Analysis
-
max time kernel
890s -
max time network
1050s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08-12-2024 14:13
General
-
Target
UgrVJMxL.exe
-
Size
27.9MB
-
MD5
34e055a67b10a1a14994b6b3457698e2
-
SHA1
6b299dca56f55a0656b23fd035f4353dc049343a
-
SHA256
01b6ee7d4a8b358ef51e4f2d19f75ff4de4d4acab7c56f2a3063e4b35847dd09
-
SHA512
8437dde18940cf8197d25f729bbaaf0803b81ffa1ed13128c91e6e3a65f01fc8253a19badc6e71c187928832dbabb03cf45ddc392e19e4c5dc6f741ada13d218
-
SSDEEP
786432:PPhOXo+/5eJC7HRCyM1yMRUEvTHBfBRcda3:3AY+/4JOlQ7PRco3
Score
10/10
Malware Config
Signatures
-
Deletes NTFS Change Journal 2 TTPs 64 IoCs
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Modifies WinLogon for persistence 2 TTPs 34 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass 3 TTPs 2 IoCs
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
ReZer0 packer 1 IoCs
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Sets file to hidden 1 TTPs 64 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s) 4 TTPs
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 32 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 34 IoCs
-
Themida packer 61 IoCs
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Boot or Logon Autostart Execution: Time Providers 1 TTPs 33 IoCs
The Windows Time service (W32Time) enables time synchronization across and within domains.
-
Drops file in Windows directory 64 IoCs
-
Hide Artifacts: Ignore Process Interrupts 1 TTPs 64 IoCs
Command interpreters often include specific commands/flags that ignore errors and other hangups.
-
Launches sc.exe 64 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs
Using powershell.exe command.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
System Time Discovery 1 TTPs 6 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
-
Checks SCSI registry key(s) 3 TTPs 25 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Runs net.exe
-
Runs ping.exe 1 TTPs 1 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 22 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\UgrVJMxL.exe"C:\Users\Admin\AppData\Local\Temp\UgrVJMxL.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command Remove-Item 'C:\Users\Admin\AppData\Local\Temp\UgrVJMxL.exe.bak' -force2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\net.exenet stop w32time2⤵
- System Time Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop w32time3⤵
- System Time Discovery
-
-
-
C:\Windows\SYSTEM32\w32tm.exew32tm /unregister2⤵
-
-
C:\Windows\SYSTEM32\w32tm.exew32tm /register2⤵
- Server Software Component: Terminal Services DLL
- Boot or Logon Autostart Execution: Time Providers
-
-
C:\Windows\SYSTEM32\net.exenet start w32time2⤵
- System Time Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start w32time3⤵
- System Time Discovery
-
-
-
C:\Windows\System32\Wbem\wmic.exewmic cpu get VirtualizationFirmwareEnabled2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "$env:firmware_type"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "confirm-securebootuefi"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -command "Get-WmiObject -Namespace 'Root\CIMv2\Security\MicrosoftTpm' -Class Win32_Tpm"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\w32tm.exew32tm /resync /force2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\net.exenet stop w32time2⤵
