Analysis
-
max time kernel
241s -
max time network
286s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
20-11-2024 10:51
General
-
Target
VTRL.exe
-
Size
5.5MB
-
MD5
ce30bc18638aa4cc62e39989c24727b6
-
SHA1
118527d0bd5ff33fc0e6cbdf728b6607dd0d6f68
-
SHA256
6a57f62fc52d3db1a5a2a3ba4eb4bfaf76ce7b7e589b0f15d924700adade078a
-
SHA512
8a430eb9a8272e6a311c73f119ffd129993e1171920c987af43804e8c63028f5c69a8efc95618ee7639d0be2dcdd9796cf178fa6e59970443f7477dc051e3df5
-
SSDEEP
49152:xPKuSAUsUZSjd7qlfr+cyTSxgRKUOt/JrqnDOIEanGBTSFLo+nGbeHme+APyTcne:JKjITTSREzAso+aYyOw8HZ04X8
Score
9/10
Malware Config
Signatures
-
Clears Windows event logs 1 TTPs 64 IoCs
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
-
Possible privilege escalation attempt 2 IoCs
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 24 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs
Using powershell.exe command.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
-
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Checks system information in the registry 2 TTPs 12 IoCs
System information is often read in order to detect sandboxing environments.
-
Detected potential entity reuse from brand MICROSOFT.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 17 IoCs
-
Hide Artifacts: Ignore Process Interrupts 1 TTPs 6 IoCs
Command interpreters often include specific commands/flags that ignore errors and other hangups.
-
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 5 IoCs
-
NTFS ADS 1 IoCs
-
Runs .reg file with regedit 3 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 57 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 24 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\VTRL.exe"C:\Users\Admin\AppData\Local\Temp\VTRL.exe"1⤵
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a7874d9-a183-4eb4-b62b-41d0e8a04b51} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92edff6-d499-4cf7-9cd3-fc81c452dc4f} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3076 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb4aec5-1110-4552-8002-4572f8f14660} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4304 -childID 2 -isForBrowser -prefsHandle 4296 -prefMapHandle 4292 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c120b71-431e-4ce9-8230-64a3c50912f0} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4872 -prefMapHandle 4864 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29f8ea1d-3d3c-4fea-ae39-e61e1890b398} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5228 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a824e581-9836-4ea6-941e-b2f12528dd6c} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de22b1bc-4313-44a9-90db-f1de9e32a588} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 5 -isForBrowser -prefsHandle 5304 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67040ab5-b31d-4c71-8c04-43a845acb173} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 6 -isForBrowser -prefsHandle 6000 -prefMapHandle 5996 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1ae74b-6107-4d67-a922-a7a0b5cd5776} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6120 -childID 7 -isForBrowser -prefsHandle 2732 -prefMapHandle 4504 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4568d307-6756-4af5-ad36-e3401e66475c} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6320 -childID 8 -isForBrowser -prefsHandle 4288 -prefMapHandle 1824 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbcd3c59-fedc-43cc-9a21-0b7c0bd74b92} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" tab3⤵
-
-
C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Temp\EUB5EB.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EUB5EB.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.35\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVCMjdFRjgtOURBMi00M0FGLUJGMEMtMjgwMDExRUVBNUM0fSIgdXNlcmlkPSJ7OUQ3RUNDNUItQzVCNi00RTNGLTk3M0QtNjNGOTYyNEMwMDY1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0I4QjkzNzZCLTRERDQtNENERi04OTM4LTRDQ0UxMkM5NDJFRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDQuNDUyOSIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjEyNSIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjM1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDIxNDQ5NDA3NyIgaW5zdGFsbF90aW1lX21zPSI4NjMiLz48L2FwcD48L3JlcXVlc3Q-5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{25B27EF8-9DA2-43AF-BF0C-280011EEA5C4}" /offlinedir "{F837D3AF-FA8A-42D5-AD80-7F92619667D5}"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVCMjdFRjgtOURBMi00M0FGLUJGMEMtMjgwMDExRUVBNUM0fSIgdXNlcmlkPSJ7OUQ3RUNDNUItQzVCNi00RTNGLTk3M0QtNjNGOTYyNEMwMDY1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTYyREY5QjQtNkQ1Ny00MkI4LUE1QkItMTMwNzQxMDE2MjUxfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtkbDR4SjNjSlNUTUR1bjNKZEwvNFp4RzlqSkxCbkNWditzTGZIVjZ1U1k0PSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjciIGluc3RhbGxkYXRldGltZT0iMTcyOTY5NjA4NiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzc0MTY4NzA1MzQ2MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjIwNjM4Mzg3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\MicrosoftEdgeWebview_X64_131.0.2903.51.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\MicrosoftEdgeWebview_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\EDGEMITMP_66773.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\EDGEMITMP_66773.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\MicrosoftEdgeWebview_X64_131.0.2903.51.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\EDGEMITMP_66773.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\EDGEMITMP_66773.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{EDE1540A-E407-4FC3-8C49-A8A3CCC7D6F7}\EDGEMITMP_66773.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.51 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff734752918,0x7ff734752924,0x7ff7347529304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjVCMjdFRjgtOURBMi00M0FGLUJGMEMtMjgwMDExRUVBNUM0fSIgdXNlcmlkPSJ7OUQ3RUNDNUItQzVCNi00RTNGLTk3M0QtNjNGOTYyNEMwMDY1fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7ODgyM0ExMjItN0NDNy00NTUzLUJCNzEtOTlDNjM4NTI5MTNBfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjUxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDIyNDE4ODc2MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjI0MTg4NzYzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyMzQ5Njk3NTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI1MDAzMjgzNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4NzM4ODAwOTUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3NjYwNzgyNCIgdG90YWw9IjE3NjYwNzgyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNjIzNzYiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\VTRL.exe"C:\Users\Admin\AppData\Local\Temp\VTRL.exe"1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=VTRL.exe --webview-exe-version=2.2.5 --user-data-dir="C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4768.240.91663892987751681682⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.51 --initial-client-data=0x1a4,0x1a8,0x1ac,0x180,0x1d8,0x7ffdf2716070,0x7ffdf271607c,0x7ffdf27160883⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView" --webview-exe-name=VTRL.exe --webview-exe-version=2.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1832,i,4778150434789124625,17197175027900821168,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView" --webview-exe-name=VTRL.exe --webview-exe-version=2.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2104,i,4778150434789124625,17197175027900821168,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:33⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView" --webview-exe-name=VTRL.exe --webview-exe-version=2.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2356,i,4778150434789124625,17197175027900821168,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.51\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\cc.vtrl\EBWebView" --webview-exe-name=VTRL.exe --webview-exe-version=2.2.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3464,i,4778150434789124625,17197175027900821168,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpq6GTOz\I1Yvzl3hCP.bat2⤵
-
C:\Windows\system32\reg.exereg add "HKLM\System\CurrentControlSet\Control\CrashControl" /v "DisplayParameters" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exereg add HKCU\CONSOLE /v VirtualTerminalLevel /t REG_DWORD /d 1 /f3⤵
- Modifies registry key
-
-
C:\Windows\system32\Dism.exedism /online /enable-feature /featurename:MicrosoftWindowsWMICore /NoRestart3⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\0ACFF647-D648-42FC-8E06-0991C8E605EB\dismhost.exeC:\Users\Admin\AppData\Local\Temp\0ACFF647-D648-42FC-8E06-0991C8E605EB\dismhost.exe {A5F4FF2F-DED4-40E7-BA08-57218EC9A68D}4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
-
-
C:\Windows\system32\sc.exesc start winmgmt3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc config winmgmt start=auto3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc start wmi3⤵
- Launches sc.exe
-
-
