdccecbb81f4749f1fdf11d9426eff55cf8faf866b0600884af8636a716c62f152f6ffbb14c2d5565eb664e0e6a4908c584a8ab37aff2c9d008c247b63edb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SPREADSHEETCOMPARE_EXE_15
| MD5 | d73810507446e10f35cef691a91cc5f3 |
| SHA1 | f871fc76285b469eaf3f77697acb489438671a31 |
| SHA256 | bb2ac675156df74f88f154e0b586c759ad50b5c57dcd8a98005d5597ed7ad1a3 |
| SHA512 | c9d458e899fcec6eb5ce5eae2371ab7f20e741b6cd3e82b052041e33fd8bc5c77fdcb4ee239bfd07913074eb810082a0c9753c25571aeb8aa6cf04f072e1f764 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
| MD5 | 0e2a09c8b94747fa78ec836b5711c0c0 |
| SHA1 | 92495421ad887f27f53784c470884802797025ad |
| SHA256 | 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36 |
| SHA512 | 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_POWERPNT_EXE_15
| MD5 | c314b7443a535d4b39b28c6a2d246ef5 |
| SHA1 | b7688df267a8304d3f1f6afdbcddbf96a5e86fcd |
| SHA256 | 288834f082fb5ca0868a7b8fd3f645c883841d612731771df1c9490d99af76ad |
| SHA512 | ca3ac5def4b819cbc0cb770a2e0b482e3ad5753f167b2741e7e31c20ab7236559695297b9dd5d8088ac2f1b3886a7e644166c4fab29dd63c60a906abc547f422 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_ONENOTE_EXE_15
| MD5 | 47c378bdc07ccd57b6e51d03085d0a09 |
| SHA1 | 5e0bcae2ef2a557ef7b7feb11c032e567347c9e9 |
| SHA256 | c8306e51b61f5b4d819bee37f60258378b9605c6787f55cbed76c676bed66322 |
| SHA512 | 1425b348c230aa7818d08049b57228a27bc591fbbb1a107f153eefc3e313ad12cd3ec3efab0b314795ddf00586a821e98eb042db68d3862ea2cf800a0cadb77a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_EXCEL_EXE_15
| MD5 | 2c3d8b38f4706d2bd623310de468a21b |
| SHA1 | 43aa3a23be9e599c8df874b631e2291fa0fd5e25 |
| SHA256 | eb7c131073394f7824cd2152e9ef1f87bfa7feb09097af42d7a882b3ad7b7ac3 |
| SHA512 | 45fa14f771adb80eaac8d0bc02e70d9e9e453d27238698c7953de7434c4a182eadad6e7fc908de4e5babd487f9dc917fa3ba67ca599c5889804d948da7fd1fd8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_DATABASECOMPARE_EXE_15
| MD5 | 1d3c4e80c24cd236fa76a27435926362 |
| SHA1 | 7dbb5cdcac2ba68296501209c9fe98edcca2d35f |
| SHA256 | dbcdcb3b5da2fff40a182288466d41e376b9c578ffcae1c40e53e6b2b1162b2e |
| SHA512 | b871c72d59f3422ef443502bdd0c955be46f34f599efb063dd5d8701902c390f8397df4d4d04699a03cc3326f4761a4d463df7ee8f7a32559ae0b0e39af41acf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{C1C6F8AC-40A3-0F5C-146F-65A9DC70BBB4}
| MD5 | 2e455b88290024ba91a90deb1f194a19 |
| SHA1 | d17027449bffef8c398ff1ffd8fbf078171805ea |
| SHA256 | 65afc3f47f89f404bb847eca3c445bcbb15af5fe0905fc050fcb6b6d2f6d00cc |
| SHA512 | 1cea9d5922894fe900df5b186af735997cdc2132ccdce5690681f4e55608c5c9dbfd5b072c81453ac7456df7fe6577f55e5f86900363fd3acfafa78dbcd6ac5f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{BB044BFD-25B7-2FAA-22A8-6371A93E0456}
| MD5 | 6ba483c92ecc054466753e522db97936 |
| SHA1 | f46a0ed2d9d68a979241974f1588d076f64f68aa |
| SHA256 | 25b4c976977835c431d466db710ff3d5861cacc4e77683ec6fd4d5c9d5ae0afd |
| SHA512 | ba9fcc6b649ba53bbead16cc9e47741fbf4abb3d115212b15931d7e759b07a3ddd926042ebc93dc1887dd25dd33044c44bae4fcaf2452217d7d1180b1b269f0b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133760536280418433.txt
| MD5 | 190a3a38fbbecff68c090688e6c8ba20 |
| SHA1 | 9afb677325a0456575b4fc3327daaca9ca392d32 |
| SHA256 | cf0665cb7354dbf9b6ac678bfd496e4de678aad8e90c34549c2a6c9b5e63ef5b |
| SHA512 | 5957ff1e49cf3b12474dd457e1e0a953eec5fa6e3f28989ce6338ab724684e7b1fd0423adbed1ae2f15ab18fc9918a15f81657cf1a41bd7dc02435b2e479ecb7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 10:25
Reported
2024-11-14 10:28
Platform
win7-20241010-en
Max time kernel
141s
Max time network
19s
Command Line
Signatures
Clears Windows event logs
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\libvlc.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\calendars.properties.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\it-IT\sbdrop.dll.mui.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\zh-cn.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\mk.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\yo.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\helper.exe.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\cpu.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\slideShow.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
| File created | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b | C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe | N/A |
Browser Information Discovery
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,47" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b\DefaultIcon | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.0xcc259f90d1e2b | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wevtutil.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-14_92ffd2386f0d90f07e12f74ed815d219_frostygoop_luca-stealer_snatch.exe"
C:\Windows\system32\cmd.exe
cmd /C "reg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,47 /f"
C:\Windows\system32\reg.exe
reg add HKEY_CLASSES_ROOT\.0xcc259f90d1e2b\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,47 /f
C:\Windows\system32\cmd.exe
cmd /C "iisreset /stop"
C:\Windows\system32\cmd.exe
cmd /C "NET STOP IISADMIN"
C:\Windows\system32\net.exe
NET STOP IISADMIN
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 STOP IISADMIN
C:\Windows\system32\cmd.exe
cmd /C "net stop WAS"
C:\Windows\system32\net.exe
net stop WAS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop WAS
C:\Windows\system32\cmd.exe
cmd /C "NET stop MSSQLSERVER"
C:\Windows\system32\net.exe
NET stop MSSQLSERVER
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQLSERVER
C:\Windows\system32\cmd.exe
cmd /C "NET stop \"SQL Server (MSSQLSERVER)\""
C:\Windows\system32\net.exe
NET stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop \"SQL Server (MSSQLSERVER)\"
C:\Windows\system32\cmd.exe
cmd /C "net stop MSSQL$SQLEXPRESS"
C:\Windows\system32\net.exe
net stop MSSQL$SQLEXPRESS
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
C:\Windows\system32\cmd.exe
cmd /C "net stop SQLSERVERAGENT"
C:\Windows\system32\net.exe
net stop SQLSERVERAGENT
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLSERVERAGENT
C:\Windows\system32\cmd.exe
cmd /C "net stop mysql"
C:\Windows\system32\net.exe
net stop mysql
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop mysql
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlservr.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlservr.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlceip.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlceip.exe /T