- System Time Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop w32time3⤵
- System Time Discovery
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c reagentc /enable2⤵
-
C:\Windows\system32\ReAgentc.exereagentc /enable3⤵
- Drops file in Windows directory
-
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mbr2gpt /convert /allowFullOS2⤵
-
C:\Windows\system32\MBR2GPT.EXEmbr2gpt /convert /allowFullOS3⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pause2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.diskpart.com/features/convert-mbr-gpt.html2⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff618346f8,0x7fff61834708,0x7fff618347183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3936 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5500 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,3379625109961252089,10153247940987749018,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:13⤵
-
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
- Launches sc.exe
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
- Launches sc.exe
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
- Hide Artifacts: Ignore Process Interrupts
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
- Deletes NTFS Change Journal
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d F:2⤵
- Enumerates connected drives
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SysMain"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SysMain" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "SuperFetch"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "SuperFetch" start=disabled2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil behavior set disablelastaccess 12⤵
-
-
C:\Windows\SYSTEM32\sc.exesc stop "PcaSvc"2⤵
-
-
C:\Windows\SYSTEM32\sc.exesc config "PcaSvc" start=disabled2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'C:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'D:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -command "Remove-Item 'F:\Windows\Prefetch\*' -force -recurse -ErrorAction SilentlyContinue"2⤵
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d C:2⤵
- Deletes NTFS Change Journal
-
-
C:\Windows\SYSTEM32\fsutil.exefsutil usn deletejournal /d D:2⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s w32time1⤵
- Boot or Logon Autostart Execution: Time Providers
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s w32time1⤵
- Boot or Logon Autostart Execution: Time Providers
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Suspicious behavior: LoadsDriver
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Time Providers
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Scheduled Task
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Time Providers
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
3Hidden Files and Directories
2Ignore Process Interrupts
1Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1File Deletion
1Modify Registry
5Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Query Registry
7Remote System Discovery
1System Information Discovery
8System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD56cf293cb4d80be23433eecf74ddb5503
SHA124fe4752df102c2ef492954d6b046cb5512ad408
SHA256b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA5120f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00
