Analysis
-
max time kernel
600s -
max time network
530s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
19-11-2024 02:34
General
-
Target
EliteOptimizer.rar
-
Size
189.5MB
-
MD5
8928d75e505886726469f77f4782ae94
-
SHA1
060d0cb98950dda87b5b0f64bb4160ba3ad24f07
-
SHA256
376c01cb99de2b3a737c091b33ccebb569c54d43f85f4b3aa4f855776e1cf72b
-
SHA512
2af4303b43bca06f540845d1e34e085553b8a9eb84e45801a665ced7cde07e2be94822c8b6eba59b93122197dd272fb5155799e6625f2a96190d76d23f30824e
-
SSDEEP
3145728:OVjnONrbwYmUznd70jRIeXpbHRxSBye9fNykKmk6dzNUqDEpsxjDoVH/decKw10S:UzZ/UqpbHRx6ye9g0dzzD598VTCKgYDl
Score
9/10
Malware Config
Signatures
-
Modifies boot configuration data using bcdedit 12 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 50 IoCs
-
Possible privilege escalation attempt 2 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Enumerates connected drives 3 TTPs 54 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
-
Maps connected drives based on registry 3 TTPs 64 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 7 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\EliteOptimizer.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\EliteOptimizer\EliteOptimizer.exe"C:\Program Files (x86)\EliteOptimizer\EliteOptimizer.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\onefile_3228_133764577496281518\EliteOptimizer.exe"C:\Program Files (x86)\EliteOptimizer\EliteOptimizer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\EliteOptimizer\EliteServer.exe"C:\Program Files (x86)\EliteOptimizer\EliteServer.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\onefile_6044_133764577559562649\EliteServer.exe"C:\Program Files (x86)\EliteOptimizer\EliteServer.exe"4⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\EliteOptimizer\EliteConfigurator.exe"C:\Program Files (x86)\EliteOptimizer\EliteConfigurator.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\onefile_6020_133764577559875300\EliteConfigurator.exe"C:\Program Files (x86)\EliteOptimizer\EliteConfigurator.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v MaintenanceDisabled /t REG_DWORD /d 1 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Maintenance" /v MaintenanceDisabled /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ScheduledDiagnostics" /v EnabledExecution /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ScheduledDiagnostics" /v EnabledExecution /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics" /v EnabledExecution /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics" /v EnabledExecution /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v DisplayParameters /t REG_DWORD /d 1 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v DisplayParameters /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v AutoReboot /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v AutoReboot /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v LogEvent /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v LogEvent /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAutorun /t REG_DWORD /d 1 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAutorun /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main" /v Autorun /t REG_DWORD /d 0 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main" /v Autorun /t REG_DWORD /d 0 /f6⤵
- Modifies Internet Explorer settings
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAutoplayfornonVolume /t REG_DWORD /d 1 /f"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v NoAutoplayfornonVolume /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DontSetAutoplayCheckbox /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DontSetAutoplayCheckbox /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes" /v AppsUseLightTheme /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes" /v AppsUseLightTheme /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v SystemUsesLightTheme /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v SystemUsesLightTheme /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v EnableBlurBehind /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v EnableBlurBehind /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v UseOLEDTaskbarTransparency /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v UseOLEDTaskbarTransparency /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v MinAnimate /t REG_SZ /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v MinAnimate /t REG_SZ /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v MaxAnimate /t REG_SZ /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics" /v MaxAnimate /t REG_SZ /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v Value /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowWiFiHotSpotReporting" /v Value /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v Value /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WiFi\AllowAutoConnectToWiFiSenseHotspots" /v Value /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v AutoConnectAllowedOEM /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v AutoConnectAllowedOEM /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v WiFISenseAllowed /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config" /v WiFISenseAllowed /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultitaskingView\AllUpView" /v Value /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultitaskingView\AllUpView" /v Value /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultitaskingView\AllUpView" /v "Remove TaskView" /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MultitaskingView\AllUpView" /v "Remove TaskView" /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableCursorSuppression /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableCursorSuppression /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v