C:\Windows\system32\cmd.exe
cmd /C "taskkill /F /IM sqlwriter.exe /T"
C:\Windows\system32\taskkill.exe
taskkill /F /IM sqlwriter.exe /T
C:\Windows\system32\cmd.exe
cmd /C "Del /S /F /Q %Windir%\Temp"
C:\Windows\system32\cmd.exe
cmd /C C:\Users\Public\Log.cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell "wevtutil el | Foreach-Object {wevtutil cl "$_"}"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" el
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Application
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DebugChannel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowFilterGraph
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl DirectShowPluginControl
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Els_Hyphenation/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl EndpointMapper
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl ForwardedEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl HardwareEvents
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Internet Explorer"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Key Management Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MF_MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Media Center"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationDeviceProxy
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPerformance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPipeline
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl MediaFoundationPlatform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IE/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEDVTOOL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-JSDumpHeap/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-IEFRAME/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-PerfTrack-MSHTML/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ADSI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-API-Tracing/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/General
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ATAPort/SATA-LPM
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ActionQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AltTab/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AppID/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/EXE and DLL"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-AppLocker/MSI and Script"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Analytic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Debug"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Application Server-Applications/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Problem-Steps-Recorder
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Inventory/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Application-Experience/Program-Telemetry
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/CaptureMonitor
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audio/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Audit/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Authentication User Interface/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-AxInstallService/Log
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Backup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Biometrics/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BitLocker-DrivePreparationTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bits-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Bluetooth-MTPEnum/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCache/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-BranchCacheSMB/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CAPI2/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CDROM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-COMRuntime/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Calculator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertPoleEng/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ClearTypeTextTuner/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CmiSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CodeIntegrity/Verbose
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ComDlg32/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CorruptedFileRecovery-Server/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Crypto-RNG/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-D3D10Level9/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DCLocator/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DNS-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DUSER/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXGI/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DXP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DateTimeControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Deplorch/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceSync/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Informational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DeviceUx/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcp-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DhcpNap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Dhcpv6-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiagCpl/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-DPS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-MSDE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PCW/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-PLA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Perfhost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scheduled/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-Scripted/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-TaskManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnosis-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Networking/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Diagnostics-Performance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D10_1/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/Logging
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Direct3D11/PerfTiming