-
Filesize
152B
MD558ffc60f16e2cc5f57693a21a9b6bee2
SHA11c89779940df6c4fedbb59a99687990c45015266
SHA2562f591b201f1603f3847d9d992c01d3e365ab99fbd4981dd9fc8b019f004a212f
SHA512ac31dd656373abb4cb59624f1f68808ec02748a64613c82bc5b6eefe9c1b9c70a28b95174c8bed36e479dfe6c66bb7b9fbd8fa2d018645332f79c69d1895f4d5
-
Filesize
152B
MD5333e272ec0f70f0f8b828582c58c6d01
SHA106508bb27f55ea5ea626c06773a3e2d37bed4e6d
SHA25606caf12b0d5f4545c3373fa575f077f5a49ad72d0d6f5497c3cd47254402f2c0
SHA512bf763ec6d83444112f370228b2c94bb16394d4ce31b8db18567af5babef5106d27e666f4229e624ce217a933ebcc6764682ee54bca8f7f9551600afbbc19c6dc
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
67KB
MD527d9344de055e50044e074ec3b54231d
SHA1d07ff356acb90c9d4fa1c1e3e48188b1a2eeaf8d
SHA256d5c1eb2d4d0a13aa42ee68f03218ae01f420003f64f572b77cbff7d61edff388
SHA512ad045b2f4e6d58e43de1e26a1d5c0a46d912b65caed68ac4bc07f0c26223c5a9927a74ccc8956e074ee74db6e7b05415f3baa3634a714f3048278982bcddf26a
-
Filesize
47KB
MD50d89f546ebdd5c3eaa275ff1f898174a
SHA1339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA51226edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD5b275fa8d2d2d768231289d114f48e35f
SHA1bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA2561b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
26KB
MD55dea626a3a08cc0f2676427e427eb467
SHA1ad21ac31d0bbdee76eb909484277421630ea2dbd
SHA256b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6
SHA512118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc
-
Filesize
3KB
MD50f3480302f0710d88dd16fb6fcc9e4fd
SHA1e9f4ab78e52d27472e6f4e2bc5fe6edc7dc281a8
SHA2566020e768955f807148e02818dec2c1c944ad339c6ac3794e8239b1486dd41e90
SHA512cbd9857d4af4c0175e8ef8d5a755ef1544ba5765ccf20a32ee12b0817ddfe8da6f958f3979424db9c4a1cfc69e71721c943d9d5db9b27cd76f6cfe0b625e273e
-
Filesize
1KB
MD5abbe01f31cacd9c1690862a1063ea448
SHA13526c12553dcba01f0062df6ddfe5666ffbc200e
SHA256b09817866d0cae14fc64cdd09f169d9763bbe7af77898fdd2d2ee2310b59baec
SHA51206d0acb64e1f35c934f2f983b27a33e73c534ea0cda0d8c64c39c631e200f9017eae193800992a8f83df775de52827528d1f9dd93333fee4a9891dbb606c07cf
-
Filesize
4KB
MD508e413654e57c32af68d744560b419ec
SHA1a3257a0a6b7a3590243b8e2b02d38539611c7379
SHA256a5f5d353f34b76cd09613a556521f614b261b0c346e7aba6a4f9471b81fc2437
SHA5125371992680d0cfa2c52d16f724931d966172545dc891a469443f79e30c9a30aeed6f45204a5537f456a8d0a21ec2ff2b90b5e6fdeca6a683a2848761464be1e8
-
Filesize
3KB
MD5117bf7fb9bc9a35e74446f1915c2dd8c
SHA1d2402465b464e970582586dc2bd03b9a89166b95
SHA256fc00bb2344342a8f11255d6059818dd6d919dd584d386fdda3c9722fd01b3e01
SHA51290904b35bf0b3823e80a1833198018610ea5bb48969bfdeb87bf980ba0a03b2ab376013a0c1621d3e0afdba55301a9fead1b6936bf184a912c480cc66a51b785
-
Filesize
2KB
MD55e0bb565cd50834f790b4609b99f6330
SHA117f3aed9ebc72604cfd6b3dbcd461afd34eabf7c
SHA25699334dfbe7167aec00cc1eef87bce3a6263419a81905402951ad96b1e90d58fe
SHA5123d77f0322821d59f1b02124e054ce20bb276f38a6c7fd2fa0f1498fbe483ec0ec3edf99c2cfa061b0a58fc0131be25a32bf8661016144b5527637609bf2c782f
-
Filesize
2KB
MD59a1527abd71459b835b34fe28216e51e
SHA1ed14cd4ab0b920b167353d17d3d7f4a7a51a4869
SHA25600590acd4792d2e1a22ac7b9ef9cad40f4bd4b7667d5688b727fe778ddf8e6d1
SHA5129583fcfc8472a540a5e65be45884799785a6e0b6b1e7f9b6e3900099a3f907318f615db35d076364bcacf7ae31628704606820b8f7b211dddbbe3231839a44f5