C:\Windows\system32\Dism.exeDISM /Online /Add-Capability /CapabilityName:WMIC*3⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\6525C915-4794-4DF4-8026-BB5B47E865D8\dismhost.exeC:\Users\Admin\AppData\Local\Temp\6525C915-4794-4DF4-8026-BB5B47E865D8\dismhost.exe {1B4ED059-7C59-45FF-B501-9805AFC5FB3E}4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
-
-
-
C:\Windows\system32\Dism.exeDISM /Online /Add-Capability /CapabilityName:WMIC~~~~ΓÇï3⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\90754013-C6A7-4C82-A586-EF0F01AEAC8C\dismhost.exeC:\Users\Admin\AppData\Local\Temp\90754013-C6A7-4C82-A586-EF0F01AEAC8C\dismhost.exe {356410DD-373C-4070-926C-474EC01C3D03}4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpFdZlrt\N6LhNCzfnv.bat2⤵
-
C:\Windows\system32\reg.exereg add HKLM /F3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "SystemRestorePointCreationFrequency" /t REG_DWORD /d 0 /f3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy Unrestricted -NoProfile Restore-Computer -Drive 'C:\' -Confirm:$false3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy Unrestricted -NoProfile Checkpoint-Computer -Description 'VTRL RESTORE POINT'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -NoProfile -Command " try { $pcSystemType = (Get-CimInstance -Class Win32_ComputerSystem).PCSystemType if ($pcSystemType -in 1,3) { \"Desktop\" } elseif ($pcSystemType -eq 2) { \"Laptop\" } else { \"Unknown\" # Handle other PCSystemType values as Unknown } } catch { \"Unknown\" # Catch any errors and return Unknown } "2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmphZtnBa\7k0nURE67e.bat2⤵
-
C:\Windows\system32\reg.exeReg add "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /d "1" /f3⤵
-
-
C:\Windows\system32\reg.exeReg add "HKLM\Software\Policies\Microsoft\Windows\AppPrivacy" /v "LetAppsRunInBackground" /t REG_DWORD /d "2" /f3⤵
-
-
C:\Windows\system32\reg.exeReg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Search" /v "BackgroundAppGlobalToggle" /t REG_DWORD /d "0" /f3⤵
-
-
-
C:\Windows\regedit.exe"regedit.exe" /s C:\Users\Admin\AppData\Local\Temp\.tmpOfl5Gk\USJETz83Ys.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\regedit.exe"regedit.exe" /s C:\Users\Admin\AppData\Local\Temp\.tmpAYPvEO\WfRR6f28BX.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\regedit.exe"regedit.exe" /s C:\Users\Admin\AppData\Local\Temp\.tmpsemuda\x8iEY05udZ.reg2⤵
- Runs .reg file with regedit
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpPuwm4U\PiY1IyQroL.bat2⤵
-
C:\Windows\system32\reg.exereg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU3⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exereg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths3⤵
- Modifies registry key
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\* | Remove-ItemProperty -Name LastUsedTimeStart -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\* | Remove-ItemProperty -Name LastUsedTimeStop -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\webcam\NonPackaged\* | Remove-Item -Recurse -Force"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\* | Remove-ItemProperty -Name LastUsedTimeStart -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\* | Remove-ItemProperty -Name LastUsedTimeStop -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\* | Remove-Item -Recurse -Force"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\* | Remove-ItemProperty -Name LastUsedTimeStart -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\* | Remove-ItemProperty -Name LastUsedTimeStop -ErrorAction SilentlyContinue"3⤵
- Command and Scripting Interpreter: PowerShell
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell -Command "Get-Item -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location\NonPackaged\* | Remove-Item -Recurse -Force"3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpS5KVfq\XVcGFtPrIg.bat2⤵
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpsa9U1j\KSeAY9btNL.bat2⤵
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpeuCoYq\vLmLRapyzS.bat2⤵
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpcabahx\w2m74Oe32j.bat2⤵
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmpzFnV4B\d33wchgEt5.bat2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -ExecutionPolicy Unrestricted -Command "$srumDatabaseFilePath = """$env:WINDIR\System32\sru\SRUDB.dat"""; if (!(Test-Path -Path $srumDatabaseFilePath)) {; Write-Output """Skipping, SRUM database file not found at `"""$srumDatabaseFilePath`""". No actions are required."""; exit 0; }; $dps = Get-Service -Name 'DPS' -ErrorAction Ignore; $isDpsInitiallyRunning = $false; if ($dps) {; $isDpsInitiallyRunning = $dps.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running; if ($isDpsInitiallyRunning) {; Write-Output """Stopping the Diagnostic Policy Service (DPS) to delete the SRUM database file."""; $dps | Stop-Service -Force; $dps.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped); Write-Output """Successfully stopped Diagnostic Policy Service (DPS)."""; }; } else {; Write-Output """Diagnostic Policy Service (DPS) not found. Proceeding without stopping the service."""; }; try {; Remove-Item -Path $srumDatabaseFilePath -Force -ErrorAction Stop; Write-Output """Successfully deleted the SRUM database file at `"""$srumDatabaseFilePath`"""."""; } catch {; throw """Failed to delete SRUM database file at: `"""$srumDatabaseFilePath`""". Error Details: $($_.Exception.Message)"""; } finally {; if ($isDpsInitiallyRunning) {; try {; if ((Get-Service -Name 'DPS').Status -ne [System.ServiceProcess.ServiceControllerStatus]::Running) {; Write-Output """Restarting the Diagnostic Policy Service (DPS)."""; $dps | Start-Service; }; } catch {; throw """Failed to restart the Diagnostic Policy Service (DPS). Error Details: $($_.Exception.Message)"""; }; }; }"3⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmp81UOjF\LvGaR9tzE3.bat2⤵
-
C:\Windows\system32\wevtutil.exewevtutil sl Microsoft-Windows-LiveId/Operational /ca:O:BAG:SYD:(A;;0x1;;;SY)(A;;0x5;;;BA)(A;;0x1;;;LA)3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wevtutil.exe el3⤵
-
C:\Windows\system32\wevtutil.exewevtutil.exe el4⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AMSI/Debug"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "AirSpaceChannel"3⤵
- Clears Windows event logs
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Analytic"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Application"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowFilterGraph"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "DirectShowPluginControl"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Els_Hyphenation/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "EndpointMapper"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "FirstUXPerf-Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "ForwardedEvents"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "General Logging"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "HardwareEvents"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "IHM_DebugChannel"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-GPIO/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS-I2C/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-GPIO2/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Intel-iaLPSS2-I2C/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Internet Explorer"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Key Management Service"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceMFT"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationDeviceProxy"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MF_MediaFoundationFrameServer"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProc"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MedaFoundationVideoProcD3D"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationAsyncWrapper"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationContentProtection"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDS"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationDeviceProxy"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMP4"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationMediaEngine"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPerformanceCore"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPipeline"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationPlatform"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "MediaFoundationSrcPrefetch"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client-Streamingux/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-Client/Virtual Applications"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-AppV-SharedPerformance/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-License-Flexible-Platform/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-License-Flexible-Platform/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-License-Flexible-Platform/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Client-Licensing-Platform/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IE/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-OneCore-Setup/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Admin/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-App