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectShow-KernelSupport/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectSound/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite-FontCache/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DirectWrite/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Disk/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticDataCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DiskDiagnosticResolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplayColorCalibration/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DisplaySwitch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Documents/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DriverFrameworks-UserMode/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxgKrnl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskRingtone/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-DxpTaskSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EFS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EapHost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EaseOfAccess/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventCollector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog-WMIProvider/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-EventLog/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FMS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FailoverClustering-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Fault-Tolerant-Heap/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Feedback-Service-TriggerProvider
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-FileInfoMinifilter/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Firewall-CPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Folder Redirection/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Forwarding/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GettingStarted/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-GroupPolicy/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HAL/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HealthCenterCPL/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Help/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HomeGroup-ListenerService
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HotStart/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-HttpService/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKE/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IKEDBG/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPBusEnum/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-IPSEC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International-RegionalOptionsControlPanel/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-International/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Iphlpsvc/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Acpi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Boot/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Disk/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-EventTracing/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-File/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Memory/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Network/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-PnP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Power/Thermal-Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Prefetch/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Process/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Processor-Power/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-Registry/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-StoreMgr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WDI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Errors
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Kernel-WHEA/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Known Folders API Service"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-L2NA/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LDAP-Client/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LUA-ConsentUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-LanguagePackSetup/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MCT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-CLNT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-DRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MPS-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MSPaint/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MUI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-MFReadWrite/Transform
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MediaFoundation-PlayAPI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MemoryDiagnostics-Results/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-MobilityCenter/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NCSI/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDF-HelperClassDiscovery/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS-PacketCapture/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NDIS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NTLM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Narrator/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetShell/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Network-and-Sharing-Center/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkAccessProtection/WHC
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkLocationWizard/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NetworkProfile/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Networking-Correlation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-NlaSvc/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OLEACC/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OOBE-Machine/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OfflineFiles/SyncLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OneX/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-OobeLdr/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PCI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ParentalControls/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PeopleNearMe/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceStatusProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PortableDeviceSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCfg/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerCpl/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PowerShell/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrimaryNetworkIcon/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-PrintService/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Program-Compatibility-Assistant/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-Pacer/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-QoS-qWAVE/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC-Proxy/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RPC/EEInfo