-
Filesize
2KB
MD515ffc0b482c74e19a524a55567549df5
SHA13c0ecc10a1e6edbc8c410a902403eb89d28d1515
SHA25634b2c48d8f44677e7e407cfb568e5041d8ad51cf5ae6ba8f6080f05aba9b81d9
SHA512a86e2cfb0163342b851ef2b4082eb360941600263396d702567fcfce22bf9117f1a89600dea408404a008ebb9093f15ed344bb9f9d03cc5a488456210aa7b515
-
Filesize
552B
MD54e4ca145baf24e0a987f185c4eecc0b7
SHA18136910693eff12ab78f1e13ffa3554b556da74c
SHA2561767ad77032f97a5ea98c9d22e19e0a3f2b0784975a0039c900e61b3c7ceba6f
SHA512c80c5a8f46ed8440f05f59bec28c9b9322193faccf5ac27de2f10d2c7e4469d944860eb9788cf71f993ba40d01b838332b4ac4668f021e3431ec2781ae1db551
-
Filesize
4KB
MD5dcb3ee5ae6fa3d4ffe29cf3310589cd5
SHA18ad6f93642b99c40a60ad117bdc44e6ace0ed557
SHA2568219ed78c1953d97dfa4e550178844f0a7cfcf37d09a05fd1d5c1b0eaf508b59
SHA51245e63def504475f02e327077e848db13707db4efc83e3693cb12a96470f7b00edc0038ce11e7666bc297ddc5f0cb18c1f2f63b3da4d9b81325d10a1b02bcd84f
-
Filesize
1KB
MD5094348f9db42d96f078b8338316758a9
SHA17a29160cb0b07118131a2327d773cc045051a08d
SHA256092b93ca15be7bd74591f76deaac7d912d9eccc556094f8ca0d4c10d3197288c
SHA51296d2604a7fe0acdf999d16772230d9290bca5f0dfbbdf112289c6a2041a6dfa53aca29511176508735ab8dfd5295507573336f4976f423a239d7ae9fb7f84e7c
-
Filesize
2KB
MD5403e96ac7d43376d8295a19708859935
SHA1b6bb8cb5121bf836cb2bc7036fac0ddf09d3a839
SHA2561e4ed826f6811f7b3d4bc6e3529f6909d4ce96226bf4f5b8bb48fdbf37504793
SHA512e29b2629929fce2434d3b87594befa111e351af496daf806803ecac13b845622ba2e666fc1ebb6c74ade01511d36490548669488ba04b6d84812b200e5a532fd
-
Filesize
3KB
MD513d4b6b985f5f165b78149e115d4be72
SHA12152cd60e21eee3a979f2cb71e550323492cd91a
SHA256c24c7bc9a160eba54c4fdb7c7b6b5ba34376f1cfe6aab445bbcc573a7ebeb2ff
SHA51232f534a4928f2459b0be511d203659ba6380ba9e076d63e9a1ed6aa33fc162a1069330d53eda417f558df82f23d0a4d5c4bddaf7f9b007c8693aaf1f3353ea41
-
Filesize
3KB
MD5cee29198ee49df725e108a66152e455e
SHA199d6200b3a45aaee1f22ab371e15c0f4c1de8749
SHA25666ae723371373e4002cd2a56b0a4294b30d132b8d4bb31705b8d8e2d6bd0823b
SHA5122e5209a0e00ff90f412b95f3b1b481e1a3e22cfc2c704a1477db1275b1328592b416b4a7efd7834b62e1625b0bb0684409e32cc597783fc7a560a7c791120f0e
-
Filesize
3KB
MD51729d675411d1ab62ff5fb33a0afb9f8
SHA18d375fb8b3bb1e0dd51c86c4d257263f9b792b28
SHA256ad3d150a4426613cbd5204c5ff00593e0ebeabdbc04136cbbad7ae16ed48be08
SHA512f4eb17e8b73d01cfa108f0907f39cbe2234e428561c52057491c3db26b9d42e3c3890e584485d79a71b04626ceee5f64768c6b192052ae36ecc9aee38f2a061f
-
Filesize
3KB
MD5addcf3816485f075c145e8c6533ccf67
SHA1a4bbc2cf9465b3a3f21000fb93b769182f09553e
SHA25674959067caf9072de96db3b0c9929e33067e238a82760bad4afdc1ebde117387
SHA5126eb5a4dfafebb413e060166a25e6dc37b84ef1b9559b3d2d2157d4d0fd61c93d11261f43cbab8bdd79d9e1f5dc5eb9f251dae1501ee3c8aa672071180e18df68
-
Filesize
3KB
MD5d5b40c9685ac124ef224ef615c975721
SHA14cc6817d26b44ea8d67e5d7b2269d0931b3d76b4
SHA256676b3c3101bf34ca1a03ae057f98c4fc9d4d00b816dbb7697bd5d4e6b02b4c08
SHA512a05f90ad7e5a576ea3d4782c0fbbe1cb2a8d2c74bdb212962b33360ddd96ee46676c84b1ee3fa50f07fcc2d6f0e82197297b02a39258ca34525dbc3aa5763bf9
-
Filesize
2KB
MD5e59d4e194cf94398d95964fb06cb50bc
SHA1f8a88167f2aff53f8dcb2bd3af3bcc90fcbf821e
SHA2568ebcf9209c319a540f43d03970a2e5abe4e334006d44cb055ea9466d15f82811
SHA51295b6acec3566813c87f725fe39ebf0c9a815b8993e8e33454d71ddeed1a411984d75802ddb6d4a25b4757a32631863130563a8f9c20e4045a1dc46e80086a2e0