EnableMmx /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v EnableMmx /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v DisableThirdPartySuggestions /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CloudContent" /v DisableThirdPartySuggestions /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v DisableAutoplay /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers" /v DisableAutoplay /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppV\CEIP" /v CEIPEnable /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppV\CEIP" /v CEIPEnable /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows" /v CEIPEnable /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows" /v CEIPEnable /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v CEIPEnable /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows" /v CEIPEnable /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM" /v OptIn /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VSCommon\15.0\SQM" /v OptIn /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\NVIDIA Corporation\Global\NvCplApi\Policies" /v ContextUIPolicy /t REG_DWORD /d 2 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\NVIDIA Corporation\Global\NvCplApi\Policies" /v ContextUIPolicy /t REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "curl -g -k -L -# -o "C:\ExplorerBlurMica.dll" "https://raw.githubusercontent.com/mosol1/Elite/main/ExplorerBlurMica.dll""5⤵
-
C:\Windows\system32\curl.execurl -g -k -L -# -o "C:\ExplorerBlurMica.dll" "https://raw.githubusercontent.com/mosol1/Elite/main/ExplorerBlurMica.dll"6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "regsvr32 "C:\ExplorerBlurMica.dll" /s"5⤵
-
C:\Windows\system32\regsvr32.exeregsvr32 "C:\ExplorerBlurMica.dll" /s6⤵
- Modifies registry class
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM explorer.exe"5⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM explorer.exe6⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "start explorer.exe"5⤵
-
C:\Windows\explorer.exeexplorer.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /deletevalue useplatformclock"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /deletevalue useplatformclock6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set useplatformtick yes"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set useplatformtick yes6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set disabledynamictick Yes"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set disabledynamictick Yes6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set bootmenupolicy Legacy"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set bootmenupolicy Legacy6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set bootux disabled"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set bootux disabled6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set hypervisorlaunchtype off"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set hypervisorlaunchtype off6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set quietboot yes"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set quietboot yes6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set tscsyncpolicy Enhanced"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set tscsyncpolicy Enhanced6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /timeout 0"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /timeout 06⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set quietboot yes"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set quietboot yes6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "bcdedit /set x2apicpolicy Enable"5⤵
-
C:\Windows\system32\bcdedit.exebcdedit /set x2apicpolicy Enable6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "BCDEDIT /set MSI Default"5⤵
-
C:\Windows\system32\bcdedit.exeBCDEDIT /set MSI Default6⤵
- Modifies boot configuration data using bcdedit
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "powershell Set-ExecutionPolicy Unrestricted"5⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Set-ExecutionPolicy Unrestricted6⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_DSEBehavior" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_DSEBehavior" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_DXGIHonorFSEWindowsCompatible" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_EFSEFeatureFlags" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_EFSEFeatureFlags" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_Enabled" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehavior" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_FSEBehaviorMode" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\System\GameConfigStore" /v "GameDVR_HonorUserFSEBehaviorMode" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\GameDVR" /v "AllowGameDVR" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\ApplicationManagement\AllowGameDVR" /v "value" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /V "1806" /T "REG_DWORD" /D "00000000" /F"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /V "1806" /T "REG_DWORD" /D "00000000" /F6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /V "1806" /T "REG_DWORD" /D "00000000" /F"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" /V "1806" /T "REG_DWORD" /D "00000000" /F6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "fsutil behavior set PrefetchParameters 1"5⤵
-