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoost/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReadyBoostDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Recovery/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ReliabilityAnalysisComponent/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteAssistance/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Remotefs-UTProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Detector/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Exhaustion-Resolver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Resource-Leak-Diagnostic/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ResourcePublication/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-RestartManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Search-ProtocolHandlers/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-Audit-Configuration-Client/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-IdentityListener/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Security-SPP/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sens/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ServiceReportingApi/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services-Svchost/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Services/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Setup/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupCl/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupQueue/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SetupUGC/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Common/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Core/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-DefaultPrograms/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-Shwebsvc
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shell-ZipFolder/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Shsvcs/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sidebar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Speech-UserExperience/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Spell-Checking/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SpellChecker/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StickyNotes/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorDiag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-StorPort/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-Csr/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Subsys-SMSS/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/Main
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Superfetch/StoreLog
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Sysprep/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-SystemHealthAgent/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TCPIP/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msctf/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TSF-msutb/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TZUtil/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskScheduler/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TaskbarCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-LocalSessionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-MediaRedirection/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-PnPDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RDPClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeCPL/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ThemeUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-TunnelDriver
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC-FileVirtualization/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UAC/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAnimation/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIAutomationCore/Perf
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UIRibbon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBHUB/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-USB-USBPORT/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Diagnostic"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-User Profile Service/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-User-Loader/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserModePowerService/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceMetadata/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/DeviceNotifications
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UserPnp/SchedulerOperations
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-UxTheme/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VAN/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VDRVROOT/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VHDMP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VWiFi/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeControl/Performance
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-VolumeSnapshot-Driver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WABSyncProvider/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WCN-Config-Registrar/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WER-Diag/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WFP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLAN-Autoconfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WLANConnectionFlow/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMI-Activity/Trace
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCCore/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPDMCUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSS-Service/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WMPNSSUI/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-ClassInstaller/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-CompositeClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WPD-MTPClassDriver/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WSC-SRV/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WUSA/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-MM-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-SVC-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WWAN-UI-Events/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebIO/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WebServices/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Concurrency