-
Filesize
3KB
MD526cdf74e922d37716e1a53ba420a054d
SHA16122cb1338ab56fffc257c259a8b32556564d2ad
SHA256c0b1c75e80bf428a3716a6dcdad57d82404b46b367afacaf1b51291a1800df42
SHA51295d3da75adbd0eb86843e1cb8ecfade421d22955a88a80413f0a6d2a3d3e8dc293b9910b1a4093b50c96a2012f6e8fe6d49b7c236fcc093a1b19b6fb54b0c302
-
Filesize
2KB
MD5054a105f6cf187628aba0e621dd0996a
SHA1f3b81f5588752a4bee21d49699ab7afab11cbe25
SHA2564be3f0d041e25f365a5c7f569ef4fdc9161e03df2b8ed8bb6bad4e5c589fba35
SHA51247858208f078a40b10673924b1523b2aa520852188b0423b599440db0b99073f268879d477d1c95fae450207879c3235c04ef20b09c140025eda74466f7da292
-
Filesize
3KB
MD562cd38e839a654a52a2302c85c5b31d1
SHA196e99402d35b6de5350ad3a840c3be3822b51e89
SHA256d22d551c4a9d215634321513d01bccd4964bf7229465896d7f91d6cc362f532a
SHA512e015508c956b533ffbc8f44d9ee4912652c8950d19f3091a3ec2135b05af32086fa30518767ad907677429b78384d914efdc97cbfdecac05b7f226ce3532eeed
-
Filesize
3KB
MD58449d84632080665b2d3501738ddd407
SHA1382ebf9514db41ea33273cb0d3729d41591a4dfb
SHA2563f1290d7d3e7c801c8ab45c8c86c32df5b06ef23a7042078d989c0db1c085609
SHA5125a5e9537b1750df74df4c7c2a0c0ded3ec7b5e886e8afab6518ea3559fcf574c75557c1505d73ec8c82e4aea1401ad83b32cccac3ee72810d9b35f8c251219cc
-
Filesize
5KB
MD59c9e999c680c0ae29a4ce2c9045323c6
SHA1800eb0e5fe6fa2fa4f83c412a3c316514c649774
SHA2566e6e887790038a3aa399149df67a8813b18e06fe517d06ae27979ae2e9ad3481
SHA512f09017c285ea89d5dd346e3cc42f011a70f81a3178afed3897881b281bd7577521be58fc7ae21f7fe27a30f9234430070e38325648ab42d32f49b32b278dd892
-
Filesize
7KB
MD514c14cead44b2f86015ff8bc7437e7db
SHA1701ad97afe62ab5d5ccaa23ee9a787ce4bb30ec9
SHA256e58ab284ed0f108216a703d8e327b6fd264551c37c5d4bf10a8008c90d9ff457
SHA512b64c946324398e576d7b9fc69ad1e43e6fef18774b7e7132fcac28476569da3209023ca73590cd45398783863e6a45f8c143caf6de075de34de9c64acf4baeee
-
Filesize
7KB
MD54281ce8089320c346d5bc596c603d3ab
SHA14cb8d450e74254eadd1d3fae8bc203d35d6732b1
SHA256da2a4ceea6c575b9283e71b18e56d8115d67c38163807d82c162018fe37ec310
SHA512e75753067ea00205b9e77bd256e1f5ac7bd15d00316cc1996e9e0d69464938f349001e154343401de4a41b9333e25448152119d78aad16a6fdae5d8f79bbfdf5
-
Filesize
7KB
MD51f4d4e8ab5bebceea80d95b7386e8fd7
SHA1458c472eeb315d03d2b9efdbcbcf10a39ed7a779
SHA2566782647725714d277cd7240de8bd6e7823eb7292e788ef8a3fa2d83899da88f5
SHA51253ab03376dc7b73c4d09b5c6bda7a06e56d7dc32c2f319d8ee8a9b355f8ef117f378792f570f466e5fcdca09544e19c24941b3b7894f12441e84cb32ad4a5193
-
Filesize
7KB
MD5dd2e649fb2fb69fcaa6e81d077fa30b1
SHA1e440c31a4eb9df149f7d50b702a013ca830e8403
SHA256b50a51d9be1e8dd9681e6a0ae7ffb828b0556fbf220f1c2fd5e2060d568ed859
SHA512e0324ee79fe9d123f1491d5cc00df9f18e7639f4196ff7b0ad8d1e8a7b0c5be3da5e3f4f61cca11f71daf55d604a95fc392f10fe3f090b640efe9363158c7a39
-
Filesize
8KB
MD5629db554e4c9a22e068cef8f50b801d4
SHA16edf38925145b04fc687e7abd297f3f428753939
SHA2562426d534141181aae3868ae9062ed4ac7ea46badf31b7cf09e012dd9fb3673b8
SHA51219fefb7c77332928fbbba58cb8890205f69021785eae03160c63e74af35b656a28289af956f7888c036fbf3a4a8212fb816d3fae0ec75b4a60f6676eb17c534c
-
Filesize
8KB
MD5bdcc9c779ea3e85ff96032dfa724e7a0
SHA11eff2e8328ab5b4f1c2dfdd3d3098ecee9620199
SHA2564447876938d0d6179cc18cd9a3598631c5d8216460a58e06f6fb783f91b3e57b
SHA512d82cce0029299f3af4bace3773e4e3cd22514751e77271ede7e0a4fc89fd3b394a118a1b11443de7b47833e17ce175ba51d80d430215769aca2e97e43aea6809