C:\Windows\system32\fsutil.exefsutil behavior set PrefetchParameters 16⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain" /v "Start" /t REG_DWORD /d 2 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain" /v "Start" /t REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnableBoottrace" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnableBoottrace" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "SfTracingState" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters" /v "SfTracingState" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall" /v DisableDeviceInstall /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall" /v DisableDeviceInstall /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall" /v DisableSendRequestAdditionalSoftware /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall" /v DisableSendRequestAdditionalSoftware /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "AlwaysOn" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "AlwaysOn" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "LazyModeTimeout" /t REG_DWORD /d "150000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "LazyModeTimeout" /t REG_DWORD /d "150000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "NoLazyMode" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "NoLazyMode" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile" /v "SystemResponsiveness" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "GPU Priority" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "GPU Priority" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Latency Sensitive" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Latency Sensitive" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Priority" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Priority" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Priority" /t REG_DWORD /d "5" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Priority" /t REG_DWORD /d "5" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Capture" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "BackgroundPriority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "BackgroundPriority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "GPU Priority" /t REG_DWORD /d "12" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "GPU Priority" /t REG_DWORD /d "12" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Latency Sensitive" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Latency Sensitive" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Latency Sensitive" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\DisplayPostProcessing" /v "Latency Sensitive" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority When Yielded" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Distribution" /v "Priority When Yielded" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Background Only" /t REG_SZ /d "False" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Background Only" /t REG_SZ /d "False" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "BackgroundPriority" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "BackgroundPriority" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Clock Rate" /t REG_DWORD /d "14096" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Clock Rate" /t REG_DWORD /d "14096" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Latency Sensitive" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Latency Sensitive" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Priority" /t REG_DWORD /d "6" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Priority" /t REG_DWORD /d "6" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Games" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Latency Sensitive" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Latency Sensitive" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Scheduling Category" /t REG_SZ /d "Medium" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "Scheduling Category" /t REG_SZ /d "Medium" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "GPU Priority" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Low Latency" /v "GPU Priority" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Background Only" /t REG_SZ /d "False" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Background Only" /t REG_SZ /d "False" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "BackgroundPriority" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "BackgroundPriority" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Clock Rate" /t REG_DWORD /d "12000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Clock Rate" /t REG_DWORD /d "12000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Latency Sensitive" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Latency Sensitive" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Pro Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Playback" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Affinity" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Affinity" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Background Only" /t REG_SZ /d "True" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Background Only" /t REG_SZ /d "True" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Clock Rate" /t REG_DWORD /d "10000" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "GPU Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Priority" /t REG_DWORD /d "8" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Priority" /t REG_DWORD /d "8" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "Scheduling Category" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Multimedia\SystemProfile\Tasks\Windows Audio" /v "SFIO Priority" /t REG_SZ /d "High" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsAll" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsAll" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "GameFluidity" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "GameFluidity" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsStatusGames" /t REG_DWORD /d "16" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsStatusGames" /t