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Power
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Render
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Win32k/UIPI
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHTTP-NDF/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinHttp/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinINet/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WinRM/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Windeploy/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/Operational"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Defender/WHC"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsBackup/ActionCenter
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsColorSystem/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsSystemAssessmentTool/Tracing
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-WindowsUpdateClient/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wininit/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winlogon/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-AFD/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsock-WS2HELP/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Winsrv/Analytic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wired-AutoConfig/Operational
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Debug
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-Wordpad/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-mobsync/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-ntshrui
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-osk/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Microsoft-Windows-stobject/Diagnostic
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl OAlerts
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Security
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl Setup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl System
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl TabletPC_InputPanel_Channel
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MP4SDECD_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_MSMPEG2VDEC_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WINDOWS_WMPHOTO_CHANNEL
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSetup
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl WMPSyncEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl "Windows PowerShell"
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" cl muxencode
Network
Files
C:\Users\Public\Log.cmd
| MD5 | 6a2f870841e0126632f5b9bf0d000d6a |
| SHA1 | 51689e26641f0eb054cd90553a21a472a2e79148 |
| SHA256 | 4bcbb565ad2fd05a4fc458cd68254853cbcbf5749beffccb2b1e22b8a53ecb2f |
| SHA512 | de089c5d2dd691c64e38bdc82a2a5266e65cf8f9fc40e2d60ecded7a775922ae5100cc406f09346fbaf402fc1fe3074ca29ecd64119f7c490381aee72780bdb0 |
memory/1192-5-0x000000001B230000-0x000000001B512000-memory.dmp
memory/1192-6-0x0000000001D60000-0x0000000001D68000-memory.dmp
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | d64d030b061b0200af949ac43e7e70fb |
| SHA1 | 5f3f4f427c841de9eb4aa840aacc61874fdaff85 |
| SHA256 | 3f046ff85377f8ec7d441b0afa9d1fe7b5547b671c59c1f75f552f1f112a143f |
| SHA512 | 997645c6570da4808d39bdd1220c2184d82416e8ba7409e09ea769541c271f8aab57b281d446022b15202c93480293ada97207dd8b311b4c96a31af4b4a27ba7 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 36fdbd03572ce79e51df5d4700bfe3bb |
| SHA1 | a01867df5cd1861a77f95c24abf90f4d906dc21e |
| SHA256 | 0ccfd7b91980f42dcc159fb0d277491d60a16512de0c89c5f841a9933084b605 |
| SHA512 | 1890e0f87c6acb10e041ce59204acf087fe00bf18d5a3dae864ad5c0a8b8dd7e82dc84b472eb26c9bb9eacedda7adc8f128b1c2085f571a9069c826db58f4b70 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 138ca16c6e3a7a212795388c0c8e91bd |
| SHA1 | 58965d7d8ac6fc0987aa5b2006d7c53a83f70f04 |
| SHA256 | 2437a6f2f341ed0d6cdba0db6bc3080deac5f5a8bf9bd64b0ba1a06f953ee139 |
| SHA512 | ff16820c75cb2862bdde9756c35730daebc2ffe534dfc92019f5a6dce301bfac0ba1bceff3002015f5d47f563f47793bbef8b8f9458ba9df27b1010549af531c |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | d28cb20d7a13bebe6c74570fc69910f9 |
| SHA1 | bc4d2381849fff80118dc3b465ae7ff00189b438 |
| SHA256 | db9f928e5fdaeaf81c96b969ee3fbbe06e48602ab7497192fbd16c0e3d12a5c6 |
| SHA512 | 3a7cf7881b1cf0145ebf1a664ac40071202c520f90832837524378d8ad1f611507f70ff98b6eb77fb65096afce24a89b4308cb5625fad1fad70dde52a9f79905 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 1060bdc5b66203a43f502f8f2358a97c |
| SHA1 | d43738dd8b35ff1423801496005e5842183c2584 |
| SHA256 | e44f75612ddd73384ddc18ad98cec1cea64549cf9604240c151ca026c4b2fcbe |
| SHA512 | 4759e2bb0098fc83387204e3a768224fd1d44d958b2544884806953b19c0cfe045e6b46e722a063a66529b09b08a493131c0c2610883c4ea185ea53849fe5553 |
C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 7866e2844ac0cc06b8f829a2e82c77e1 |
| SHA1 | e603d2cca4d8048bf911a1e89254e4e4d98c14a9 |
| SHA256 | dbdbf83d9059ba06a08574bb47e46ed636b917345e75080378e5f729b9d25b97 |
| SHA512 | 10c8d0597f501098d07a3cd2f7a372c3c567b8a112d0de1ed3365ab568bda5167e54e909d329c58bdb03b4702518791b17ed9d6cbc6272aed08c5a0ccafdef52 |
C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 8092005059988c39c96a07be09802a82 |
| SHA1 | 113acad8e88b6f10029dd62e369cda7fe7028dcc |
| SHA256 | 6328605a42669b43acc68fc11c0194d640fe5133e2ffaf3daf1915b56efc719b |
| SHA512 | 9a3791c1f0946ee7f10f0c57a5c1f9f3473f73e7242a9d3217d9a54840663473cf7a34d7676e984d7a7d99e25b7a9130eb9d0c0776b5448402ad9a223950d151 |
C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 5a6f13425165848b9a28f36de9aa0ef2 |
| SHA1 | 9c27fefd16357ad6c909b73491487d72d8b24160 |
| SHA256 | 7db3b527e2e960ac12f602e54c604bb819e27fa8128ff82f5a5d6edb3e5ac95c |
| SHA512 | 857939165393ff4eb10b8772e43b79334a51983d3c6a171ede5a668d1fb0eded15b7c15bf9f81bf7db2cce0687164e07bf7776f5adbf485e44acfd7fcacf2436 |
C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 90c41dbf3dc37be2492b8fe2ea06bf1c |
| SHA1 | da460ccfd0ee1c9910fe4eea4d7e210b862bbf08 |
| SHA256 | e0e7ff7255d163cffaea316409f2de306bfe3942d03c262070b3cb8d17c3ae4a |
| SHA512 | 7fe376e5e156e02ede9f9cae8ece3d644a10985097efcb6124768c361b50e759a1ddf288c9bb94ac40906b65451e02c26dc67d715f4d2dfd399e9def6aa37e34 |
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | ecf7c78d91faa77767ea785a8a50ad7e |