-
Filesize
9KB
MD5b7d316ce99b6cd16076a67042b8f2f07
SHA1bf893b38092eb1bae6d9a571f98043cb6ad33684
SHA2569d975b2596e0ba34649982324953b1dd73afe91b1cc6669c72c007fc28d4076c
SHA5125e3b9458b23cfaadc538fbc4465d5392de4478fa92caf589aa531bd06c4c1d92f795d7f0d10b6531e232be0e5ed0ee26852b6cc885178eb54cd9d83db78205c0
-
Filesize
8KB
MD5124f43a3976736def07c4ccf877cfb27
SHA1295e86eefe4e5350549c35b98d137dcb62873203
SHA2561c2c741b01545138e3a09018a04417beec173d455870bd5afadaf2501b8399ff
SHA512c46c745e071c0bb7f3567b0ab1a95ccd9f05b728bf0c288f25c3328fb22098d427a5149605d5c6f28855876ea17c32d51849112a732376bfa1a9cedc07ca9194
-
Filesize
9KB
MD50e6c3899d9c79d59443811c01ebb1e33
SHA1bdd5c1e47a4c08ef6cb04f78559646c1f60f32de
SHA256d96f989107fda4aaadba2fb4a26d39a75eef54b6db7678b861881196509ff659
SHA5125fdfcd6bab5f9b70cfa6b0749f0e7041d1ec7824fca4b64e8380f83a9c503ef27cd5855fd52d8872a916478686883914d2a4e70fc87825de9144ad573a2966ac
-
Filesize
8KB
MD599ecfed2c7f9fddd69a6a38d9c6720d1
SHA1649bf9d0d6ffef66d7ade9ac52552e16abbda92c
SHA2567b9c3449e980be9bc31276e4e5a66796bd49b1a302d083d2097b9bd41be335a0
SHA512ecd60110ac06bce48e65f8a1c3fae9dc3e71debb3fc4740b42eebcf02a5c66c0bcad8ddbd13552315ead364c17bc46558efb12ff1ddb06007f9cda813db3727f
-
Filesize
72B
MD5c12d2478ea0a32b5543f4d7b66d17857
SHA19672fb9ac5ce704488c664d58f5a34b361dab324
SHA2568a72a1eea34812ab8e2fd947286160d8ef0ffc5bf8546882668ccfd3904dc7e3
SHA512bc19a122a791ab5e4eb982b5c81b49cec595c72d5300d2f1ae1fcae04e7b68a6d3446d85703f9267f258bd8330921e8555c1dfa0ee60b6cd065db828ce5d8efa
-
Filesize
48B
MD5e79d26c8686999b0979edc4d4ff65539
SHA14c0064c7962ad0fa17b7d170ef0eac3484ee3fdb
SHA256433cf3afd308308c8fadd8452ba5225113dadb45b27fcc494b46413d61003b38
SHA51264b8cc8cf479eb33a7800921b9bd1d9e36a2c58ab47aa173b8b4bac4bd343fb0c6ba7c9c4a85ea932b036c7bc978c942709abf76cd86fa70bcfdfc1301736bf2
-
Filesize
203B
MD5dc5e0ddb707471f63af8aeaa3ffbc3c2
SHA1531599e6e4a1ee436deadc20a8522b492b72cf8c
SHA256e10dfa5f9a3a2fdbb7aa3de5e5bca9990b693a4f06dad437f7810693a1111c39
SHA5129ac6e986ba041baf2d542d9651dad335a8e38761d2642b32aec9e7df6b74dd77dccc6c6dbd117e764163280b8d41ac188fa436527fed3b9620d2f6a81426d5bd
-
Filesize
705B
MD59a151567be6af9616ed51b549e7a27c6
SHA10e0c12e5fa7ed6b3a87cae4c5b21d1eb0553f4ed
SHA256dd8d1be80e6dcb7882a0d99713c063019cd155e509c9deaa841d6de8314dd976
SHA512d715d91f459e2a04af9e0cf700c097a0e725944212f15006dd92ebc8d54729757c3532ac6e55ed70964c1938abe94113faf744013561a8b67ccf2876f2cf968b
-
Filesize
1KB
MD50f4ae42d712130a8260d2b20dce72415
SHA1d580c1139b5abbf1896cc121fff5a7fd1567c4ae
SHA256370935d02efa60674eeab6dc1257ca5314d2ecf96fdeff363eebd12a429ff2cc
SHA512515777be3e940ead72de77e2c65dd80246bf8e84e2f4688842e418a1b70d2dc197e2d5fcc8124031d416a8c1091f09619665cf7ac441080c72b4397c7bc0ced6
-
Filesize
705B
MD59ccf18b4256b1f7582ec7408768a5cd3
SHA15173d6acbd526238bcb81cea1df4f846e78700c6
SHA2565986e3581b55d219731d64fdf1ef1bd5502a539d2189812ced293d319111bf53
SHA512dc1786d637f14c2f479ef1c2e2ae8241a4a0d0db3d128329e9fddcad8d854a44f617eacd9f858e173ee3dbc3042a17a9e7dd89f6b7f8bfaae135ad8df04c2a23
-
Filesize
705B
MD5d1883bf38191ef0d1110fea9e3d28976
SHA1d811a3c131aa0330e267d816a6d0231c2c922a36
SHA256af0fba26dd41c32fe64175ee4a660ebf9213541cdf898708108c766389a3bd7f
SHA5120c71c7503beda29a868a9a99913a40c42e960d687b24d7f9a00a558759e15946349748107bce50ab12e1ee11397e5224c52819f307d63fd73bbb005a3d6e0e3b