REG_DWORD /d "16" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsStatusGamesAll" /t REG_DWORD /d "4" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\SOFTWARE\Microsoft\Games" /v "FpsStatusGamesAll" /t REG_DWORD /d "4" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg.exe add "HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter" /v "ActivationType" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg.exe add "HKLM\Software\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter" /v "ActivationType" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v EnableSmartScreen /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" /v EnableSmartScreen /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v ContentEvaluation /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeREG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v ContentEvaluation /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v EnabledV9 /t REG_DWORD /d 0 /f6⤵
- Modifies registry class
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost" /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere" /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v ConfigureAppInstallControl /t REG_SZ /d "Anywhere" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "REG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v ConfigureAppInstallControlEnabled /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeREG ADD "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SmartScreen" /v ConfigureAppInstallControlEnabled /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "takeown /s %computername% /u %username% /f "%WinDir%\System32\smartscreen.exe""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\takeown.exetakeown /s OZYSBZXK /u Admin /f "C:\Windows\System32\smartscreen.exe"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "icacls "%WinDir%\System32\smartscreen.exe" /grant:r %username%:F"5⤵
-
C:\Windows\system32\icacls.exeicacls "C:\Windows\System32\smartscreen.exe" /grant:r Admin:F6⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /im smartscreen.exe /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\taskkill.exetaskkill /im smartscreen.exe /f6⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "del "%WinDir%\System32\smartscreen.exe" /s /f /q"5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /v SaveZoneInformation /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex" /v "RespectPowerModes" /t REG_SZ /d "1" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex" /v "RespectPowerModes" /t REG_SZ /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ForegroundLockTimeout /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ForegroundLockTimeout /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize" /v "StartupDelayInMSec" /t "REG_DWORD" /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableApplicationSettingSync" /T REG_DWORD /d 2 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableApplicationSettingSync" /T REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableAppSyncSettingSync" /T REG_DWORD /d 2 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableAppSyncSettingSync" /T REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableWebBrowserSettingSync" /T REG_DWORD /d 2 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableWebBrowserSettingSync" /T REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableDesktopThemeSettingSync" /T REG_DWORD /d 2 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableDesktopThemeSettingSync" /T REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableSettingSync" /T REG_DWORD /d 2 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableSettingSync" /T REG_DWORD /d 2 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableSyncOnPaidNetwork" /T REG_DWORD /d 1 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync" /V "DisableSyncOnPaidNetwork" /T REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAcrylicOpacity" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "TaskbarAcrylicOpacity" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "ColorPrevalence" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "ColorPrevalence" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "EnableTransparency" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "SearchOnTaskbarMode" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v "SearchOnTaskbarMode" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338389Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-314563Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-314563Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-310093Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353698Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338393Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353696Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353696Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353694Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-353694Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338388Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SubscribedContent-338387Enabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SilentInstalledAppsEnabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SystemPaneSuggestionsEnabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "SoftLandingEnabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenEnabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenEnabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenOverlayEnabled" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenOverlayEnabled" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\GameBar" /v "AllowAutoGameMode" /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\GameBar" /v "AllowAutoGameMode" /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_CURRENT_USER\Software\Microsoft\GameBar" /v "AutoGameModeEnabled" /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Software\Microsoft\GameBar" /v "AutoGameModeEnabled" /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v EnableAeroPeek /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v EnableAeroPeek /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v Blur /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v Blur /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v CompositionPolicy /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v CompositionPolicy /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DWM" /v DisallowComposition /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DWM" /v DisallowComposition /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v DwmUseDetailTexture /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\DWM" /v DwmUseDetailTexture /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v DisallowAnimations /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v DisallowAnimations /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v DisableAccentGradient /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v DisableAccentGradient /t REG_DWORD /d 1 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v Composition /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWM" /v Composition /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v DwmInputUsesIoCompletionPort /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v DwmInputUsesIoCompletionPort /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v EnableDwmInputProcessing /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v EnableDwmInputProcessing /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "cd "C:\Program Files (x86)\EliteOptimizer\resources""5⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "High Precision Event Timer""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "High Precision Event Timer"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft GS Wavetable Synth""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft GS Wavetable Synth"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft RRAS Root Enumerator""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft RRAS Root Enumerator"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Legacy device""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Legacy device"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Numeric Data Processor""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Numeric Data Processor"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "System Timer""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "System Timer"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel Management Engine""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel Management Engine"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel Management Engine Interface""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel Management Engine Interface"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel SMBus""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Intel SMBus"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Amdlog""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Amdlog"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "AMD PSP""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "AMD PSP"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft Virtual Drive Enumerator""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft Virtual Drive Enumerator"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft Hyper-V Virtualization Infrastructure Driver""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Microsoft Hyper-V Virtualization Infrastructure Driver"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Remote Desktop Device Redirector Bus""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Remote Desktop Device Redirector Bus"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "NDIS Virtual Network Adapter Enumerator""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "NDIS Virtual Network Adapter Enumerator"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IP)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IP)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IKEv2)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IKEv2)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IPv6)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (IPv6)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (L2TP)""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (L2TP)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (PPPOE)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (PPPOE)"6⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (PPTP)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (PPTP)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (SSTP)""5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (SSTP)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (Network Monitor)""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "WAN Miniport (Network Monitor)"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "UMBus Root Bus Enumerator""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "UMBus Root Bus Enumerator"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Composite Bus Enumerator""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "Composite Bus Enumerator"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "SM Bus Controller""5⤵
-
C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe"C:\Program Files (x86)\EliteOptimizer\resources\DevManView.exe" /disable "SM Bus Controller"6⤵
- Enumerates connected drives
- Maps connected drives based on registry