| SHA1 | 989ad657fdb0068ab603221233e46cbc8553dea5 |
| SHA256 | 536c5e711c3806cceeceac3ef84e9a009a6c5b3aa06fb4d37a2d839ca3ead7d8 |
| SHA512 | c66033474861ceb89b210a641984faf11794849adf99fd13917880b85bde1588b468d2c3f091d4ac811f05d181d6bd1ded8af2320113ba83eb626d1be83dc40b |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | b2b0de1ed10bac0babe16f15e62ffda0 |
| SHA1 | fa0a516a68eadd605738b5672a2d02a62101a362 |
| SHA256 | e211975b486d87eb356dd4a620396043fc250bebe766e545bc9c4093515e43ee |
| SHA512 | 7d7d4f0881a7b43e59f6862b654621fca04f6d7f04fdb10c8f169f5d25aea20072abdf6713a85dfe1e9be2641b13bf7bf5a176b18d8ec8a364b00161d511b8f2 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | b772bb53b07d73e1ee0779d6dc15a333 |
| SHA1 | 2009804f64dddbbddcc9fc1dd159a5063d07a8f1 |
| SHA256 | 29379bbe38d6a8a16193394b64e51b9412f0d13d4530e64d5b3755e2b82c69de |
| SHA512 | 2d40f3d7f3521a7c0adbe5601f484d07e982e7b063a731fe3d11a64cca4977e9f13cb06eed8f8c44bab08252d4e8e59a503ff01d94cd2095f15593da8ae4fb23 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 3d0ab06cca099e1896d76c1ce17b0624 |
| SHA1 | 9521b3ed8953aa70f3d4089833470b763ea26b1f |
| SHA256 | 9be26140b970f5c353c0f440dc25d7c29081666a07f5c964ec952b239dc42c48 |
| SHA512 | 5aeee4b0d9422b031fc208162da6f835d74c47d447e079edd67bdceff42d55089304d684f664f38fedaa3d64c1e61239238e9d6b82acf288a0e58c79c545e7e2 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 66a1828c4b2980c43ec3ccdeca5439da |
| SHA1 | 4ef1561800df0a00935a1eb73e72abac3a626b36 |
| SHA256 | fb1af86782b92ae14c0a8e8b4c8f77c07f10a64c1507c7d1411708b4a4739ca4 |
| SHA512 | 84ba044057ac07083ddb8d51889177517d8aed56fb3d1ecb677f9a1240631824199b27759eabbb993df13664320dc0232ceae46940882c7d640c2db243d1795f |
C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 9877683f54af94f981608a776557e99e |
| SHA1 | 4d9a59f5f6e4d504e7f7e3345cca4d96859fb57e |
| SHA256 | 08eaa1f2885f0a290c87ffcbe1648b3caccd75d3b65c4084166e12b4f9b66724 |
| SHA512 | a038fac7bda3633bd6b3f9f12c3e2f327cadbb01c9dacecc455cf9f2e40da4749ccd05f51569d9b74f34954ffc81c8878ff87def85e0f7d816a697a3201fafd0 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 713af64f2a66eb1526d498f7c7b12a7b |
| SHA1 | 0a9b5e2b2ba16808206176470e2fda1f92c36046 |
| SHA256 | 20def8fb12c615c956854fdead1a78bc9eac3aa3f60773fade9a376b9ab024f8 |
| SHA512 | 942cdd14630e528dcdc75a579340419eed2e20bdec665f33f9c1f6d3489a32e16ad497e7c8cbadaa8bb583351e12547436a2b02b2720ee8c0583e99082008257 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | a0b9a96178c73a33a0c11b70699631e6 |
| SHA1 | 212dd4696892719b0c937913e5593a96d40e5215 |
| SHA256 | 9a6864a02470556c0f3020cabeefede073cab64a1a6450c5e3efe1a68a507932 |
| SHA512 | 9839521680f96945d7f5df133b63f30c2223a41c4517923f630fc4187c92b856af0beb70c15b8ab3cda7431e765c90c67418877c24e3385f063673596ee52615 |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | b82a86643ec6c1aa164115dd48d50175 |
| SHA1 | 91124c81694abf18e40ff5df8a835ee6d867e6e8 |
| SHA256 | 170022934e19c0014818830e73c19ec8fcae268e4b05a084c632ae1a63276fb3 |
| SHA512 | 6d671f1800789e90302945ee34ec625efd2cad8cc41f7399637d2d82941c154e63b9e54e3e62d3df5c8383319467739dfaa8681ba1793fb847ae8cf653d9e683 |
C:\Program Files\Java\jre7\lib\zi\HST.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | dfdf83f73bf308d88290ea3ec38ccf3a |
| SHA1 | b03425088158c1904bd19134bf7122566a3ec724 |
| SHA256 | 1929e6819b42c8c197cdbd069f13d27bad8d3e9649f94445e9c1adf3eaedccf8 |
| SHA512 | 69af3b7fabdb2d3529d5895758d5913ab7a5ef71a56afcd759257a2d725121f0835c7d77031d00338a56ae25ba027befae89997ba098f619e36130578347d6e5 |
C:\Program Files\Java\jre7\lib\zi\MST.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 87950f5801f345c4e97d57d42b44d39f |
| SHA1 | 7ecb77f6344d1aaac21b1e10b40aaafe8ecf3eae |
| SHA256 | ff271fccde06cb66a26f12ab598619cb860cb13aa1b5429cdb199a8ac28e5879 |
| SHA512 | 030f16e7fe95ccea0d07860b433cab6834c5468649cd333a6cb7b75989d0d95e018d5a4093d0849171896f4e526297d618f55500a70cd7c3e191606515bd2d02 |
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 2511a7e76ea7362b772d7236b41c9510 |
| SHA1 | c94ebb9cdd5eebc38f73e99de69ebaedf8855f35 |
| SHA256 | 95ff8d2787e7c53f4d9e24daf82177e66ab155543e89491f95638da87c3067d3 |
| SHA512 | e74d545bad1d04367caa5d447fc6e9ae27b76fd8aa8922d16c485de3b4783c152082bd0dae4681d5922d210d6a6c537d14539e298a471acb6b8b87c25bf166da |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | b85dc75f2510eba19b42816b2391779f |
| SHA1 | 68c19f840c25fff934d7ec9b1a2b4510ff11f2cc |
| SHA256 | 2cd75ffbc8bc9036486ab72b0a9a233027a9a2c84c37aa5f2f89e17670a3d049 |
| SHA512 | 418becf37185c7c1c93352d39eaeb9557b2a074f04e831a9e118d7e0cbd9ed7ec643be678c518f943b13299f24b642a3f35b69a82c12aaf63512283924a9db5e |
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 81cd39af114dd719964b568d4d4d5d36 |
| SHA1 | 4d0a048b4d52d322b40bdec0147d09939978e02a |
| SHA256 | 6e695b84a8a54a7596176c38a8b699e5eb60ffbc351764be5a72bc2e5eb2bdad |
| SHA512 | d5d79252f5f6db7476ca13bd2419f41e7d780a10cd17b60538431186b47cfacc753c8693c9abedaa42fb233dead2da101dc697c500c2e2c03bf894153ca91f4c |
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 64fd39dff664a3f7c6115cf329780a77 |
| SHA1 | 184a4a38a07b6fe51bcf7c33f54b01cf11b11d9a |
| SHA256 | f3e4e4c485d415509b996a0207f80cea4af956836df7f72d7fe38774fcb7d12f |
| SHA512 | 05811fd04c415cb3beb8aa7bbfded944c9e5006922be1bd0fadb61087aed709c6418382e8cef2964b76b31303125bf674030c0b602e7ce8df32abbac54546f46 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 55788b7ca9b07af5831d1680cd4dbdd3 |
| SHA1 | 5cacfddc549a6dd7d4ea20523eb8507f18c2a51d |
| SHA256 | 21d3ac620523e4e4277eeb046b8e3118f7fa57c056cc2dd1321de217548cc447 |
| SHA512 | cf56668c7bcfa6bb17c438f1cedcb4c84c44d2280465f497a7a268bcc57a3e845fab4e6caf948db1a3e577e83b31b805066545522f89ffe3a3d38b0fca6476d8 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 4b005d5da246ce2084e8322e9a8d5623 |
| SHA1 | 148227721d008a60f3aca4ad563acc399370a2e9 |
| SHA256 | 283372763d4747d9b1c80686becf4ad619fc1b0c91999e15a572838f4fbf9a79 |
| SHA512 | d52b6d686e7713d7ed86c1ff90cfbbfa53ab478ba72ec4c4a5e0a6982ed185da7431f3ceac19071ed103ccec94c12dc7c40c968a07e3792e9ee1a9395beeeab3 |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | f5aedca57bb0ea123c185f67724b44ac |
| SHA1 | cc447594fa6ca0a86684b279535184f5a96f8368 |
| SHA256 | 1e2b63db93eae148f3227d9829cc3d06c849130852e2ee4ebd05116ab09d087e |
| SHA512 | bd4fd81baae5bf16896efd2a78a053da795d30bef784cbf9a8443615e550ac57f76ec3efcaef88ec1a03de6aad9a06c2e378818dfb75b7ec23c2c8b90cf4585a |