Agent/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-IPC/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AAD/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ADSI/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ASN1/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/General"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-All-User-Install-Agent/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AllJoyn/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/ApplicationTracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppHost/Internal"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppID/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppLocker/Packaged app-Execution"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-Runtime/Diagnostics"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppModel-State/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppReadiness/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppSruProv"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeployment/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppXDeploymentServer/Restricted"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ApplicabilityEngine/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Application-Experience/Steps-Recorder"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AppxPackaging/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccess/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AssignedAccessBroker/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AsynchronousCausality/Causality"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/GlitchDetection"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Informational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audio/PlaybackManager"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Audit/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUser-Client"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/HCI"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHPORT/L2CAP"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BTH-BTHUSB/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Backup"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Battery/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Management"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/BitLocker Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BitLocker/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Bthmini/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Bluetooth-Policy/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheMonitoring/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Catalog Database Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CDROM/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentInitialize"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ApartmentUninitialize"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/Call"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/CreateInstance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/ExtensionCatalog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/FreeUnusedLibrary"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COM/RundownInstrumentation"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Activations"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/MessageProcessing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Calculator/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Cleanmgr/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudRestoreLauncher/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Initialization"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CloudStore/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Compat-Appraiser/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-BindFlt/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcifs/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Containers-Wcnfs/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreApplication/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CoreWindow/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crashdump/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-BCRYPT/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-CNG/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DPAPI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-DSSEnh/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-NCrypt/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Crypto-RSAEnh/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAL-Provider/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DAMM/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DDisplay/Logging"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DLNA-Namespace/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DSC/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXGI/Logging"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DXP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Data-Pdf/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deduplication/Scrubbing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Defrag-Core/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceAssociationService/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceConfidence/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceGuard/Verbose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSetupManager/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUpdateAgent/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Devices-Background/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/Logging"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D12/PerfTiming"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3D9/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Direct3DShaderCache/Default"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectComposition/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectManipulation/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Disk/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/ExternalAnalytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Api/InternalAnalytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dism-Cli/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Documents/Performance"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dot3MM/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DucUpdateAgent/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-API/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Core/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Dwm/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Redir/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Dwm-Udwm/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl-Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Contention"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxgKrnl/Power"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Application-Learning/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-Regular/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EDP-Audit-TCB/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EFS/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/IODiagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ESE/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapHost/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasChap/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-RasTls/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Sim/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EapMethods-Ttls/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Energy-Estimation-Engine/Trace"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-EventLog/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FMS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FeatureConfiguration/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Catalog/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-ConfigManager/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Core/WHC"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/BackupLog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Engine/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-EventListener/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-Service/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileHistory-UI-Events/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GPIO-ClassExtension/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GenericRoaming/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HAL/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HelloForBusiness/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Help/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HotspotAuth/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Log"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-HttpService/Trace"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Hyper-V-VID-Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IE-SmartScreen"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKE/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-Broker/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CandidateUI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPAPI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPLMP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPPRED/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPSetting/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-JPTIP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRAPI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-KRTIP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-OEDCompiler/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCCORE/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TCTIP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IME-TIP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPNAT/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IPxlatCfg/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IdCtrls/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Input-HIDCLASS-Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-InputSwitch/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KdsSvc/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kerberos/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/General"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-AppCompat/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ApphelpCache/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IO/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-LiveDump/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pdc/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Pep/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-ShimEngine/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Kernel-XDV/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-KeyboardFilter/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Known Folders API Service"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LAPS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LSA/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LimitsManagement/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-LiveId/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSFTEDIT/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MUI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMC"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/DMR"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Media-Streaming/MDE"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Minstore/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Diagnostics"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Mprddm/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NCSI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NDIS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NTLM/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ncasvc/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NcdAutoSetup/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NdisImPlatform/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ndu/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetShell/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Connection-Broker"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-DataUsage/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-Setup/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkBridge/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvider/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkProvisioning/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkSecurity/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NetworkStatus/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"3⤵
- System Time Discovery
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ntfs/WHC"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLE/Clipboard-Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OcpUpdateAgent/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneBackup/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OneX/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-OtpCredentialProvider/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PackageStateRoaming/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Partition/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionRuntime/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PerceptionSensorDataService/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PhotoAcq/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PlayToManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Policy/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
- Power Settings
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintBRM/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService-USBMon/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PrintService/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Privacy-Auditing/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ProcessStateManager/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Informational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Proximity-Common/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Developer/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-InProc/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-PushNotification-Platform/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RRAS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RadioManager/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RasAgileVpn/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReFS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Regsvr32/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Remotefs-Rdbss/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-RetailDemo/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Graphics/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Networking/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Web-Http/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-WebAPI/Tracing"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/CreateInstance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Runtime/Error"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SENSE/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBClient/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBDirect/Netmon"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Audit"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Connectivity"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBServer/Security"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SMBWitnessClient/Informational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-ClassExtension/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SPB-HIDI2C/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Schannel-Events/Perf"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdbus/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sdstor/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SearchUI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Adminless/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-IdentityStore/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/KernelMode"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Mitigations/UserMode"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Netlogon/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP-UX/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Security-Vault/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SecurityMitigationsBroker/Perf"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SendTo/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sens/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SenseIR/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sensors/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Serial-ClassExtension/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Servicing/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-Azure/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync-OneDrive/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/Operational"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SettingSync/VerboseDebug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Setup/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupPlatform/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/ActionCenter"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/AppDefaults"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Core/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SleepStudy/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-Audit/Authentication"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmartScreen/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Audit"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Connectivity"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SmbClient/Security"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵
- Clears Windows event logs
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Spellchecking-Host/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SruMon/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SrumTelemetry"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StateRepository/Restricted"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorPort/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Diagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ATAPort/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-ClassPnP/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Diagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Disk/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Diagnose"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Health"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Storport/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storage-Tiering/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageManagement/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSettings/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-Driver/Performance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Store/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Storsvc/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/Main"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/PfApLog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysmon/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsHandlers/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-SystemSettingsThreshold/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TCPIP/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TTS/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinAPI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TWinUI/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Analytic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZSync/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Maintenance"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TenantRestrictions/Operational"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵
-
-
C:\Windows\system32\wevtutil.exewevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C C:\Users\Admin\AppData\Local\Temp\.tmprjXeaX\kg9vM5eKtI.bat2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = """$($directoryGlob = 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { """$($directoryGlob)*""" } else { """$($directoryGlob)\*""" } )"""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host """Searching for items matching pattern: `"""$($expandedPath)`"""."""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host """Initiating processing of $($foundAbsolutePaths.Count) items from `"""$expandedPath`"""."""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host """Successfully deleted: $($path) (already deleted)."""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host """Successfully deleted: $($path)"""; } catch {; $failedCount++; Write-Warning """Unable to delete $($path): $_"""; }; }; Write-Host """Successfully deleted $($deletedCount) items."""; if ($failedCount -gt 0) {; Write-Warning """Failed to delete $($failedCount) items."""; }"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell -ExecutionPolicy Unrestricted -Command "$pathGlobPattern = """$($directoryGlob = 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations'; if ($directoryGlob.EndsWith('\*')) { $directoryGlob } elseif ($directoryGlob.EndsWith('\')) { """$($directoryGlob)*""" } else { """$($directoryGlob)\*""" } )"""; $expandedPath = [System.Environment]::ExpandEnvironmentVariables($pathGlobPattern); Write-Host """Searching for items matching pattern: `"""$($expandedPath)`"""."""; $deletedCount = 0; $failedCount = 0; $foundAbsolutePaths = @(); Write-Host 'Iterating files and directories recursively.'; try {; $foundAbsolutePaths += @(; Get-ChildItem -Path $expandedPath -Force -Recurse -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; try {; $foundAbsolutePaths += @(; Get-Item -Path $expandedPath -ErrorAction Stop | Select-Object -ExpandProperty FullName; ); } catch [System.Management.Automation.ItemNotFoundException] {; <# Swallow, do not run `Test-Path` before, it's unreliable for globs requiring extra permissions #>; }; $foundAbsolutePaths = $foundAbsolutePaths | Select-Object -Unique | Sort-Object -Property { $_.Length } -Descending; if (!$foundAbsolutePaths) {; Write-Host 'Skipping, no items available.'; exit 0; }; Write-Host """Initiating processing of $($foundAbsolutePaths.Count) items from `"""$expandedPath`"""."""; foreach ($path in $foundAbsolutePaths) {; if (-not (Test-Path $path)) { <# Re-check existence as prior deletions might remove subsequent items (e.g., subdirectories). #>; Write-Host """Successfully deleted: $($path) (already deleted)."""; $deletedCount++; continue; }; try {; Remove-Item -Path $path -Force -Recurse -ErrorAction Stop; $deletedCount++; Write-Host """Successfully deleted: $($path)"""; } catch {; $failedCount++; Write-Warning """Unable to delete $($path): $_"""; }; }; Write-Host """Successfully deleted $($deletedCount) items."""; if ($failedCount -gt 0) {; Write-Warning """Failed to delete $($failedCount) items."""; }"3⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Adobe\MediaBrowser\MRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Search Assistant\ACMru" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\MediaPlayer\Player\RecentURLList" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\RecentFileList" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\MediaPlayer\Player\RecentURLList" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Direct3D\MostRecentApplication" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /va /f3⤵
-
-
-
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Ignore Process Interrupts
1Indicator Removal
2Clear Windows Event Logs
1File Deletion
1Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Network Share Discovery
1Peripheral Device Discovery
2Query Registry
8System Information Discovery
8System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5369bbc37cff290adb8963dc5e518b9b8
SHA1de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA2563d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA5124f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1
-
Filesize
182KB
MD567bcf8d877953c1fdb8732942d0af1ac
SHA14966a3e20423bc62066c1ce8eaa1610d3a23fd17
SHA256cb390e9ef56c02f0ddedba962a22ebfb6c9b8f75291c0a7b3bd2a6b01c097644
SHA512fd56c381a28bae0538b3cd8c1dceeeaaee915eb1ebd02028847e5dcc33e5d4f8afdf12fed8ffd31f4a5188f7cb1bf749ddcd3cfeb0be4f0410fccd9fb015db8d
-
Filesize
201KB
MD5db1acd5625c82435c72dfe120e0fddd7
SHA1b8cad7b3f9efec8b4ff3c8c344481ba509096021
SHA256f8cbc120b6d4536300838ffb510b0a4dbff19086065d0ddd015386a73bcb5a09
SHA51213c8cbcdfb72f6a220825d35f5bc0d1a31046e32fb2258ae55f6538e4b0779fe20f2b92c0ad264256d9268f24e0480468e7f90985a5ba3e8c2a62211e760a010
-
Filesize
215KB
MD5f4f2de0a3710012e2ea5e64232f1c869
SHA1028d8c90fa9e5036df028ea5a5a8d78ef1a4428f
SHA256b0993ebb535f4e399489ff9456ce33f929597d246a46e89b7300595fc449cd7c
SHA512adbcb2d058e8573b299ec974501cabf150287e018f6aaf4aba187bd534d96239f822a90c2e577c60643d9146ba47597793596d54dfd9bc30e7efa8b9f6e0b37f
-
Filesize
262KB
MD596a9bb6df038d9dec964905c0ae60e52
SHA1912b4a4d2a220af283b626fcff673c4c537612f0
SHA2569f555145640d2b11dd95b9dfff088a066e0f4398e03906c8142ff33613fe23d2
SHA512ea0058bfe7ce0868f8cd9cbd830616e07f58fade8814bfa5a81094ce58d015a00025b030de27fd10b544cd0d6cb79b2a0e4f91314b9a53279e83bf2249e2ef19
-
Filesize
4KB
MD56dd5bf0743f2366a0bdd37e302783bcd
SHA1e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA25691d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e
-
Filesize
2.1MB
MD5396fe7495ec53d354cc4383e3590c296
SHA122f1c3b7b21a1f80f8d53b0e69e7df740e811bf4
SHA25666dd98d249287e7707b8f1ee181bfb7ab1e2d1d96a5a8a4605d2cc4065a516ec
SHA512c9826a18b5e4e8ff60d9960835c513d82c84c9fd864fb9e5ca99b276d32c88d1362beb870f3d7faab36009b7a430000d603483b1e7d4f124f87e366b0455ec1b
-
Filesize
29KB
MD5d937e1fd21e13275d67ab8090870b550
SHA15d9e56deb55f1a10628e56fa89f1601ed7e3903b
SHA25616eda0080ead81c7a2a0b58cf6afde6a26aeaaa041abe25cd67afa2ec3289c43
SHA512202fccef200c07abbe888936e18cca41bbd4acb9d292df49377b00a482ff51ad847bb377a50466cc0eaa511bd8acb506bcaaa28e1ab7f5d153a0fde0d45890bc
-
Filesize
24KB
MD50da4268d8116a2b9ada30f2669414f1e
SHA151bbe90e02921861a745414af95bd4d7e804a9e0
SHA256f58a3a76b5d4b7180c7f0f85c7f5539b8dcb70a520c42cd9f6c0a6c17899c60c
SHA5124d7c74312103db926d29ef744cc497165cce83f29d3b1274e7f6e21f6f67e6354a5da3dd9a1d9b829c9e6316bc3f3284179020abdbb5e98d50729b1988ed2634
-
Filesize
26KB
MD566e61a107128e46f8b29236eb13c2a2c
SHA1fa1a72f66ba36bfd4723411ca2290d39c5da0067
SHA2563ea7bd0ebc7d7230bf769c28073004b80faa91a511e46224fef93ad8df15de26
SHA512b893caaacb8a9a70049dc60dbcbc4d338153918506049c26ad2b7820ccc1779923f2a9b6e10526d15ef3922e638e142679361924bf6b81921057ea3c2bd25e48
-
Filesize
29KB
MD5ce2b8d59f952e5f340db29ae0723e5bc
SHA101bc443adca8556135112537dd8eb389e626707e
SHA256734f7957f2bf69da418938b07f0f69e5d648a2f60545c14098ac5cef1bdcefff