- Checks SCSI registry key(s)
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "POWERSHELL "$Devices = Get-PnpDevice | ? Status -eq Unknown;foreach ($Device in $Devices) { &\"pnputil\" /remove-device $Device.InstanceId }""5⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePOWERSHELL "$Devices = Get-PnpDevice | ? Status -eq Unknown;foreach ($Device in $Devices) { &\"pnputil\" /remove-device $Device.InstanceId }"6⤵
-
C:\Windows\system32\pnputil.exe"C:\Windows\system32\pnputil.exe" /remove-device SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&0000017⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\pnputil.exe"C:\Windows\system32\pnputil.exe" /remove-device SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&0000027⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\pnputil.exe"C:\Windows\system32\pnputil.exe" /remove-device {8E7BD593-6E6C-4C52-86A6-77175494DD8E}\MSVHDHBA\1&3030E83&0&017⤵
- Drops file in Windows directory
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\Policy" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\Policy" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\SpecialResources" /v "Microsoft.Cortana_8wekyb3d8bbwe" /t REG_DWORD /d "1600" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\SpecialResources" /v "Microsoft.Cortana_8wekyb3d8bbwe" /t REG_DWORD /d "1600" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\SpecialResources" /v "Microsoft.Windows.Cortana_cw5n1h2txyewy" /t REG_DWORD /d "1600" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\BackgroundModel\SpecialResources" /v "Microsoft.Windows.Cortana_cw5n1h2txyewy" /t REG_DWORD /d "1600" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe" /v "UseLargeWorkingSetTrim" /t REG_DWORD /d "1" /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "MinimumStackCommitInBytes" /t REG_DWORD /d 32768 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "MinimumStackCommitInBytes" /t REG_DWORD /d 32768 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "CpuPriorityClass" /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "CpuPriorityClass" /t REG_DWORD /d 1 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "IoPriority" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe\PerfOptions" /v "IoPriority" /t REG_DWORD /d 0 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SCMConfig" /v "EnableSvchostMitigationPolicy" /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SCMConfig" /v "EnableSvchostMitigationPolicy" /t REG_DWORD /d 0 /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_UserInControlOfTheseApps" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_UserInControlOfTheseApps" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_ForceAllowTheseApps" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_ForceAllowTheseApps" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_ForceDenyTheseApps" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground_ForceDenyTheseApps" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /d "1" /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /d "1" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKLM\Software\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKLM\Software\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Policies\Mozilla\Firefox" /v "HardwareAcceleration" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Policies\Mozilla\Firefox" /v "HardwareAcceleration" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Policies\Google\Chrome" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\SOFTWARE\Policies\Microsoft\Edge" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\Software\Policies\BraveSoftware\Brave" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\Software\Policies\BraveSoftware\Brave" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe Add "HKLM\Software\Policies\Opera" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe Add "HKLM\Software\Policies\Opera" /v "HardwareAccelerationModeEnabled" /t REG_DWORD /d "0" /f6⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EADesktop.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EADesktop.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QtWebEngineProcess.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QtWebEngineProcess.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QtWebEngineProcess.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QtWebEngineProcess.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamwebhelper.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamwebhelper.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamservice.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamservice.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamwebhelper.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steamwebhelper.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EABackgroundService.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EABackgroundService.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 1 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EABackgroundService.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f"5⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV16⤵
-
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EABackgroundService.exe\PerfOptions" /v IoPriority /t REG_DWORD /d 0 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Battle.net.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Battle.net.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "Reg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Steam.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f"5⤵
-
C:\Windows\system32\reg.exeReg.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Steam.exe\PerfOptions" /v CpuPriorityClass /t REG_DWORD /d 5 /f6⤵