-
Filesize
1KB
MD50e3dece7d8f12134754b8f055428e67a
SHA1455b43e3c68103ce4f21edebdeea60032b9e445a
SHA25660182d493c84a108b475eb4569d300281a101e1eb61315d3c68b285da5bb0678
SHA512df6c2668243ba6ee77992c97fc0a86b10883b4cdd28ee83869a058b9b3b5f2943d1a4a5edf87d00c5f8bd5ed3d89cba70092e33f0ba25a505499aa943e29eff4
-
Filesize
705B
MD516671cb007ff2264d4c0ea42ec8aae8a
SHA1337da905aa0f139862e2475b96c7e637b6f276fd
SHA2568d8e9dac0af4c995d10cd2d33deac63790313d6ce80ff48f9f349fe80af9ed57
SHA512b9aab7e826d7f6c71edab991a1051ac8a5ca16d76500859df1c37ac26075fa562a50b75127d5a74fbbb8d5f6436a1f8145ab4011b36869687e01ef934368049b
-
Filesize
1KB
MD5470dfac2bd4563b8f5f203234cfce289
SHA184fbdf9d4c033063c29151e63053561d86f99391
SHA256c55bbcbf1428d32d024af1540e46b83f80b2a3e7f388278d9b7e4e1668e74147
SHA5129fb99c6b93fae71d05b873014bc77c34ccd8228f2aca25a704db7e56ff7636b515e3fc9c92ec01e16f69dbd12171f3194e01992d2a137e1c54bfc437540f3fa8
-
Filesize
203B
MD59c26111a17f8b9f4573b4effa53115b1
SHA119a7cc886ac92a559f368cd9c89049cd5d3a9c40
SHA2565ade1e77ea05769a2c0afa32255316793b0013d73ef6681dbf51981eb182d70f
SHA512a29d325c246c98017458dd4b391d4258f10355cb88350699a7c9100a1d3bdd56265481aa191874c7b92a9e228bcb2a059d8b0427c3476824852757fc4b564419
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5138a8c495a9bab6fa964541a2784dcd4
SHA16d8625d676b51fe7dd4b7268d3b43626a3a75741
SHA256fa514a8dcb04f80afc32a84af387c41ccc113457ea9eccd80cd4adcf40939309
SHA512916f9de03bc6489d52b4324508ea75e55316d89a6551741ea14fd4707b51dbbc492da7aaf6c5fb49045ca4d16e41bc36b53c212826b37fd38b6530d178615676
-
Filesize
10KB
MD50c81333c5d37fe870c80e03252c09405
SHA16f98f2c07b9cd967d22c9f68c2307fad7432ebb8
SHA256bb9d9c60552da2f7def1a1eb2be595f724a7be12a37dd1c13d9f40f5d27ff481
SHA5120dc9447cd4693a818722d75a5c11e4208ca846650a8d05fdee78098d03b150f1d460eb5e5a2f7ab8a01eedf7e48450db6382093521cefd530654622a10396d51
-
Filesize
11KB
MD5097dc93254904f2aa701ede1733d28c9
SHA1ac006f940262021ca30563f84265577a3c764e44
SHA2562c39e6c4f67f255f51730e9ab86924a1bec6f0d485fb84b96f2d42c85487fc3f
SHA512f21020c04e38f8394b3b6bef2bbfc6fc4921d70580eba008cce07b2a514ab21b34904ef525c77834db73cd983f7569da32cae4a03a33caf2a0c109bb6e213b37
-
Filesize
11KB
MD5297432510d3385ccb4a5a93420f31698
SHA1e4cdfe1de46d04021cac7ff89fd57aced610f649
SHA2567d497b994858c3014875932e1307fbddf1fde6dbd0cb5d3914f9e690d2c65114
SHA51203cd99ef4112f736e8a9cbdb438043097e722a5f8dccf40b16d5a6cfb295228fc83fbcf8a67025f151d7641c6a20fe48142e5667fe73f5ea67108f311e63d0d5
-
Filesize
1KB
MD588be3bc8a7f90e3953298c0fdbec4d72
SHA1f4969784ad421cc80ef45608727aacd0f6bf2e4b
SHA256533c8470b41084e40c5660569ebbdb7496520d449629a235e8053e84025f348a
SHA5124fce64e2dacddbc03314048fef1ce356ee2647c14733da121c23c65507eeb8d721d6b690ad5463319b364dc4fa95904ad6ab096907f32918e3406ef438a6ef7c
-
Filesize
1020B
MD5fe20784d89508f5e21777f2b53506544
SHA154aa41b4852c1695cd2769f5111da2fc4696d821
SHA2568ab0d1f0e826046a2683144db79275ab5d584ac935b72f2eb121b052bebaddb3
SHA5125913c6b2377e4d09e8e159b3b53df4571b9025799cc56855f1b3db88c80e2fc4ccc4e954d6503c448d61a2d7a5118303d6ab24ef498acc6e3b15b6c7dd505963
-
Filesize
64B
MD5efe85ed1cc189c6820b51a3f7aefdca5
SHA1fe378c30034ce549e2d9f2ab8ea7f911db6700a4
SHA25655ca186154bd5b0756c23b5586f5b521e42e034e9468bef863c0565362bc022b