SHA512ffe85f8b655585b42c90df0e0d8d49d412e892e1223532c0fdae7c0038c2e5dc422c5d1631a53702e51bd54fc8e2320784e606f81040b4e640add65363c0d88a
-
Filesize
29KB
MD5dd4058db5ab9ba74a481dcb36452007f
SHA1d55399c0ed26da0f7f5b9b3eeed9fd07f97f98ff
SHA2561b1496198bfb931bf883098d227fa977921db93526930b5a9fe7163fcd4b89cd
SHA512da1bd0c5f3b726433ded25bc3c763139606e7896db61eb8064a3f6dddb8fb3c2684aaecaefcf55bd66dbab188ed852bba014a9be581b4daf81b81d466e07337f
-
Filesize
29KB
MD5c40e4df7f3b0034c3ef0ec019bee6fae
SHA1e9f457676d41f7b41186145c7d52c59ec3bcd6f5
SHA256b1246d826d0b06a690211e10d229b45b8e62ff6d965d68a7c129c41912a928d8
SHA5123e1adcd91e0f2b2dcaa1e0780492e97f46e347213f69d35475b5fd19e9585afdee7e9f58b970787f8865ba06ad8714334591d65da1dc291cf4ed25833e1d5f18
-
Filesize
29KB
MD5dc4f37429af67df22282da1fc12f168f
SHA1b89f5e543210cd73738a26285cf2e00bf032d98a
SHA2561ae6757c2acfa8a2574ccc2a0d3014987c2f7c710a057c6c005d2ceb8b7ae375
SHA5123cad61126fa50e105b3e912f550851a5072dd91c47100fb624c713b4d814d91145d2de4ce87843d93840e49ca7366de272e3dcff56cbeedde78abb70c3b5a425
-
Filesize
29KB
MD5112a8185547d99720e418c5db8e9b295
SHA18cabb456ef9e045b4b392126e52232af77f778eb
SHA256f774dec3f12eadba1fe6bcf3a8685a481d8e737dc044a0839104b1e5d77fd0d2
SHA512f03b764959327161145b66dcf94f5ff482262a98393bd25a23ed4a07f9ccedd9677030bb11dbea2e7835b61f5dbc98daeedf82ab02501cc41bcda49b19900c42
-
Filesize
29KB
MD52d1ee39bcc06d9350e00d6bfb0a2d021
SHA15bff647f1abe4608b0197befcd9725e6c1650f32
SHA2560018c1aa63207638f5470b4d3a3559e54dc69254ae0e74e06abc00ff4a31036b
SHA5121feb8317f517569f88538f370ee1f9eda900faf7311d670d45d8a681682db406d9a969dfe5d7910686823c5fa5d9b802f7bc9593acbb2ad186cb35945ac13994
-
Filesize
30KB
MD52187a8ce4f96daea80cff1386d231508
SHA1fb04839d2fb488270c0b791466da4d968f9101c6
SHA2561d9da26648827ba0f6695d0a964cf8a2e02bc152815b3a973412f00313fa8fa3
SHA512a9f2700b702c833e19defac3583fd78fadcc331dbc66fe781c5474636ffa29d7bdf83f92947232fc5c6bfaccf96b8959a10a5014c3b45608a95ca48078fa1293
-
Filesize
30KB
MD5ce3855bd30187e5ead9083c7b7008fa9
SHA168b13d954a0018e4f92fee66690cf6e39601eb95
SHA256be95ac66e874beee6a5c62143838f89eb0822a6571f21f7927745261438581ba
SHA5127bdfc0a0c6560ed71d0915180592fd84f7ebd30104a29cdc886721fd09dd3c44b5eb6c553bb37b4b9d7cab982f7610fe22a6cc3341874947320069857ed0e0ca
-
Filesize
28KB
MD5f247691ecd780cc0ef9c4293e2b0c785
SHA1c74cc31a0e036a3b134647925f45eab00cf3d0aa
SHA25651b0f87a0c486e5ccb88dd669cb6d6b13f2189ef2608a7b977e7502ff015d6ce
SHA512a496256e6853b0362c9660da3fdb2ad53339fdf258304c591cef2baa95dee3be7f4009b64d354582623d7f21279cdf6db8c36b3eceafea076c047f9789bec825
-
Filesize
28KB
MD5e3963a110eb3d04c02673b1abbc18157
SHA1d7d537d1b9ba04ad93f5113921d4af75bf763ac1
SHA2566d1329443b6e71f820c6e29ddf0efd4ddb3cb59b452cc8ef10834c985bb87a7a
SHA5125ffaf10d7079ea48e2beac0a8890210df2011e77e3e78fba9ed6dc19d5ddc3a9124c996fc47c5901b4b480250884d19ded9bc4d7cbdf21ccfe4e06e1ef294f40
-
Filesize
29KB
MD59117ebf05ff9fd927a42915d0dcc81b4
SHA13ee973d8931c9697dcf6edcf37efb09b84078f57
SHA25610580dfa99f16c3c02afdde8f93f4812f47879379f0f941d712d7575adfd2705
SHA5124ba36f24fc4e255fa1cf5d9a3b6d133a19e91ab6860141da9c2537deafc68c11cc32af7da209bff452e1a910c824f2dcab02f0230a32275de9860fc900edcbc0
-
Filesize
31KB
MD545e6aefa59045c8cd6157da12c40c7e8
SHA1cbef57720cab3865f0132a8469e629b7af043b21
SHA256708935d4655b351ccabe4433e277501b3fb44d160f5043acd815eba44ff71b2d
SHA512cbf7c8659e8fc85bd9b6ae73eaa278bc116150b985b1690740a0adf7b91a6e3b6c67e137c66ca0a789a8b383d21e77f893e34212c2cd5fbd119dff76083f0dbc
-
Filesize
31KB
MD58ca5075ee963437400321e4eeadf921b
SHA106f4ba4d48045d1dadffc36aa18f7db188e8dfc8
SHA256ac515c88dc2f749f519222512810bfb626c4293d409c369e3668b6ad08bbd9b5
SHA512ee124f144fc249a028fd54099fcd985013d36d2d560174206fe6636861614bbb140ca99ec9bbc3f599568d25ddc37d87c115ba46d2f23ba4bf7e56557921d8f2
-
Filesize
27KB
MD5244a312cd9b5a6b9e5b0044871e826d4
SHA1233b6676de94f2daf27d7ccdedcdd210ab288ab5
SHA256e818306d2e64578f3802a116edf1a77c357f87e0013c66016e32a475549cf77c
SHA512ab8d7d1a5e972ff1bb868265460a0743cb808ef97bd28ae8d8cd47a70c2116d744fa68156b302f6ab6ca7f6d763a90bb35fbf7e975415755fec4f7b409c55cc5
-
Filesize
27KB
MD58165e466a1a47380785f33d1e8dc30af
SHA1d054321c568fe9da4031f89ebfe04e0ebe323f20
SHA256af4de59b73a32643e02a4fffb527f15377b38285a713731c01b3e1de648604f9
SHA512d8fa806f5f3b71b7260aaf0f3d2899f37ae40fd99c0325257b5ae828245dfd503f7cdccc6b13a458fe3c9fc4291c9912a90f7280564f39e81446ab5878ad9cf0
-
Filesize
29KB
MD548733f2a1167fb826ae80eba542105d2
SHA10ae2404369e25255493e753476a3bdf63d55c61f
SHA2560a07407dbd0471f1c8279378b651bd1df9910d79901ec5d2aca3993ea2c451fc
SHA512385b8b9c81bc4b31c5532f82abf17ed17226dbfd608d16498f88b9331e2cc811c574cf5d22700503f790235cf3667996f0b16e7244ee1c4f3c6dfb739091698c
-
Filesize
29KB
MD5eb8b11253945639bf934ab489cacd17e
SHA15604f63b38957644e3a42c4e812b22de0d4d4f19
SHA256055b472459f972954e7391538647b5a67157b12982cb8f55219dd15fcf106cea
SHA51243e155456fc3bf56a811ced60596ba1ba290f94080f397b805b693389c8e1dad5c8f2161aa6924463aa18a53fd829aa0966adf369fff09ad16260ab2fe5c6b92
-
Filesize
28KB
MD56ef0e78accf705657db3a13fa48bf81b
SHA1126d361a96e9171cfcec50276ad6e2e963f00806
SHA2562e2529021ed2709d26a39a27b316849513aa3415077435c537788259c0f24c48
SHA512ccaef4be6c111712cbfaddfad4b5538aadfcb78682c6eb0715e5e82af694439f843a290bca38b976623777405b1cf3bede33f4577e70f837c0a1b5b8377b7871
-
Filesize
29KB
MD5a15fc29be7137d50f1b43b21c7f878a4
SHA12745c75bd4fe0fdea4cf67a6b4b528b1d1919017
SHA256accb6cc47afbaa8934f510e8ec71190539d6bdab93e96e3dbf6134b526036d98
SHA51256820178d8a4ddfcf3e4a98a9afe433e2736d6f5cee73725dc317d67c4e3dc7ff93d27a022d47c52b6b5d766facd9fe6bc8ccc9f6d0de4806f837a1f4cf000aa
-
Filesize
28KB
MD594d1a84f2b3f1e42fff8d4ff4d6ad9e7
SHA123e04878e5c5885f1ce040e527a9e0535b219be7
SHA256ed8e1eeb55a7be7fb90c099ed9cd5f3fb6a804dabda4595d7b61e66a3836f772
SHA51291cee3bf3f9d52458c85da0dbde7d2afc09a510e8c607b25d09bf11aef415d267118565c1110d176892c287267fcfe8fc7f3e6f35d1b0180eb478c41b30c4ed4
-
Filesize
28KB
MD518113fa811dc674c14eb816f4b311a07
SHA1bb6904c73cbe6ac70cdc40e3bbfe1b23810bfe9d
SHA256f804bb8c6a6637487368c4aed7fc940039b3f63fd9f530551f77e7c10fad1c5c
SHA512ba692c2f673f7658e044f3b2ddbf05d035af73c245d46228ba25a21a398a630411d247c76802fe6e59d491ba811b6cffa99e2ff4c1fc008c6eac28b4ee0b1532
-
Filesize
29KB
MD56e481dc25ba189a63979b96db17e982e
SHA1fde6fc2bef61a42f62328ca4c9dc95cc3405b892
SHA256760d16d36d2bcd9c8853b132298072d943e1bfdd1abd13e2c405f79cf24505b4
SHA5128302d1072628c74c4e4cbaabc8c145890588e9a85806b158c7729c8b15298434afe04afb61e5a811211afbb97d6df643df39d2a174c195f0a02e635005a173b5
-
Filesize
30KB
MD5e6519309c7ff5e5cc6398ff62af417e9
SHA1742a90223838af8a31fd31c62d39c472c09fbc8c
SHA2563f06017c9d0a535aacbff6034c3202d60c508f0e0e6f8ba66c97ca0c5ddd79e8
SHA512a259aa0fa18c56f1078557d0c6e4f2be3d010259d7a264f3825badbc837806d563e56bec128b2663c050d87a522e537814d80a4f300e3bf2e50f328ce1955424
-
Filesize
30KB
MD5a72ca838e0411412da885f5cac5eea84
SHA15d9dba66b417746dc4e6e4dda4f9308094f7106a
SHA256e01f7d13e6f78ae648b81e178b90e4e013548eaa988ea4ca558f872499fcd652
SHA5128cd55e8299ebd0367933d0e7479d9d721e1d3aab50075832343eb4dabc0f1f42ae34b77eec20dcdb65a633f580a8096e6ed050ce87d14a248f64b9ca98ee2caa
-
Filesize
29KB
MD5a8a4cc8f5a852b1a04cfbee58c787fb0
SHA10f697a86f3b09e3b4d5815b94ae6de2846b47b34
SHA256514618870a56aa90d98f3f4a33c62c5a9c2d009158ef9b73ada7c2cb458118f5
SHA5122a05a4b0b636e2fd8111b6764b1c5145d706b13d7b2f088ffb5bed4e4b8928cd78bd3be1135678b6f7aef5e7ca561c982225b4d2050494d53c816b4ec5b9b190
-
Filesize
30KB
MD50981f8f72d2e3801d5c29738827019b9
SHA164a70b05d1c58a26479e2cf6bb8be572a0992d9b
SHA25627259d5ede8ada19e062e14984c07ad338b40c438021c48ebab1c375b02ccd15
SHA5128a3ffbc6f7cf1124737ec22f8cdcd5e7e9a1cf99afe89686fe7065085d0cf418846dc73cabe1fe2facc93d47fa22d12f4ba7a6339221d92e82c0475f38866e90
-
Filesize
29KB
MD58be5b83be7c2d3d290553177d57057a8
SHA133d30577b47e2fd2df4137c4b3c33fdb2279495a
SHA256435479d707197a941cf8400531494fb0d5566f0ade35759a673dd4d7830f700b
SHA5129aa4429f4ab9abda48347a989497866e4438fc6622cca2853567001426a229e978a6f20e7057e3d880e8721611869f507196499b3ea094765faaca0218eee19c
-
Filesize
29KB
MD5741f3707c600c93607de6157cf28fa65
SHA120961929574272da34be104e52680b73bdcf5198
SHA25620441434401ac03a0ae659a5150bf16f0faf63dc850cf4f1919b4b48d2a95047
SHA512c6bef1051df089020a39a2e6e61bd501220a061a47206008c08a2218cf8d70648f0b4e4f2b6e87b25855ff7fc19cbd6c3f1139707e593bf6579586eb54f04d01
-
Filesize
29KB
MD56f9c14f84eaf36cf40f2e3d19e5509af
SHA1ebb7aa81ff7fb0611fced19a955f696ee90d336d
SHA256e756c7bfe312d9e4d095d13257ea68de84d9a68aa94a318bb75ebc1f8e78291b
SHA512a014993866a6ffef24d4155c186bd54a71ff2c993ced278a34cc0febc426c900a5c12fe91e3ab0bbab578a288742b064f8a635eef86c59fdb9369862444c4953
-
Filesize
29KB
MD528959eee451a4f9096d003bba0f1e9df
SHA14e5c9a8f5db4761c8e772b9b11d54fbc9c65e0b8
SHA256c5df3678d0e8c2e9b0b8868dd634b5f0558f2a5ef0107b3e980fa73496f1602a
SHA512187d93d186eea65a24c4199f03adea5b231e4c6f18787d383239ff431dba47995ac7c2f93e95637e7bcd7dfa4ad955f310961e76116f563440a8e4ad1c925fef
-
Filesize
29KB
MD5ae67da8ea555036228ffc58682589cc8
SHA17ff76f938b09a219c7443dabeef902804674022a
SHA256380db71966db3e72cfaa5496b3537478361662140e5ac592721398586c8deaaa