- Event Triggered Execution: Image File Execution Options Injection
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add "HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl" /v "Win32PrioritySeparation" /t REG_DWORD /d "38" /f"5⤵
-
C:\Windows\system32\reg.exereg add "HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl" /v "Win32PrioritySeparation" /t REG_DWORD /d "38" /f6⤵
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg query "HKCU\SOFTWARE\EliteOptimizer\Tweaks" /s"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\reg.exereg query "HKCU\SOFTWARE\EliteOptimizer\Tweaks" /s4⤵
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic os get Version3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic cpu get Name,CurrentClockSpeed,L2CacheSize,L3CacheSize,Description,Caption,Manufacturer /format:list3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\Wbem\wmic.exewmic PATH Win32_VideoController GET AdapterRAM3⤵
-
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
2KB
MD565d22b92a6e7f2fd6ce53150d5d91c0d
SHA1cac5a638479f7d8bd7de5aefbdbac280251e43af
SHA256cf65c8506f8eb6d9b446773063a1f405d7ac4c557a898d276cfc1b873fe0e8e1
SHA512278be664123aaa0ab2039546a871f7ddaaef225fbced7069fbc603ba7322c97cf2df9619eafe2bf03211df7da7b37e311601a056a364282b8950e6a391c20ead
-
Filesize
4KB
MD51f5afe4b9459ece525e12f514e3d8a18
SHA17ebb25ed6a1f86d4d75bb69c6e8380764650ef65
SHA25630901bf57ba6fc05ea648174e284ab0d6c8158e68faa22fb44c43d3d2d0fc469
SHA5126fddbf17183db2af7b7c15cebdb4d07ec118983c253d81b7ee1233aa3c739c10722f13b83eda058290661b1113003cbe53b6a4ed72fdf8dfda01de549cf0218e
-
Filesize
17KB
MD5bed26505537b3e66066ab3645c87a2ce
SHA15adc6e64e8fe7312dee4ee5762f99897a984b9d8
SHA256c3af75aad29168581f17eb8ed749f73dd15e1975d773d14debf2ade0f3c94da6
SHA5128ca15f4d9d6716192def95256a06706220e197d77ad6875ead6baab6a5018bd76e5aa9b34a3dcb9469c1619346fe4a9f5bcd20f4aa05f5e925279cd3f8e08bfe
-
Filesize
7KB
MD5cdbe87597576398d667476b0489faf99
SHA10e316ba500a7c862c34b3f55f6e930630867148b
SHA2565785bbafb773384874e5bc67cb70f4af6f03ea5d495b5717a2c03e73325c0565
SHA512d3b359971365c604b6774ef24c57c6a171827835b1c207e2f624f13f2edf34d6a377b90c5a8a1ec4e817c250e189cae83b6aa1993530e02d9c13c7a1d84ea81f
-
Filesize
17KB
MD56b208ded84ae1b287fbfd7d19f50219a
SHA1fc75d7fac3366a9f721eb4d2fb9dd2f7fa786ce4
SHA256d8c6395b63d9ec222299120ad33690c54bb15b6f1294c3f4eadaee606e961aae
SHA512f7cf6ec7a4da4ebe175a105615069b0ea26ccd471c017fcb7470b1cd2f201cce1a2a8cad95f3e763e0d63e3de208f8d17b0165a5f77c6647874118a5e597b79d
-
Filesize
10KB
MD5069c37bf9e39b121efb7a28ece933aee
SHA1eaef2e55b66e543a14a6780c23bb83fe60f2f04d
SHA256485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8
SHA512f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796
-
Filesize
10KB
MD5eed640164203d0d0a2a1e7919a6fdbdf
SHA19af74121e090cf2970beee82d22ef4ebb886c0ae
SHA2564ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae
SHA5121bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d
-
Filesize
251KB
MD57ae94f5a66986cbc1a2b3c65a8d617f3
SHA128abefb1df38514b9ffe562f82f8c77129ca3f7d
SHA256da8bb3d54bbba20d8fa6c2fd0a4389aec80ab6bd490b0abef5bd65097cbc0da4
SHA512fbb599270066c43b5d3a4e965fb2203b085686479af157cd0bb0d29ed73248b6f6371c5158799f6d58b1f1199b82c01abe418e609ea98c71c37bb40f3226d8c5
-
Filesize
64KB
MD5911d7552870c5d1ffa646326ab760d38
SHA1c6d90ef0540f16e0c0112801ff57325d676d2946
SHA256f91d38d865378a120f76596c90e79f6ba57fcf3c39dedb99098e597d9b577256
SHA51244fbba9cfe5ae64b440751145c7497588c19cc038838c9e046a328682f100d7f45bd9c914fb8e1d462cf105628767ed308bbc19cdbcc5b0afe74621bccc81d4d
-
Filesize
14KB
MD57cff63d632a7024e62db2a2bce9a1b24
SHA16a0bc8add112cc66ee4fd1c907f2f7e49b6bd1cf
SHA256df8ba0c5b50ca3b5c0b3857f926118efbeb9744b8f382809858ba426bf4a2268
SHA5123fc02cb3bbd71b75bdc492dc2c89c9d59839aa484cfaff3fd6537ae8bb3427969cd9ef90978f5cb25a87af8d2cae96e2184fdc59115e947a05aa9e0378807227
-
Filesize
4KB
MD505eb3947ce9a8c3bef66c14d0f938671
SHA106ffc811ee51609809d88894022e222b339aefee
SHA256c9417470c16ced7a43d6c4a8e027afa6edc62c24d5aee7c4c2dcd11385964d3b
SHA5124db7c14fba78185edf6459016608cb8fa0a250dfb48432c552bb4e0466cf49622b34d847e17c254bb1c8d15bf365e91bce3ede552ba8733fde9d21779f7f1c13
-
Filesize
774KB
MD54ff168aaa6a1d68e7957175c8513f3a2
SHA1782f886709febc8c7cebcec4d92c66c4d5dbcf57
SHA2562e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950
SHA512c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3
-
Filesize
15KB
MD506399d9b7b75206a86a9de42d71d4bce
SHA140d36ded4b40f125d5885a7288cbd0e02b43bd1b
SHA25608bcfc9349a9bccf9d80b3f47921e91981e6f2c8651b15e80a29c0d76ce01ec6
SHA512337f93f3f16445540d0986a8149ecc27f51ff170621c8a4ccafd030fe642a4c78aa08ee09682e83c8fcf30b38701db391bc9dd9facb130f5e9ecf5b2c04477c9
-
Filesize
4.0MB
MD5771534b138a85927974d5c03403ac80b
SHA1dcb422720c3b2fb8cbd39839078a5396ae0fc541
SHA25691cb793590f15e62172b6b7f75c5998f0fd3f7a6d14aa5540a3f4ca015abc3e9
SHA51233841b6d0943a685b8ca6e7b860a514a28e7ad69476f155407d52d6eef450d3f3709cbb3e4947682839c1dbe4c10e1f3c0f5dc65742388177d20bfe08fd466b4
-
Filesize
212KB
MD54ee5cfb68e56a5ba61248ae92c60e8c0
SHA150f064a2cb91284130f99637d2756ac07af85b01
SHA256e3698280ff0c7769c1cdacf302688735cf4ab632989e1312d2a45747e79f5df2
SHA512b173c595a8f7d66000ae5bf88abc7d411a5af01c5ac2ef73a162199f2f77404654a7f08a9e3e2f3319f5002459cbcb953311641af525f627e077ebeb7240dc4f
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
116KB
MD5be8dbe2dc77ebe7f88f910c61aec691a
SHA1a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA2564d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA5120da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655
-
Filesize
83KB
MD530f396f8411274f15ac85b14b7b3cd3d
SHA1d3921f39e193d89aa93c2677cbfb47bc1ede949c
SHA256cb15d6cc7268d3a0bd17d9d9cec330a7c1768b1c911553045c73bc6920de987f