SHA5123e6eb7cbcff3dedcf07a768bb03a3a99c9582ae585934a2290f0e9050e7aaa4e83554ea14d109685a6332d2f3857665216abbd3dd9b4d8ad1417a17f9b530b42
-
Filesize
64B
MD5446dd1cf97eaba21cf14d03aebc79f27
SHA136e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
136B
MD59c1e824ef8695a1abc67f5d0a95778c0
SHA1ec43ba5ce45d92453320bd6d14d96a866ed4c0e9
SHA2560e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97
SHA51255e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
370B
MD5b07c1e59eb618dfc34906daa4d16ae30
SHA1531e234190cafd05a68bce6734e0b32465c552ee
SHA256a56325ea18656aa08cad80b91778eb81adda8ad126ee9ac789b222aa4e0fcb8d
SHA512a76bde6552fa032c2870c9f8009cc577edd262b5e4a5bdcf9511e3b4570f4c549679a163f51846f8b92cafa0e59da107cb1d2c478ec962fe0a629143b0039980
-
Filesize
31KB
MD58d2e8aa4f28e4eb7a1d06788aa1a85b8
SHA139c0a441e6ca3aa1d76a9f7047153881701868bc
SHA2568ec186bbab93d335beae62fb9769f47ce440b570624ae725593c0076219bfa3d
SHA512ca489f1fa92ed7b9af7c4557276d07e480ceb6112ea23db154e56d05d9669c1de9039d878ee50d1573d0a291a0bfbf70fadac9f34cdeb55b3844d1051ff225a9
-
Filesize
1KB
MD511b672a3eaa61a48a2710bd1fb5098e4
SHA1547ef97fcbd60d28848fe9018513af435ac6ad9b
SHA2563b40e8e5d9419749e37655fa5103cc9421fc7e911504faf01e1a9a6fc5b5afd5
SHA512b5d244b2900154f34505b792d10de10387fd9e8ada2cb564b2129d31c6e91202054e266c93c56719732328e57874c19ebe5f30c4eb51e954b85398298ad64573
-
Filesize
2KB
MD5194f38a5ea2953f8a9dd297b5b1788ca
SHA1dbbe3a907f1398bdd995a08c5da066851d4ee959
SHA25692d7c401bec77c84c8998d1fec57ad8f0b8c6d54ae2f46e00bb683fa7286d267
SHA512193982a9d5708c09270c632750a0bec282c78ed95606a7dc2a137d90977d5416b2995511350b922fdb9cfaf94008b9412ff4a77c5cc7d5149bb9ec02266db09b
-
Filesize
47B
MD5081c6d16a42da543e053d56b41e011a4
SHA17c3b4b079e17988aef2deb73150dda9f8b393fdc
SHA2567a4a7fc464c0e33f4959bbfad178f2437be9759ec80078a1b5b2f44656830396
SHA5125a65a2b81c0d001be174a100363adae86bdc9af02360fbd2c87ebdb45d62833104e4cca90473f1156792473af5922e947677585c55052a99868e6a395aa457ff
-
Filesize
756KB
MD5c7dcd585b7e8b046f209052bcd6dd84b
SHA1604dcfae9eed4f65c80a4a39454db409291e08fa
SHA2560e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48
SHA512c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2
-
Filesize
1KB
MD55f562bb4dd6a6222495c8fd75e5fc339
SHA119c4c982283d0bb321804e5721c4cdcb004de417
SHA256e9f968a7b36bb398b5d30ea9fe890b9656d734a6bab46487c5257afca7b95dca
SHA5126caae201078f434c34a20729402dacdd6b7d65c67fcb46397386be144b64e27c4256c3b91316d5bf23b1a4fec7158738949ffd78c75aa67ff3f5fd69e8676815
-
Filesize
31B
MD5215f590f0707b1e9850c363890dcc82a
SHA1619c7d7223747c838b1b34a7fc0547279af968df
SHA25617b30503fb7c10a0dbd002a1bea6cfecc4f5df127ffaebb89bbab1a3b5bfd74c
SHA5126a448ee0a3775b3d12ea716d65d63dad9197ae63a73a7d256a24d2f433347dd199ff290297ced137b23159ae0c705f5a8878c649b76675c991fc0341cb172ec4
-
Filesize
31B
MD561aff3dbef21bd1bd21f9a6d869dbe4b
SHA144fea65cf7c497c5726207c0b90ebe975727e46d
SHA256b615bc735ba10e9d6afd22ac1355299649187d030b6471f2cf990f5a87f29aba
SHA512f47694217722ef30826ea3c5179a92bceb6549002de17f39aed5860d88a7a9bf00f636766a33b061bbe8af77c40223f3bcdf75cf03e60bc43e1a78d47a59ef08
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
8KB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
50.4MB
-
Filesize
136KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
344KB
-
Filesize
624KB
-
Filesize
160KB
-
Filesize
32KB
-
Filesize
584KB
-
Filesize
5.6MB