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 32b4b86a3cdc0c42c0dfe8dfee233063 |
| SHA1 | 0ec4888e98fdc4450012f84e2e0c8a2d77766c01 |
| SHA256 | 207bc11aa9668231bf1cd85dc4cb6ac1030834f1bae830386601a1df083ce4d6 |
| SHA512 | b8098448ea945ce61af7b9b48e76c6f80bd034bc32a0738342d9551c943f812878cd2a385d904260cf611bc160fbf0a564564583dcce7ac3522512d5b79a7543 |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 9e78e7cca3f3575587c1d3537c835a13 |
| SHA1 | 84117d8f9ec72e498647be70357363247b9c1374 |
| SHA256 | 8385a1da2d82156233e9d06d14ed647d9e1a1bb99e95c81f457da487eb165ddf |
| SHA512 | 09c99ffb57ea3e5f05cb0c039aa65844cf8b2d1c6741fb334f864bfa8bd6e0a9ffa88d0b5330e1622c0be566c9cb615af2c7c2f49b0ad425c34700994812563a |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 3bf894012d3fb2785be4ad0ad685afdf |
| SHA1 | 64e57ccc8c795b2db1a758b842213a3aa30ebb85 |
| SHA256 | 26aab55106cdb7f877e69ba7494e7b101bde41ba2411365b0b52059835bc36d4 |
| SHA512 | 3404cb3782c329166ec426cfd653ba41cdf5cef51b16923905a5cc8c7acd341dba891b218b52f05e56b96418fe657383a098964026b134c3366f749d65153fde |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | a2707f01c4faffc3329991304f001c26 |
| SHA1 | 319dd92d0bd6433ba3bb61670674061ecc9d9b01 |
| SHA256 | ff5ed938a3b8fdcdc04721a2dd901fa0dae129955b68579b18d3b2268485b75e |
| SHA512 | 68cffe8ef81586cbceff04a50d04f5f790809ebea938358ccd2a0d91d42048d613145eca9501329246ee326779492588e91a351a32f47b2472b01b6ec281bdfc |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 087c20c7b8a25ba3681132be6fdbc6c6 |
| SHA1 | 81f7c5387c6d3dfb16750b29117135e837035196 |
| SHA256 | a2d266ebc42ed3aa29bdae3f5c3a13c254a3e4e033b1fecb31ac8672a0405563 |
| SHA512 | de8bd2da7ff37863957bdbefd186506d2fc10dfe8f97e7d54572ccd6d6e75f69b80393f04953a676542f9b51648617a1d4fe09fdf9a0220015ff0034bd7515ef |
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 82915d8f74bd63ebb0a155d7fa3c8808 |
| SHA1 | c6827ae444e5d206e445bfcf65f364b5e330b345 |
| SHA256 | 9175eafd8935aaa2df349dc201fb5037ff1ce9c952179f7195181f9b3cc1adcd |
| SHA512 | 7f8bf0dd134ab65a3c791bf980df5da8bbbed5e56732682c6a2ba1fa0fbb8085de11d436e9a996176238cc91c22af166b88d0abfc2a5dfce1e691d4295768f46 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | c8c2ffb90fd7007f97faca2ec3eb396f |
| SHA1 | 223bcd6edcee46350c502c3fa051e9bbbd0404c5 |
| SHA256 | 1d7d897afc62f64bf5df2ede3b6c6b93df47a3cf67529b88eba53ff6fe9bc46b |
| SHA512 | 164c7801448e36944c8fc3ce1ff5d3423fdf615c057c3daa93a2c6778a41cd136996df91059eacd8a388189018f53c1626504e052e169a50af10c2bc9eaa4fc7 |
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 828cbe0f94e5f9542f13458c09ef3787 |
| SHA1 | 63de8e86dcb4ce76cc947f4c7459b7c46bf7fad2 |
| SHA256 | f8dd87e1163d3dad2f60d49436216b657740d71d26716c215d48b84415a08fbb |
| SHA512 | 3ec3c119733b6b88b28e7f507258680c0d77278fcc59ea43b649db556145cede5d21481ab2c533c70ec819b96d4e2e19957ea87de3de258042a0ac7bdb970cb6 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | ae87d7631b243fe81a5b721f02904500 |
| SHA1 | 09d865f273589f7b27c2618c1be2f12f2360b26f |
| SHA256 | 87f0d54275e01153c42ab9df9c9c3fe2f8a3b2edfd49e433a5578b840a1ba84e |
| SHA512 | 995a4d8e4862416ce9a5695c60b972b5809e340e943b3f144c61f4e9862eaf12b8bef7df98361cb08cb69d86fb54e7da4c65b50fe1059139023636546bd21c21 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | a1e08e8067ef86c7ac8b0b2578e551c1 |
| SHA1 | 2203fae2e3f572435d16889fc0b8ac1197f99956 |
| SHA256 | 703eda008dc744a2be66d585a608c10a350aa65428116db7c9ceecb383fff400 |
| SHA512 | c5c3ea69558cdc79e1dd253692499c9efb3cdfe7a7a0e8bae2f5ef15ec979606536ae0a777390a6847926b352bf8917aa3a13f53dcb162978e4f1e79c4ddb75c |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | d61ee4313e6ae1127df228c8c0cd569e |
| SHA1 | 359cca37bc790ae515e64a035bf9491e5c82473b |
| SHA256 | 80d2ff26fb5f24e6e8112fdf02cf972aaec91090fb7b3a836169499e3036c14d |
| SHA512 | 7a467fb734efa75810b6aff6db45786ab1303f9a0afc74271ad3a7b0aec2a8613f9be868b90450771196f23c4aabad3a3bd9fe32c12f8261d28c260b2168f62d |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 71f25e78db90d3cdc34666bcacf755b5 |
| SHA1 | 4e9c79563b8cc1320d17648cbcf70d37eab70871 |
| SHA256 | 331371b15ef3f0f582572da8d992538844f6a7aee8cdd4ec3901178ccf214c27 |
| SHA512 | 0aeb7d80f588f664f19c98fc3cec3582ccdaa9fa6db7d3449e56fbb24c217658adfea4ac6e8e5fba727b4f6d9400dfac37d69d2fb49352f00418dd2887d70cf8 |
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 0bd1bc23040588f0f905824b9ed49cd4 |
| SHA1 | 3e94cd0cef05acf721dbf77ec1a971cb9801e646 |
| SHA256 | 7a91c3a84eeb711be37ce13854718b3e0a58bc581c12e1e7f7f8e96a04825e75 |
| SHA512 | a83d54f7b3249b7d10b228ddce0dace2216cbd34f331b374e2964c0bec210eb5655a797a92181a9490c04fce822a1951ffb01edff50ce3af3c04b04e57b83676 |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | f1c2978246511072175bb2824dd5f213 |
| SHA1 | 371c84f27d0ae80358970f060b9114d58304d66e |
| SHA256 | ff20a942a6e936194a84316a1e664c141c11f99e4a1658a1f2892b97f543ebb8 |
| SHA512 | f2d8089f5badc337e671fb73c95594d3cb0980997c634aaa860f05d92d7b433ed39aa6aae9b21e33a1dd5ffedd724da0cab06a7987a13f4ddb53ca688abfae0a |
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 88d40c25e2e2495be0f58eb7501d183a |
| SHA1 | 489397abe0229b91f2caeb21a7509e0a163c710f |
| SHA256 | 3fc33565cec410f223dcc4c9d954d977a25ce5ba8b745dc1aca2b8f934dc76ff |
| SHA512 | e28ae49c64d0126e5936145124ee68705dc00bdfa0b59de130364d4f8f670493331bb977200e6cd37540a9ec2849855be4ce95de71b5b5dcc93197186154457b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 088c9d2ecafcaea3636283e768cb3a2e |
| SHA1 | db8003e62a1476adc4b69889caa887d7cdf12fc1 |
| SHA256 | 9ad32211cfed13b17e78551c7af4bdbf0d0d55d26b9484e2553239be70f0309a |
| SHA512 | bc61ff659d161a3d87cb1ce5a1e7ac99193ac6ec52d26a2dcc6f7932d8fe83968ddb8586dd4a18de18a4720b9ac544c6fc2c616abe982f20c0f5ffcf8741e7c9 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 392872261c29153a2e29c43a9f2b5466 |
| SHA1 | 72c81941a72c646e972186d7696c877f992bab50 |
| SHA256 | d213d3f018e03cd11e224e86ed16055b90aed917c506a0399c10738a1e56618a |
| SHA512 | 47d609c3e870e5292ba3bfc8342b2eb2a715e682df86b60405588a10614a7d44c6c27d9237469844fbe13d59b7ee807455f4e45a41ae34893b63ba4e3b565e76 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 6a375b769da673fecdf21d8019be00c9 |
| SHA1 | 3975138047b8674c58e006eef4e1a99f663ae930 |
| SHA256 | aae6996ee257879c063ab5a8884bf64bf978cf1cade43ffc1d0b99c52a329e07 |
| SHA512 | e026638f60d20ec5f3bd976dabaac53e15a14791f567597bf8d05fd307aa4edbdea2da1392c0abfe79c378e6650df5195e2ed179e97f945b5af6f9b407426326 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 95b9d18b99481e78be94781ff070c1ff |