SHA5127d997ef18e2cbc5bca20a4730129f69a6d19abdda0261b06ad28ad8a2bddcdecb12e126df9969539216f4f51467c0fe954e4776d842e7b373fe93a8246a5ca3f
-
Filesize
122KB
MD55377ab365c86bbcdd998580a79be28b4
SHA1b0a6342df76c4da5b1e28a036025e274be322b35
SHA2566c5f31bef3fdbff31beac0b1a477be880dda61346d859cf34ca93b9291594d93
SHA51256f28d431093b9f08606d09b84a392de7ba390e66b7def469b84a21bfc648b2de3839b2eee4fb846bbf8bb6ba505f9d720ccb6bb1a723e78e8e8b59ab940ac26
-
Filesize
64KB
MD5a25bc2b21b555293554d7f611eaa75ea
SHA1a0dfd4fcfae5b94d4471357f60569b0c18b30c17
SHA25643acecdc00dd5f9a19b48ff251106c63c975c732b9a2a7b91714642f76be074d
SHA512b39767c2757c65500fc4f4289cb3825333d43cb659e3b95af4347bd2a277a7f25d18359cedbdde9a020c7ab57b736548c739909867ce9de1dbd3f638f4737dc5
-
Filesize
156KB
MD59e94fac072a14ca9ed3f20292169e5b2
SHA11eeac19715ea32a65641d82a380b9fa624e3cf0d
SHA256a46189c5bd0302029847fed934f481835cb8d06470ea3d6b97ada7d325218a9f
SHA512b7b3d0f737dd3b88794f75a8a6614c6fb6b1a64398c6330a52a2680caf7e558038470f6f3fc024ce691f6f51a852c05f7f431ac2687f4525683ff09132a0decb
-
Filesize
81KB
MD569801d1a0809c52db984602ca2653541
SHA10f6e77086f049a7c12880829de051dcbe3d66764
SHA25667aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3
SHA5125fce77dd567c046feb5a13baf55fdd8112798818d852dfecc752dac87680ce0b89edfbfbdab32404cf471b70453a33f33488d3104cd82f4e0b94290e83eae7bb
-
Filesize
174KB
MD590f080c53a2b7e23a5efd5fd3806f352
SHA1e3b339533bc906688b4d885bdc29626fbb9df2fe
SHA256fa5e6fe9545f83704f78316e27446a0026fbebb9c0c3c63faed73a12d89784d4
SHA5124b9b8899052c1e34675985088d39fe7c95bfd1bbce6fd5cbac8b1e61eda2fbb253eef21f8a5362ea624e8b1696f1e46c366835025aabcb7aa66c1e6709aab58a
-
Filesize
25KB
MD5d8c6d60ea44694015ba6123ff75bd38d
SHA1813deb632f3f3747fe39c5b8ef67bada91184f62
SHA2568ae23bfa84ce64c3240c61bedb06172bfd76be2ad30788d4499cb24047fce09f
SHA512d3d408c79e291ed56ca3135b5043e555e53b70dff45964c8c8d7ffa92b27c6cdea1e717087b79159181f1258f9613fe6d05e3867d9c944f43a980b5bf27a75ab
-
Filesize
36KB
MD5827615eee937880862e2f26548b91e83
SHA1186346b816a9de1ba69e51042faf36f47d768b6c
SHA25673b7ee3156ef63d6eb7df9900ef3d200a276df61a70d08bd96f5906c39a3ac32
SHA51245114caf2b4a7678e6b1e64d84b118fb3437232b4c0add345ddb6fbda87cebd7b5adad11899bdcd95ddfe83fdc3944a93674ca3d1b5f643a2963fbe709e44fb8
-
Filesize
5.0MB
MD5123ad0908c76ccba4789c084f7a6b8d0
SHA186de58289c8200ed8c1fc51d5f00e38e32c1aad5
SHA2564e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43
SHA51280fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
66KB
MD55eace36402143b0205635818363d8e57
SHA1ae7b03251a0bac083dec3b1802b5ca9c10132b4c
SHA25625a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2
SHA5127cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4
-
Filesize
6.6MB
MD5166cc2f997cba5fc011820e6b46e8ea7
SHA1d6179213afea084f02566ea190202c752286ca1f
SHA256c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546
SHA51249d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb
-
Filesize
655KB
MD5a2cc25338a9bb825237ef1653511a36a
SHA1433ded40bab01ded8758141045e3e6658d435685
SHA256698b9b005243163c245bfa22357b383e107a1d21a8c420d2ef458662e410422f
SHA5128d55d3f908e2407662e101238dacdbd84ae197e6e951618171deeac9cfb3f4cb12425212dbfd691a0b930da43e1a344c5004de7e89d3aec47e9063a5312fa74b
-
Filesize
131KB
MD526d752c8896b324ffd12827a5e4b2808
SHA1447979fa03f78cb7210a4e4ba365085ab2f42c22
SHA256bd33548dbdbb178873be92901b282bad9c6817e3eac154ca50a666d5753fd7ec
SHA51299c87ab9920e79a03169b29a2f838d568ca4d4056b54a67bc51caf5c0ff5a4897ed02533ba504f884c6f983ebc400743e6ad52ac451821385b1e25c3b1ebcee0
-
Filesize
30KB
MD57c14c7bc02e47d5c8158383cb7e14124
SHA15ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3
SHA25600bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5
SHA512af70cbdd882b923013cb47545633b1147ce45c547b8202d7555043cfa77c1deee8a51a2bc5f93db4e3b9cbf7818f625ca8e3b367bffc534e26d35f475351a77c
-
Filesize
1.7MB
MD51ddd4633814e91eb748c84647c526d19
SHA1c3c2561fd5f971e6487eafff151b2cb00f2eb1e3
SHA2561026c8c8eaaf3744f3ad8e80b4baa366e88aa0a048c0823838e39acef86ce964
SHA5122c9e64ca4edcd2ec0292b558f40feaa2da875deafd85945aac77e49d0b71e2280e020396f719fecca52afa66454d7a55aa9712113e8fcbbe30202c956bf7f552
-
Filesize
1KB
MD5e9117326c06fee02c478027cb625c7d8
SHA12ed4092d573289925a5b71625cf43cc82b901daf
SHA256741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52
-
Filesize
1.5MB
MD54a740c514fb3b3dfb3d9d20fb57872c5
SHA111bea1a884fa01146190c6cae45fdc5f27fc8adc
SHA25659e2a8784bdbd35b4bf8e688690e2672b6b5d652cc063ba19661eff2715b8e13
SHA512fe2d1dcae5fca2901ca1bffecb0b6fa189a55d8fcc007ec1db379d40a5f47a87d08ee2e3e5f7fbf18d7d609d738c6d31a5a291cd08577d750ab2cc8c54f6491d
-
Filesize
1.1MB
MD5a8ed52a66731e78b89d3c6c6889c485d
SHA1781e5275695ace4a5c3ad4f2874b5e375b521638
SHA256bf669344d1b1c607d10304be47d2a2fb572e043109181e2c5c1038485af0c3d7
SHA5121c131911f120a4287ebf596c52de047309e3be6d99bc18555bd309a27e057cc895a018376aa134df1dc13569f47c97c1a6e8872acedfa06930bbf2b175af9017
-
Filesize
48KB
MD5f8dfa78045620cf8a732e67d1b1eb53d
SHA1ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371
-
Filesize
130KB
MD53a80fea23a007b42cef8e375fc73ad40
SHA104319f7552ea968e2421c3936c3a9ee6f9cf30b2
SHA256b70d69d25204381f19378e1bb35cc2b8c8430aa80a983f8d0e8e837050bb06ef
SHA512a63bed03f05396b967858902e922b2fbfb4cf517712f91cfaa096ff0539cf300d6b9c659ffee6bf11c28e79e23115fd6b9c0b1aa95db1cbd4843487f060ccf40
-
Filesize
143KB
MD5c04a1ec01ca28803bb5cd7230bd40e86
SHA135f18aca58e6749029a65e598780cd41efcd5b3b
SHA256acfa5dbb606aada439fa2bca317d023725cbbd5b5f111fbd61a488d449966845
SHA512756545e218ca384da40f973d38510486a3889e8b7c4e0c304c91158e89ebc7aeca66f9e0ef54027700cd311d27b1f23b2f5eb07089f8da649950e43a555e1cf3
-
Filesize
79.6MB
-
Filesize
79.6MB
-
Filesize
79.6MB
-
Filesize
79.6MB
-
Filesize
79.6MB
-
Filesize
16.0MB
-
Filesize
168KB
-
Filesize
1024KB
-
Filesize
16.0MB
-
Filesize
76.3MB
-
Filesize
136KB
-
Filesize
16.0MB
-
Filesize
16.0MB