SHA5124f918213c5c5d4808ff2d2ca631484c6ac62b071db25606a9cfcf04ec2557af7161f275fde837b8dcb6126904260e4e0cbf1f325dd9c71e8933cb25e6612e7d7
-
Filesize
28KB
MD561dcc8e33e19ed0b818b00e816606521
SHA174096d946d2989e973198d7eb9f17ec0dba57b1b
SHA256d945191d56ffffe5a8096534ff046e37534889cad15e45085205224c1bed0d5c
SHA5128df844435074ad16f86625591618088da6eab447baa8589e44856506bc48f1e705cf4e14561aeeab67fecde615d9e821f2e1561335b91e3fe4f6faa6c1831778
-
Filesize
28KB
MD51949aa915258975f838bdc8701080d71
SHA1bcaf56ef8deffda13481fb74c1b9a06658af74db
SHA2565fbaed8bd6f8ec1c576772ae908f57cb8a6b07bd222950399137abe448adc2a3
SHA51293d6e734751d01da333c27d952572027124c76304d2f56d9a6ab82656161a331d079e31266c0fea7fe46ec70fd4edc82025e3ba44e3c85b818b04211f9d8ff5b
-
Filesize
30KB
MD5b23a96745a2ae2032a422ccab787789e
SHA109ae9116846312d34703d31f160e7ac59c89c28a
SHA2566e765f37c33374eb3fe1fc057e67d4be64762fe3835872701fb6981b78968343
SHA512b4f785278bd83ca212c3127a3d4ec962e065223bad1d597d6fd125bca4984065e895994ba84ae57a95e2f389cee6d9cfcb2d36585a935b536362a606e967fc6b
-
Filesize
25KB
MD5d9abcb694f63e8e663833464fa585f0b
SHA16668ae8da58b1e526a69e126bb68e95ad1ad3cf0
SHA256b32b79933630f2db2a9d7a1d19e3bf37d51e677f656775d8534f1520b86c1989
SHA51211d598a61dbd6a422e1735e123d4aab0731529a2f5fc62e422fc14c6e6a1945872455535bdc278ad2bc12965ecfec7014814f8aa68c7c917cdf8dc141c6687e8
-
Filesize
24KB
MD527387d80b08146d8688ceb7b081cb404
SHA138b63a6aad80c3e60e47e8c07a160ee814507e82
SHA256fca48e4245b9c28bb6fa17073b6ec2bf1f1fd7ebed714f3076fa0e4859abee64
SHA51223ff1b9c472b69a1b749ed3d8d8f3d15aa99acb1eba7e339a3e7edeef48741477140ae0273f2eec06d54feeaf0ab0e864aef3a19c3fc215f836ca97a8acc244b
-
Filesize
29KB
MD5308e95cd17065a2bac58e3a8c7a5c5c5
SHA1c4f648e111d7f8d400fcad79e1c87b7c0dde5dae
SHA256fad34ae9de769842fe456a352eaf452a9425664848607f4cba139b38186e4115
SHA51283cfd32b06e0bbffa36c833ac393e8cac95d85d9afc54032f57726544f2b5e0fbf9feea286d8defef36f12e268149c04711513ab8a605f3d530028fbf940dcf8
-
Filesize
28KB
MD5f2d2a1b2e950359ae1d49ed50cd25523
SHA15d9e707593e202969bce5f0894ea20a463e5a849
SHA25611a31c41a85b830f784f0a803a0391d795f66ba4cb5f5a762a30dd6306f77ad1
SHA5121caa80621b1375107aeb47d3898f65bb49057f32ee75da3511828a3b5129f3b4d2a735a0f6bba16714bc769ed6b0362dc942998720dacbeee4998c7faaf0a5c2
-
Filesize
27KB
MD52429da2623f14490100ff49da3497deb
SHA16529b287703a006d69397052f09c86d5fd9548ff
SHA256363fb43ac09e0a92f1e319a6305940d2f6665726876ccd1411ef5dfb2a446ac4
SHA5125bd0344b5c53d5eaef36cc95c939742ee1babae689cecb00bd508c6cf21ea31f15f03620639f5cf2478e4879287db65dc7bedb9a0e0daee3e4e2e76f24782b18
-
Filesize
29KB
MD541f67f1eb0c7b00c3a58814941a1db77
SHA1cb5279ea1d49103d60169424dd8f72ed77e9b658
SHA256abd71598bf5efd099eec1b762a96061a2ed3fe68f02d65a64d9f158dfced8cb9
SHA5120fab2bd202e1b624029b300a13bf51fcaa8720215b7097c65ed9f7d96907f41574e07b253a19f194a6e49e23e8540d5cf7b510aee92ef60fce81cfa8507748b7
-
Filesize
23KB
MD5631787d717af40e04698dc909ecb4e9a
SHA1438f9a6cf8a49a6a05dd05d148f63a60f1c6369b
SHA256e7b065d40f6298e21a5a849dac96f949d454633844f2badd990b15766f65aad4
SHA512ff065ec0ff25794b869aecd8229cbbba1ad75dafc1bde34307dc5a8df44628c9c16ac4dc088945322a92f94eff8939496e786e09240800c11ee01030c2bfe5ae
-
Filesize
28KB
MD5d7df1262cccf7b3d3ee59513b133fc9b
SHA17c929b265c077baba1435b72c9b144c3e8952409
SHA256ad781375cb8f3831efc05dc25ccf6ad2ab78b7d723b5f2666c31307df242ce41
SHA512a2458aab122d8139746fadd91a6adbdac1e16daa6cffa74bad3ff9615edacf3d6be98978a62dd14dc2cc994a6a3f50c532526484a2f5a13c87054842511c8287
-
Filesize
30KB
MD5ca8d80d3c6813836a44a3c1b98b93954
SHA159bd38debb9d3fbb92a4d5731b581bd2ea2d5969
SHA256bfcfcce2e2c04ac8ecbc36c7e44190205ffe11e656ef71951f481bea78a33bec
SHA512778915b83577832fbf64e5f1b36f0ad6742d5b9c7b8197d23f0b414529c77907f190eb76be822fa33af429720f0a9365967b28bbb2f8685eedfbe3e0b0d3f82f
-
Filesize
27KB
MD51efda3a05b5568e1cb0b544f9b7b428c
SHA13ceb5b07efc209d1e912dbc204e989814ecf0a8c
SHA256c648a971ca500b47590ad2b77463ca1536cfd5f859482d6d45ae5c2408413819
SHA512fadcec36005a90401130a623818efe078a729df020815bad118bdd5c3d3880603988698549b845947a327da107c8cfa2332a4cadabefcb4a4a66eb994713b8a1
-
Filesize
28KB
MD58b39a3289905d89f8c2e08a9e1c4283f
SHA1764f4c801a750e3141a7fdc0a8d09db91e61101f
SHA2564401558813e8c91812eb2c6002601dbcd707166b37a9d05cfd2adf63812f6bc8
SHA512c58829733c78b89d061c50bb9351ced8c6ba5158623b1be819fba95a01c7854b8635d3bd562c3957ccd92b2bf07f581ab72c32afb7ab0778e0f24068feba3ba5
-
Filesize
29KB
MD576e1545f264db407596da4c07390f879
SHA1daf92becc6e49c16fd78ae5fa300516e1b6072c7
SHA256be88fcf81ae0453d3a009e2293690fec4023484f2a838d5b0a36fa37b12e44e2
SHA512ee3d18511f1676bd3599cf668479e63edbf4b17d9ac8d616d84b029fa5725a6589de27d83c755885acb4aeef2efc4ebeb1d5e576df7a3c2e23ead5d007ae86fe
-
Filesize
28KB
MD50fa017bbabe99d697aecf87f11122138
SHA19a5b1f21087ac90daede7031bcb7cdcd9e9040e9
SHA2563159ba9821d877e6170e89e1b254042f6b5a180ef3a3f9c1dbe795cf4ab9c468
SHA512f28222acaa8b15a6e359c2adca52d5bdf1704cbc3a212dc3d5f26879cc0f9c17943121cccd8346812c7d0d3a7eb46910131067ba2556b4505511b831f2b51e28
-
Filesize
29KB
MD54f5f4d22ea8fac459160fd9869d9a58b
SHA1c723145da6b3b5b052aa4a4897f889a43d785797
SHA2561a59dfe8f18be13803447b2920cc2d0fe586df108daa89906483ed11c4cd163a
SHA512b42399195db6c8a2a5d3b4c1c2a575d093ce8141784fef265306a56e0180c434ee57b458daa8453a7205771ba30b8441e9dc458cb6c6ec1d456537c083724037
-
Filesize
31KB
MD5b1e56f61a6ab5ad64b4abae2b020185f
SHA14a1c2eb92c1b486410180d160d36f71cfabe4229
SHA256760624e0961ca52a3f7306aa60d51c219b65d94ce725ca7380aad268772d0b62
SHA51207ddbcb4d975579e4f7d13b8073e8ce8c7512f2f0aa70f5ae53897a9b71d1637178b329f60dd0602d7af9929143376c9247811eeb5060f762145c655d08741f0
-
Filesize
28KB
MD5c7501ee87fede93380687c30b9b2fa56
SHA1cb21e885dcfed5eb9124a043fd8585a12cb87193
SHA2560955c82800f5a125899ca5ecd29ccb0fdcb24bcbc5f0cc46746cf57b6d1f7692
SHA512786d9d737ee886ac0540e1cca3ec93641a20278c769d143a9c555714b89f8ea4a99bc55cabe6c1246c0dbaac62cbd0db2318d8683bd40f35895d23b3f19304aa
-
Filesize
86KB
MD5f49dbbeddc6d55cd5b1de2024d9899df
SHA157842f939ea4b4fa8232cf26a2b48aa3318ce88e
SHA25674b419ab9c114917c23c2be7df553fdb2c6bcab8e2f1527b9034748f553cbecb
SHA512358fa9b1f7aae386c28e7700637b47f43457b6c004f1488f1a45b9d72563caf6b554cd64abdd2e272d003c71c5df67d9b4ed7372070abf10883dff87e05ba6af
-
Filesize
19KB
MD5653daff614a29f139db1ef29b38e6855
SHA1a88828839a34d841430cdfcc9a6afe3b6f29c528
SHA2569c8dbc650aaf8409c4bde68fa01fdcbf58f55725e0b83763cf20aae5ca9970ca
SHA512de96ee45179a3b8c32d8409baa2c749e0808719a6b9af638fa831baff513cc3564016e2031c2dd30cceb557952050d6a5456e158952a41c248124a84d27efb1a
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
280B
MD506f259cd755a48ad9bd1a8e879313d8d
SHA19c831d002c33ad1e6f07b54f7011ae4600ffd0b5
SHA25655394c29e9d5270d3474a11a00514746b361dc9cafe984782a6b6b104e5db1ad
SHA512f8dfee5fb149304e6547434922d4e36ad176fb0c7b6c00a0b4977df1b04a34596d01bcc10e304beec5c26353b21e0ed455a12645331ee86e3b8d1c5b5911573c
-
Filesize
48B
MD5767ee0079b2b9fcf0737106f8646c6da
SHA11af5facfc75c7d8e298eaa442c4b66de70f2b991
SHA25644b422d39b70deb481968b85a75312ceaf8f27600736b040c9ac1fc6b47f9e4b
SHA5121b01981883955bc8fb30ee80a167b43f9946e64d42eb7b33098dc2bc436d16516a16c8c4041c94e200b0b06da6f9bddebca467043860732853b32f9d2a8bb8ad
-
Filesize
72B
MD5af400135a869da085c6c6bdac61ae325
SHA19f7610d77842725ec00b99e3e9fd86fffc85e451
SHA256420cbb9c7db9fbd05ce4ea6d012428c7deefdcec01f9216544860762f0e42500
SHA512ada53ea11a1b45dc9af600ea3451a00e4bd21afc396fa9df4c9c86927ada31627bbdcbff13d23dadb2afbfd616315920c69f40db5cbe0f2d7fbfee883d410ddf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
833B
MD54049f5ed65384688048f781d55de888f
SHA1030c9ed73dc2e40243fe44953e6020d3f1e48407
SHA256a9f5cf0362ad0ff036fe8ff5316607e49c0ed44f7e2173d0b3017d8e49651f6d
SHA5123203af9bfd6e9f24d6893e1d4e4cd0578342a76a6b620bb51382b67a9a39090f87984bc4ed3c0167a7293d3bc7fe0c0c9357b4645ca7149b1c585c3be9ea5ad6
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
517B
MD5d6b208bbf3017a0d53e7ae2b68b4f921
SHA1e97486ac159d3dc2d6c95f596620e3f731c1f68d
SHA25688fc5db1e0cb237547b220279d9497c951b05f4fcf5eb7f4d0d479fbc8b939b7
SHA51291e6fc700e026f71a01a23213c74582e5652f1a95febf623f40d0944bc1b380a26dd3235701279024563577a78b2b04a61652922834951042b582c2c5c1f64cb
-
Filesize
517B
MD5a80f30b6c502684546dadc421ec12755
SHA1ab08bb99a9b3d26a75f5ad5c2c2f7cc545cb4db9
SHA256a70a30185464cd6e48cc70d539d2d10e6d6de61bbe8b54fb7294d66ff7c03564
SHA512cb40250bf69f14bcf9f0f0c195a1167ff91d4fd5cc4efc725b864d335dea7824172d9336fd13ea999245febb6c6d180d73210950735da7e10746377bd89a7585
-
Filesize
6KB
MD5a413eb79bfee033c61538c5e98719dcd
SHA1b5de49d9084ff9037e75158cbea9b26b2d9a80dd
SHA256f5d11d74f17328b1c33cbb1c5c6fad7bd80f20683c6d29fdc384359a8e38011c
SHA51285f8f8e14b2cbe91fe9db03ddab59a87250f05072dba650cd179a2d6b5ca1d123e9c08b6a9d27460c7089106f545853af4bcade1c06154776770f61dace1300b
-
Filesize
44KB
MD5f9332b96472c5d8e7ad256acb6ccc2d9
SHA136e3beb407ee1e2e39491f148faf54ff128f8f8e
SHA25669ba6c7367efe42db3afa540db6fa88ae1fa69cfe4061dbe899ab779f22102a7
SHA51266ac9590a7f548fde02386bab8a1e40084168dc75d67938e1a5523cb69f142068b34f2380e953637a0df937ef5c612b3f5720e2957d9dbb84d1ff32771d3023a
-
Filesize
264KB
MD5f312197501ab732fa2d8d889046b33ac