| SHA1 | 791a45fb28d478c569c54f7ea20a66efc7dc34e5 |
| SHA256 | 105c111ace325f37f0f3f0c846565044b5031b4d86cf9a9b58d1653ce996efd0 |
| SHA512 | 738f511d796c64c2675cf0e07ffaef315f911aec53bf5ead2cf071ac5a04f0fab9a5451ee87c602c85250797bf3fd95279b1103886adfd5bbd5dedb06496837b |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 827bcb84367207a2d304565690256aa8 |
| SHA1 | 0fa96680e62aa4e4541f2dde01c7e664b27f220e |
| SHA256 | 18ef6b3a17d8ea521c2ba34931f4d28239ed461fe1b35a4dbef4079cb1fbbcf7 |
| SHA512 | f70db8ea133d44cb502d6afced78fe9b69f76883bccf837e6e15e36532f53a94bc3a0ae134e6c9f9c04cef69d70a44bd097042467078364b10e4de1905e9e27e |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 9d704e7ce3242e57e559d467f3658fc9 |
| SHA1 | 613d09c620a01fc195db1cf055c8039dcf745695 |
| SHA256 | a242a0f91a83032cc03f0c72383635d124ec6a14711352bbe913137fb134385c |
| SHA512 | 0383168cb2c81e9fa54e3639a9d81550ddfdd35b10d52618ba6b4014c3a1cecd542388ad4421fadff9444a18dac84b467ea162f33d3c41ede95036365d3443ea |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 8ea160b5067724a94401bef03e976749 |
| SHA1 | 90ee0d3a40e126493eea3b79e2862f05250b5005 |
| SHA256 | 521fd670cbfd6e3c1c1838f22e844b0915e74c42431a01ac097b70e6bdd658f4 |
| SHA512 | cb42c45f3e858b078b42a81e22872fea03fff04d8dc64386fccba5f36fbac3b6ae984c732f1cc7fe29caf27fef73b7f881e4e40e6313a3574429fd3250e0901a |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | ff4b32d2d09223dda8ddc90fb9a9b3a7 |
| SHA1 | cb5b6829e86c4aa55689c0d24961ecfb469f13ad |
| SHA256 | 7f720c22ed43228804eb3913af85406478268a04b13d700f0f422ec04767d763 |
| SHA512 | da2718c827e70c00147b2a0e4a46798bda44d18ead87ecf8703d08022ef37c82d1867c6325d69ba63f15e4b298dcf323afba7a8b11bae878f587222d88a17ed2 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 672fdff15a306e013b0683e8ca1c9217 |
| SHA1 | 52e37fa8c89977bbb9aa0b79dd4379551f2c08e8 |
| SHA256 | 85ea1067c5de063e5a38657a831e67b25fb55e7da49bb854676e039d061c7c30 |
| SHA512 | d6f46ea993d7465d5ad7024fa7457834069eb32cc438d4dec26e97904998ba3d090d83f695c280880642a4899d0933fa0c3fbf09c756d5bacce0b2f826f58227 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | be01f8c1d86d272256ea05291755cde1 |
| SHA1 | b61ae6bfd2c0e724192f5519f1f1e1b4b033da5f |
| SHA256 | 27b4923cc6fc7b0938a1f100cd13817f8c5f1bbc3deefc11d231645f256f33c1 |
| SHA512 | a4e68db6abd10d8b6e590079006d12f93adb805a7e0e9ada753023e5fa215f335e3bf57a1e367b8b1eb023513fcbee7d4865a065bc53d7b7236ea80c523e6c03 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 1ce3ea6b9e2068f2e748c955669759d4 |
| SHA1 | 2cf8e2be79c4ec5cd96e60724f5908ed32147a2a |
| SHA256 | 4a0202c8224c87027ac27546a16fcbffd6a701923a0d87df2df08c87cd0ddbf9 |
| SHA512 | 2dd86e7aa18c6875a38e8095f00e33184585446b1f94f0f03d32780ecd6a797e3ebf2b642a45bea7342a0275421ce54246e9103ae9c40646f581c1fdd80219c0 |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 6c5004b31039c95d04120eb49732c04e |
| SHA1 | 746f7431ed0838ed0bd397e9ee4b6117ddd7dfcc |
| SHA256 | 94957e650b8469a9ef2d1a87160187576a83b56eaf066d5adc6ce5b22f082187 |
| SHA512 | 4bd3d879347cb002180eaee694b84e1107c640c07476f4f36057b1601418c16a2aa3fa4157a8c5b1af93772d75049018b44c106f8881cd19310acf09ad31ccbd |
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 19d07675a96a08d0531a28f87c15041b |
| SHA1 | 18a5fe6d21328a9e79a484b35a9852dbe0e0e64c |
| SHA256 | 1eade926e09bcc22f5b106579ce57bf257b646cb04bff2cd35eea8d9bfecd5ac |
| SHA512 | 31d383559eb0f57196c199d8d2fb28cfd67f44feae5429a74c4bde57920cfe3f57dbb84e2203c91d66b65f05993acdd0e21a5df1fea13fe6c24ea929458fbe9f |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | ccb3c9016ad47cc749ba2e5a10d7fef6 |
| SHA1 | 20f8a905240262823de646949d244e001e9426d4 |
| SHA256 | c86f74378dd1711a320c80c3a1443d0b666d20e080a226df1bdeeae873ec7f97 |
| SHA512 | 3037bb5fdfa22c50df22f07004a7b91cad0e85385c7da255ba7c8f0ae70ac20e942b060536ff20a75441eec2d02b9ddf6116edcb0a1fba9bf95c7f4812b0df7b |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | afb4516a414052edc55e47c7c2babca6 |
| SHA1 | d3cbb51f9cc99c107284139573e6256bc359285b |
| SHA256 | 19e92356c6920750b491550b3a8266cac82eae427ad5490ef3e03b5c9b5fb2d7 |
| SHA512 | 3184c548f3051f70528287359f6b948209444c822f79d6574f7e055c5716a91985a54cd64289f4a8b92c00ff1151aa4357341c6298800dbd6496d5ff176866e7 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 986514c80ca072d1921b2ef6d2d80cb3 |
| SHA1 | 4a2e1850cdb2e016d44cc621390635c7e17fd759 |
| SHA256 | 62adb9d1cecbd1c904826243a1d1c7a61141ab3c705e4315e64310648304c331 |
| SHA512 | f3282611bff241400d0d4838e72d24ed6df728794c636614073c7897b102e2dfa6e90dc8e79c6a68997426c9ae9d12a4cea02de2c67cfbf8131ee001f65a2403 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 1605241a3b589821e57c78f3d1b840f8 |
| SHA1 | f9704396e74b4c08aaab6bf1cfd44a780723b83a |
| SHA256 | ff5cb1c0e2744471e193a167708f7b0dec13eeb3417585993335e97cc12c26db |
| SHA512 | baf73da9fc132f3c196048eb69860cf3488e5f869cda2a15662c6cc25a239fc1f87633159654c58b9ff1199f1feee24116349d99fef0dd3244257c57024bcd65 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | fc08c68ad937f4725bb8174a5d7f07c4 |
| SHA1 | 6c0417b0023831a0fd0fcaab30196dfdd1159fa1 |
| SHA256 | a129ad53a0499c7490a020fdb1996508bbbc973a340bb4e3fca1f31250d76c3a |
| SHA512 | b350c42d57d5b388a5bace651b328ba9127aaad923000003540132bc571f939bad69e633965f802661db178034964f12db030106db1aeb476a94876ac78ead14 |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 6f0feee6bd9a597075d7cd7725ee4e8b |
| SHA1 | 7790ca9198b234e699e1af6a2c8883bcd6f6e35e |
| SHA256 | 2b0912a88885c1ab6767452477d27a1e501869b6263c8114f3144142aa48fe87 |
| SHA512 | fb4243f26be18b12f12ad5a7aeba26a4d97a350da6d85b5c9990dc919b17016806c8a0f5b62a3f7e75876f0963fc89b679e8fe9744b2e16be0cf5dd3bcfa0fdc |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 276968fddaf71989846554e52046e98c |
| SHA1 | 995b8a50d41232d685ba05aac61ef2c529e2be0f |
| SHA256 | c665b406b92cea6ee6b872658eccf501c49de9f8bb72738a9d433808445738d1 |
| SHA512 | 0bb21d63f91615d738cfa06ef159c76e3cb58a92589d1b5318d197b2bb30ea445594b55ff5a218fe92e67582e039eaa24c768c0496e1f7f7eaf685e60b0876bb |
C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.key-KVUPDXXVVQTS.0xcc259f90d1e2b
| MD5 | 112e8b575026b23a0d26beed2eb2ef81 |
| SHA1 | a1efcd205575d9eeddd80aa9d27f53cbd152622e |
| SHA256 | d46a2a8598cfa545aa50d87d2f9bc665a97bf3438bb6e0b2bcd03c64e7fa0d63 |
| SHA512 | 88072b909108be05df4836aa10d87892ec9db183263fac02db282d3f1a9cecd6422015020ec120886dc51a7c3f286281455f6fde542893cb34187c90fb9be81c |