SHA14ae6585b57d6a74840cba5f5e117c77d62fead72
SHA2564433e1dc67037cca2fea83f4ea48a099dd93fb7c77ea8988fa02b0f7e8b7da37
SHA512d5741f76249b9360a261caa0dfa8df3e0d221858c31190283f9e1f4003056bf231028810f609343e3149c32d37f41607a1bf14ce38cc8e1345dbf6da35234400
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
4.0MB
MD5fd0494c7f6d13a7015e6ef16814beccb
SHA15b10996f254877346bfba3a8c29bf14eafe8d9a7
SHA2567e036fc864c31541b7c089e37f117251650ec4999e41ed92ece286d9baaf681d
SHA51229455482771196e5ff9e1bf8750bc22beb791742002ff5768dbf3ce68709abe421d430eb697dcaadb5fd8b55ecd398d7edd5e1ae7c0ac21d68008ee71db6c7cc
-
Filesize
1KB
MD506fc6c196e52bf27dc7f976047df91ba
SHA11083fe6f496cd6e7f8a33ac9b4a4b5b1c0ad7c51
SHA256fb8818ae579c7ce7c8cc91d9b752c35fe15ca5fccbc8b640092801c1eafb6b9e
SHA512c625e24bf75b034b1d2d26c838e33119bf27fee9f8d5ad060a174132883694935669151ddacbaf521d2f79afa5ac94c9c383d4c4863a310d107eab6bd4e56614
-
Filesize
2KB
MD5c932bc60aa3139cbb154972263bb297a
SHA15cb9be11d4523627fa8681bc62212e6f28e08692
SHA256bc7e6fb5e53e8c95e9d36a27c0d2ae8571c88e2b32129a2ea0044af9799a667a
SHA5120a5c2675a2685570308c2be89018612440927385d78a6064c5bd7b076adfe90c8f60426ccc54d4ba4cbf4262d20db5a1bed494ed53e51325cb8b04fdfeb113c8
-
Filesize
3KB
MD520efbe04dd0692b07ec62efaeab51695
SHA136db7663f6f97dbc07077bd65dcc5422c5021001
SHA2569d9c04da330ad3a151d9319538b2c7c9f524a8de27e2bd7a7ecf07da7f73e999
SHA512233873bfbaae7a18cfefcec8d03c2f24d8de819346140313b905286110eb9a27b9f54c23adfdf8295d77b9fe49264f293334e6cb5644f8913a0641b2cfe947fa
-
Filesize
16KB
MD5e00437e12ca2a21cf6361a3fbad06de2
SHA198bbdb2a16fdcc2b6c7cdd6768e282738afb3f44
SHA25600f8e0567236b556eb2c7c10894694e4fdb2afb7f5d7598cb9bf07d56aef0bea
SHA512ce492d25b5b01b5e09bbab83eae61616405ecd39d1ea69185a784d4baccbbd1000f38b69a44eab4095378d3147cc0393d1547bc7b935b9d9d21649ef29cdd9bd
-
Filesize
1KB
MD59603cbc99bfa6e2a8133e50fd748a007
SHA16f790ada2a71da50513839bc9233226800600776
SHA25611409c0454198c810e911e71ccd322bcfe130f3212d1925b38bdcc8469c56bbe
SHA512af0d2c3825b8706143388bc9356a5c734fdfdc6e951430f902a4b0218015c750755dc4de43b72a921de0774c528eccfb219c79285a318b445490643e20734950
-
Filesize
6KB
MD5e1c61e62ffb3a9f5ad6eb0a6ebfd2f85
SHA155c7c6595010b49c7e40952a3fedae1dd3b6b967
SHA256d61b3aec8731058ec875a518600310ce8de91829aa2d8223b4e2827a4ef9c1b5
SHA512577006998d3770637738f826e079eb884e7503eaa9d909646cc4d24da8976650d9b3b292ea5f5a30d757ec2b9c4c4cfbe30d2e969ae4915c96168ece98d578b1
-
Filesize
8KB
MD592406d942704d651b425a4d192e7c251
SHA19fe52efaa1bbef0e813db60339e2059b4b8f51fe
SHA25633614954fd8ca8f5529b65962dfa5542ea3c57e610caa1d0f753d051fc5c36c9
SHA51229d09a054b7489ef309c758da207a275e9ce0327c56ecc0eaf957f66ad80d787fba563fe15689ec5b038c8460b9792d710373c78d72e1d0dac8b1430b9d5acf1
-
Filesize
5KB
MD5069bf0b03dc5fc059edbdd4e6bde3fc0
SHA1e80f71163bd3ab504d3682cde98d6ca6ac3c4782
SHA256463d47ed12f6c0643bf87537792dbca2106498c30c303b69282e572ab62ea202
SHA51201ec40c0a801958c7d057745be35225d5f0fd17dc201d80ad93b5d3130a88aa906bf3c30daae1d7a41c208429acf3a197625ad5866e01c697385848e301f7b24
-
Filesize
75KB
MD5c214f8173aeafdcab67cdec700e4b4fa
SHA1640fb32b438eb8b5c99a7d5a60ead4e06246bf57
SHA25627ab945bd7e679f3f105209e9871d860035e142fb8e65f79ec19e28536351c4a
SHA51279d2bd5d2d118c413e654337dcb2fc2df3b2ef7b6a009cd2910bf543a2ec6d56d036349ce0d3946986cadcc643ad8346c2cf4c7db97266078ada3a9f328d352f
-
Filesize
74KB
MD525628c1336c391277863a8a2ad12d890
SHA17ed2423082955edff03778bc73472e03acd3e93d
SHA2567ce0d9ca959b3b171da3c822f53b8eb9c62d993d3839d6fb37038cbecd16eb49
SHA51266b8f51a3d615dcd75f72da6038abb12c77efff855c8bc8ba74f82dc3346188e77a7f9165b758f657c1629156285f6774fdd9ce1be0ad8eeafd36df1285d81c9
-
Filesize
671B
MD53ec19c7e94d03b9f13bdd4fc5bcd6daa
SHA1a54ae5fbc1c22b0e0d1709b965153f0a47bd43b3
SHA25652f4582e66e8d1791a80bd6c96a673ae55660566a8425b824feb54aa3bb53e62
SHA5125d86832d825f598c21d239f7246ced9445fb271363fc81a8826a72bd0732615dfb3b9185d705e0ff06e2307a7c98eb8c409390470fb854d0c2730cfb3ec44006
-
Filesize
25KB
MD550524d3172ec4b6e152207ecb06fcd69
SHA1ccda56135001dfd985e75b16f3c3970a0860ba34
SHA256d8e0320a88e3959b746b386ad6adf50afac3cc3a29e840127e903297ae93524f
SHA512e4b548f7dd7489c9fc8bb3f3b8ae96cde48dac8740a1e1a75ae3e6728556c9077b5b9546303ae398da66b8f06e96e4f3295c975fc571f4282cced4ea3f83caa0
-
Filesize
982B
MD59021db7226fa57048d6646ccbcb9925b
SHA1537d8b4136b45f62a40a01b6a2bc2e79e0f7a5b1
SHA2561c2ec52a9e06b20a13a193687254bda18e953093a8a27e22e950763f4d94b00c
SHA5120f7f8bd67ab25fb499ce4f04b141746245bbd97ebd7953c3cd98eecb4302a1859ce582dced5dee3a727e87186233351b8b68648315848e13c781949d86b77b95
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
10KB
MD5a2fc373357964ff933490e1f8ce702bf
SHA173512e7dbd7e3ff1f605a079fe4267f580f05df9
SHA256abf6edc2d87070b81f407d716d1269fe579cf3227d8b9c84cb6e33309b54e175
SHA5121fd8eab3b658c0b58b242f07726f66fd7f850aba802b21b865cefb1f52ce1dc073a1dced9dc448148dec3169ffacfd0ba16099b483a75ed7216333578685381c
-
Filesize
11KB
MD5156df92eb030ee4cfd41ff218b31cf1a
SHA1e18f3032cfb53c01c68f62f276806a728af69f23
SHA256a962447c4559b546fdc2391f92c43e096b2c91a0f7cd4974ebee98dd194c1aee
SHA51222a515459bcb54a44f5be682c7cbf211c5039378ed81a01cbdb1a2804278a870ce6560fc7361340ec3cc9bf7a4bb48943d364affcb29479494f133fd30f6a48f
-
Filesize
10KB
MD53ba1af79e001564c6965009f3b17d9a8
SHA10573bd570c07fa4310f2cec5aa1f0ebfffcf752a
SHA256c6eda6674ef3adee8eab73d307929a047724fcbc7ea246b83da0da1011fc925b
SHA512a9d28999a6d77c6f41a6968783b45eee744479516fadfce0d5d1d6838a5acbc444ab90a5545738ba998d8e0b724607294e693c15c19805063831481cb98ba0f3
-
Filesize
1KB
MD5e7297ff749386c25b5cf62d54a388f36
SHA174bb55fb30ccc21bbfad93c5e24f6e313ce50a4b
SHA25618a7410f63c3e5fe3744131d552b28c1228d115396f40086a756f9c120e8f83c
SHA51235bd19f1df1daddec04a0c87f33d0a0a7eb7a04a4217395d7c6e5e06f648fba8e12e23d0472091167a93172046a639c29a2e24088de2dcb19742a241bdf61821
-
Filesize
8KB
MD526c6abe2ace9beb86c19ca6bdb33794f
SHA1ca3e6c947627a5f55cf61c246078129d8eab3d22
SHA2564a5024a72c750eb759588afaea3460f290fff16cc3f351ca9e50cd4680f43066
SHA512b4b1bb06fb248f71bb19a6bc76e5354ca866b8ecda6085d29bd2b0aa014b66ff0e95ec3a7e219fcf9f5d6de5de0007af8ced351fad6a7ae3a444acf728568d1d
-
Filesize
18KB
MD5e2dc15f2632f84b39235009dcb5c57a5
SHA17de225b74965d7d34a77c52c23daca2d6e6d7f82
SHA2561b17fc6458851a290201380170fea6b6e480681f5098b8a00a20e684c3c628c5
SHA512a528e4f904325bdd014c69e2a3c5fb6b3edbdb7623d332703170c61a3a32b4e588631e3fd8bf26f6ecef3a2a0612d4aabf731712278586d90ccd9a88deb499b7
-
Filesize
3KB
MD58715c11e367e0fc66df51c70016cd670
SHA1d404ec833f381af149f86ae1baf90a28c8c350b3
SHA2562f1ddbde9e2da7343e5dc404fc9f73d370ed42a016f55ce423ad537e424ccbef
SHA512f98d3163a4cb5680a81050cef9d9cb5ea31d8a94604492ec3fb83490dbeecb7d645bc0985a6783ae5758c9fe7621ce1bc25fb3c7c8313c5fb664e8ddebad7471
-
Filesize
17KB
MD548fab43912d374d981c8a5702498728e
SHA15e236e63c60d889776fdcc87c8bd0dae12e850f5
SHA2568f5bf65fa2281eec575482a15bc40166aee37afadadc25c5317d67862544ca96
SHA51249391302e58fd12570a828ac344ecec803bbef0123937e89723c490a5d8970232da39c2dd33485716d7a28769fdae05f32bc233dd49226aff7c3de8628923552
-
Filesize
384KB
MD5e9b66a84a0dffdb6b04038183d9c8425
SHA1a2636c868573590332cb71f00bd1847e43974918
SHA256e5a5e34c21a0253c0814e774c91b14399897ed5ce41608e5d4a130aaa972ab17
SHA51272b128828e0517bf1613eb58d13bc24a87fba907ecc4f11b1ab7b84807698159fbfc2d739ae2f3ac9797b3efeb73ac82862f8317fbdf4acea5d31f27d79558dc
-
Filesize
63B
MD5511d7a0c43169c383dbc31967ad63e9a
SHA17564062cacdf090f2388de9d7cd4d73284bed225
SHA2561b8f1825c10bb3efffa061f3c67c5bd13b939abadc4370599f3991f605b43657
SHA512fde32a6ece6191b995f92aa15716194f66a0e6bd2d82bc60130ba41ae82f315c10b35e172afcabf3a888a4ebbf1b9e27dd769d5dd201d60abbf4b2f947dd043c
-
Filesize
62B
MD5dc2c7ed862f4a17fe63d07754b84eaa7
SHA18dd6590dacc904e0fd2f6e6c79ef067da8f323e7
SHA2564d864f2aae18622bf98184a5678e49da77cb13c6e499eff51e17c8a0e82412d8
SHA512d913ec84e11362c9bdc2d3c6ca36bc46d487890f5ca760dd9efe134b111ae1811c9c7d1eb15abd03b2d12365aa357e3d75e2636d4a561b9ab7efa04106d30a32
-
Filesize
61B
MD5c15517e270dd0d42f2424a4cde866e6f
SHA10c9210f13cb8872f3428d01e35c1f4f654bf9747
SHA2560b5deca2ca0a99fa3bd21782fc19d23ea9fb0d5eb9f74eccc7b83d9bd2e2a924
SHA512baf79f04b887b41166d716b3fc0ab1649ead3e8a496ce579a888bdeed1aa1175c588594e528031d4ad8c76fe7da167e229d47a7316ea3092f537493b026e6a23
-
Filesize
2.2MB
MD558e10c98c7e2517c435d688c2604a5c6
SHA1cd34d8322cfcba56b89eb334b323bcbb32e8f7fa
SHA256dda7185dfc608949af02f6f31f5dbdb2d81fbfc52c6251d6c759fbd632b05956
SHA51225b1e731d1d5aa42cc904787559e782bf2217a27959fb9dc5af335e88ddbbc5bcdf22184e249d987bb196e13e26d17ab66ba0bf52fb411618c81c266aee2ef77
-
Filesize
280B
MD580dd311e4a0ab4a67b4150ff11112aba
SHA151992c727aac4baa683c41585c6c4ef02a6e3b54
SHA256a93eb1e766ef90451b1c3adc9b9b2dfd13f24d655bb1835f9ab21472d2afe9fc
SHA5123df8ea1fa7e16211ef77635ebe2ce70362e6f7aa214cda16452bf4f049681a92200e24f701b80d9c23c163f3cdbf738d655d517b20713fa1cd1e82fa354c6658
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
168KB
-
Filesize
144KB
-
Filesize
136KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
2.1MB
-
Filesize
2.1MB
-
Filesize
5.6MB
-
Filesize
5.6MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
88KB
-
Filesize
40KB
-
Filesize
152KB